An anonymous reader writes "Security researchers at Independent Security Evaluators have published a report demonstrating that a slew of home and small office (SOHO) routers are vulnerable to previously undisclosed vulnerabilities. The report asserts that at least thirteen popular routers can be compromised by a remote attacker, and a number of them do not require knowledge of credentials or active management sessions. Some of the routers are not listed as they work with vendors to fix them, but there are 17 vulnerabilities disclosed, with another 21 pending release. An article on CNET includes an interview with some of the researchers."
Catch up on stories from the past week (and beyond) at the Slashdot story archive
gale the simple writes "Mike Rodgers made a minor splash Tuesday when he decided to liken CISPA opponents to 14-year-old basement dwellers. The EFF, naturally, picked up on this generalization and asked everyone to let the representative know that it is not just the 14-year-olds that care about privacy."
An anonymous reader writes "Amid rumors of an impending arrest in the Boston Marathon bombing, Xconomy has a rundown of local companies working on technologies relevant to the investigation and aftermath. The approaches include Web analytics to identify communication patterns, image and video analysis of the crime scene, surveillance camera hardware and software, and smart prosthetic devices for amputees. A big challenge the authorities face is the sheer volume and different proprietary formats of video from security cameras, mobile devices, and media groups. Ultimately this will be a case study in whether an individual bent on destruction can remain anonymous in an era of digital surveillance, social media, and crowdsourcing."
An anonymous reader writes "This evening's planned launch of the Orbital Sciences Antares rocket had to be canceled just 12 minutes before liftoff, due to the unexpected separation of the booster's umbilical cable while the vehicle was on the launch pad. This is the first attempt to fly the Antares rocket, which is a commercial craft and direct competitor to the SpaceX Dragon 9. Beyond being the first flight of a brand new commercial rocket, this mission is also notable for carrying three of NASA's PhoneSats; small satellites powered by Android running on Nexus smartphones. With each PhoneSat costing just $3,500, they're designed to test the limits of extremely low cost spacecraft, similar to the European STRaND-1 mission. Since this is simply an orbital test, and the Antares will not be attempting to dock with the International Space Station, the launch window is highly flexible. It's anticipated Orbital Sciences will make another attempt at launching the Antares within 48 hours."
GovTechGuy writes "The House Energy and Commerce Committee passed legislation on Wednesday once again affirming the current management structure of the Web. In doing so, the lawmakers made one thing clear: the only government that should have its hands on the underpinnings of the Internet is the U.S. ' It affirms the importance of an Internet free from censorship and government control and codifies the existing management structure of the Internet. ... Notably, however, lawmakers dropped from the legislation the phrase “free from government control,” which had threatened to derail the April 11 markup by the Subcommittee on Communications and Technology. ... [Democrats argued] it could undermine the U.S. government’s ability to enforce existing — or future — laws online.'"
AmiMoJo writes "Over on Slashdot Japan, there is a discussion about what magazines people still read (Google translation of Japanese original). Japanese people still tend to read a lot of periodicals, while in the west readership seems to be in decline. Do you read magazines regularly, or at all? Are websites a good substitute, or do print publications still offer something worth spending your cash on?"
itwbennett writes "Following similar initiatives by Apple, Google and Facebook, Microsoft is enabling two-factor authentication for its Microsoft Account service, the log-on service for many of its online and desktop products. Users will find instructions on how to add a second form of authentication on the Microsoft Account settings page. The chief form of secondary authentication will be a short code sent to the user's mobile phone, the number of which Microsoft will keep on file, each time the user logs on."
An anonymous reader writes "Google announced today that they intend on purchasing the existing iProvo fiber network to make Provo the third U.S. city to have Google Fiber. If approved by the city council, implementation would begin later in 2013. 'As a part of the acquisition, we would commit to upgrade the network to gigabit technology and finish network construction so that every home along the existing iProvo network would have the opportunity to connect to Google Fiber.'" Also at SlashCloud
Nerval's Lobster writes "Vint Cerf, one of the 'founders of the Internet,' told an audience April 16 that if he could do it all over again, he would construct the Internet in the mold of Software-Defined Networking (SDN). Cerf, who co-designed the TCP/IP protocol suite with Bob Kahn, said that he admired how SDN separates the data plane from the control plane, which allows the network to be controlled via software from an external server. One of the hazards of conjoining the two, he added, was the attack risk. 'I wish we had done [the separation] in the Internet design, but we didn't,' Cerf told the audience for his keynote address at the Open Networking Summit in Santa Clara, Calif. 'In a very interesting way you have an opportunity to reinvent this whole notion of networking.'"
