Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

High Level Coding Language Used To Create New POS Malware ( 73

An anonymous reader writes: A new malware framework called ModPOS is reported to pose a threat to U.S. retailers, and has some of the highest-quality coding work ever put into a ill-intentioned software of this nature. Security researchers iSight say of the ModPOS platform that it is 'much more complex than average malware'. The researchers believe that the binary output they have been studying for three years was written in a high-level language such as C, and that the software took 'a significant amount of time and resources to create and debug'.

Second Root Cert-Private Key Pair Found On Dell Computer ( 58

msm1267 writes: A second root certificate and private key, similar to eDellRoot [mentioned here yesterday], along with an expired Atheros Authenticode cert and private key used to sign Bluetooth drivers has been found on a Dell Inspiron laptop. The impact of these two certs is limited compared to the original eDellRoot cert. The related eDellRoot cert is also self-signed but has a different fingerprint than the first one. It has been found only on two dozen machines according to the results of a scan conducted by researchers at Duo Security. Dell, meanwhile, late on Monday said that it was going to remove the eDellroot certificate from all Dell systems moving forward, and for existing affected customers, it has provided permanent removal instructions (.DOCX download), and starting today will push a software update that checks for the eDellroot cert and removes it. The second certificate / key pair was found by researchers at Duo Security.

Axel Springer Goes After iOS 9 Ad Blockers In New Legal Battlle ( 188

An anonymous reader writes: Germany's Axel Springer, owner of newspapers like Bild and Die Welt, is pursuing legal action against the developers of Blockr, an ad blocker for iOS 9. Techcrunch reports: "In October, Axel Springer forced visitors to Bild to turn off their ad blockers or pay a monthly fee to continue using the site. Earlier this month, the publisher reported the success of this measure, saying that the proportion of readers using ad blockers dropped from 23% to the single digits when faced with the choice to turn off the software or pay. 'The results are beyond our expectations,' said Springer chief exec Mathias Döpfner at the time. 'Over two-thirds of the users concerned switched off their adblocker.' He also noted that the website received an additional 3 million visits from users who could now see the ads in the first two weeks of the experiment going live."

Ask Slashdot: What Single Change Would You Make To a Tech Product? 470

An anonymous reader writes: We live in an age of sorcery. The supercomputers in our pockets are capable of doing things it took armies of humans to accomplish even a hundred years ago. But let's face it: we're also complainers at heart. For every incredible, revolutionary device we use, we can find something that's obviously wrong with it. Something we'd instantly fix if we were suddenly put in charge of design. So, what's at the top of your list? Hardware, software, or service — don't hold back.

Here's an example: over the past several years, e-readers have standardized on 6-inch screens. For all the variety that exists in smartphone and tablet sizing, the e-reader market has decided it must copy the Kindle form factor or die trying. Having used an e-reader before all this happened, I found a 7-8" e-