another random user writes with news that researchers from the University of Illinois at Urbana-Champaign are reporting a breakthrough in battery technology. They say: "With currently available power sources, users have had to choose between power and energy. For applications that need a lot of power, like broadcasting a radio signal over a long distance, capacitors can release energy very quickly but can only store a small amount. For applications that need a lot of energy, like playing a radio for a long time, fuel cells and batteries can hold a lot of energy but release it or recharge slowly. ... The new microbatteries offer both power and energy, and by tweaking the structure a bit, the researchers can tune them over a wide range on the power-versus-energy scale (abstract). The batteries owe their high performance to their internal three-dimensional microstructure. Batteries have two key components: the anode (minus side) and cathode (plus side). Building on a novel fast-charging cathode design by materials science and engineering professor Paul Braun’s group, King and Pikul developed a matching anode and then developed a new way to integrate the two components at the microscale to make a complete battery with superior performance. With so much power, the batteries could enable sensors or radio signals that broadcast 30 times farther, or devices 30 times smaller. The batteries are rechargeable and can charge 1,000 times faster than competing technologies – imagine juicing up a credit-card-thin phone in less than a second. In addition to consumer electronics, medical devices, lasers, sensors and other applications could see leaps forward in technology with such power sources available."
antdude writes "BoingBoing reports on why it's 'so hard to make a phone call in emergency situations.' Quoting: '[The thing about] the radios is that they have different sizes of cells. You've got regular cells and then smaller sub-cells. You also have larger overlay macro-cells that are really big. They try to handle you within the small cell you're closest to. But it's a trade off between capacity — they'd like to have lots of small cells for that — and coverage — they don't want to put 100k small cells everywhere. So you might have a cell that covers a mile ara and then smaller cells within that that handle most of the traffic. ... In the end, it does come down to trade-offs. That's true of any network. You're interested in coverage first and then capacity. If you wanted to guarantee that a network never had an outage your capital investment would have to go up orders of magnitude beyond anything that is rational. So each network is trying to invest their budget in ways that make network appear to perform better. The cost of providing temporary extra capacity for the Boston Marathon, that's something that's in the budget and they plan for that event. But when you get something unexpected like a terrorist event, or an earthquake, or damage from a hurricane or tornado, then you have trade offs between capital and how robust your network is. Every time you have an event people say, "Oh, they didn't invest enough." But you look at New York City after Hurricane Sandy and Southern Manhattan was under 6 feet of water — all the buried infrastructure was lost.'"
chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."
New submitter zayyd writes "The CBC reports that publicly-elected Gerry Rogers, member of the Provincial Government for Newfoundland and Labrador, 'has been removed from the house of assembly for refusing to apologize for comments made by other users on a Facebook group of which she had been added to as a member.' Rogers was unwillingly added to a Facebook Group which included comments of death threats aimed at Premier Kathy Dunderdale from other users. From the article: 'Dunderdale said her government understands how Facebook groups work, and she said it is up to every MHA to monitor the comments posted on Facebook groups to which they belong.' Facebook's policies for Groups are somewhat clear, even if they don't actually answer the question of 'Can I prevent people from adding me to a new group?'"
judgecorp writes "Distributed denial of service attacks have increased their bandwidth by 700 percent in the last quarter, according to DDoS specialist Prolexic. the average bandwidth has gone up from 5/9Gbps to 48.25Gbps — and the number of packets-per-second is also up. However, claims of a 300Gbps attack on Spamhaus are almost certainly false."
An anonymous reader writes "A letter addressed to Senator Roger Wicker (R-Mississippi) was tested and found to contain ricin, a highly toxic, inexpensive, and easily produced substance derived from castor beans. The letter was intercepted at the U.S. Capitol's off-site mail facility and nobody has been injured. The letter was postmarked Memphis, Tennessee, but listed no return address. Sen. Claire McCaskill told reporters that a suspect has been identified." And, this morning, a letter addressed to the President was discovered containing a suspicious substance. Update: 04/17 16:25 GMT by U L : And the substance is ricin. Apparently, air filters at another facility have also tested positive for ricin.
ananyo writes "Paul Steinhardt, an astrophysicist at Princeton University in New Jersey, and colleagues have posted a controversial paper on ArXiv arguing, based on the latest Higgs data and the cosmic microwave background map from the Planck mission, that the leading theory explaining the first moments of the Big Bang ('inflation') is fatally flawed. In short, Steinhardt says that the models that best fit the Planck data — known as 'plateau models' because their potential-energy profiles level off at relatively low energies — are far less likely to occur naturally than the models that Planck ruled out. Secondly, he says, the news for these plateau models gets dramatically worse when the results are analyzed in conjunction with the latest results about the Higgs field coming from CERN's Large Hadron Collider. Particle physicists working at the LHC have calculated that the Higgs field is likely to have started out in a high-energy, 'metastable' state rather than in a stable, low-energy configuration. Steinhardt likens the odds of the Higgs field initially being perched in the precarious metastable state as to those of dropping out of the sky over the Matterhorn and conveniently landing in a 'dimple near the top,' rather than crashing down to the mountain's base."
hypnosec writes "Anonymous knocked the doors of Indiegogo in a bid to raise some crowd-sourced dough to expand its news coverage by establishing a dedicated site instead of tweets and tumblr blog posts and managed to raise 27 time as much money as initially targeted. The initial target was to raise $2000 to fund the site development work as well as pay for initial hosting. Anonymous is planning to host news, reports and blogs from independent online reporters under its, already in use, Your Anon News brand."
First time accepted submitter Landy DeField writes "Tried accessing your Gmail today? You may be faced with 'Temporary Error (500)' error message. Tried to get more detailed information by clicking on the 'Show Detailed Technical Info' link which loads a single line... 'Numeric Code: 5.' Clicked on the App status dashboard link. All were green except for the Admin Control Panel / API. Took a glance 2 minutes ago and now, Google mail and Google Drive are orange and Admin Control Panel / API is red. Look forward to the actual ...'Detailed Technical Info' on what is going on." The apps dashboard confirms that there is a partial outage of many Google Apps. The Next Web ran a quick article about this, and in the process discovered there was an outage on the same date last year.
MouseTheLuckyDog writes "A brief editorial by Steve Forbes, one of our moneymeisters, on why bitcoins are not money.. Hint: For those who are too lazy to read the opinion,. Bitcoins are too volatile to be money." From the article: "Money is most optimal when it is fixed in value just as commerce is facilitated when we have fixed weights and measures. When you buy a pound of hamburger you expect to get 16 ounces of meat. An hour has 60 minutes. A mile has 5280 feet. These measurements don’t 'float.' So too money best lubricates commerce when it has a fixed value."
Pikoro writes with news that Foxconn's parent company has entered into an agreement to pay Microsoft royalties for every Android device they manufacture, joining a rather long list of companies licensing patents for Android/Linux from Microsoft. From the BBC: "Microsoft has secured a patent deal with the world's biggest consumer electronics manufacturer to receive fees for devices powered by Google's Android and Chrome operating systems. Hon Hai — the parent company of Foxconn — said the deal would help prevent its clients being caught up in an ongoing intellectual property dispute. Microsoft says that Google's code makes use of innovations it owns. Google alleges its rival's claims are based on 'bogus patents.' 'The patents at issue cover a range of functionality embodied in Android devices that are essential to the user experience, including: natural ways of interacting with devices by tabbing through various screens to find the information they need; surfing the web more quickly, and interacting with documents and e-books.'"
An anonymous reader sent in word that the Obama administration is threatening to veto CISPA in its current form because "The Administration, however, remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information (PDF) when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable — and not granted immunity — for failing to safeguard personal information adequately. The Administration is committed to working with all stakeholders to find a workable solution to this challenge." Ars has a few more details, the EFF urges U.S. citizens to oppose the bill, and one of the sponsors tweeted that those opposed to the bill are basement dwelling fourteen-year-olds. Note that the Administration still wants there to be some kind of comprehensive data sharing law in the name of cybersecurity, so this may very well rear its head again in the coming months.
quarterbuck writes "Many politicians, especially in Europe, have used the idea that economic growth is impeded by debt levels above 90% of GDP to justify austerity measures. The academic justification came from a paper and a book by Kenneth Rogoff and Carmen Reinhart. Now researchers at U Mass at Amherst have refuted the study — they find that not only was the data tainted by bad statistics, it also had an Excel error. Apparently when averaging a few GDP numbers in an excel sheet, they did not drag down the cell ranges down properly, excluding Belgium. The supporting website for the book, 'This time it is different,' has lots of financial information if a reader might want to replicate some of the results." The Excel error is making the rounds as the cause of the problems with the study, but it's actually a minor component. The study also ignores some post-WWII data for countries that had a high debt load and high growth, and there's some fishy weighting going on: "The U.K. has 19 years (1946-1964) above 90 percent debt-to-GDP with an average 2.4 percent growth rate. New Zealand has one year in their sample above 90 percent debt-to-GDP with a growth rate of -7.6. These two numbers, 2.4 and -7.6 percent, are given equal weight in the final calculation, as they average the countries equally. Even though there are 19 times as many data points for the U.K."
sciencehabit writes "Put a fruit fly larva in a spacelike vacuum, and the results aren't pretty. Within a matter of minutes, the animal will collapse into a crinkled, lifeless husk. Now, researchers have found a way to protect the bugs: Bombard them with electrons, which form a 'nano-suit' around their bodies. The advance could help scientists take high-resolution photographs of tiny living organisms. It also suggests a new way that creatures could survive the harsh conditions of outer space and may even lead to new space travel technology for humans." Work is also being done on electron "suits" that protect against radiation.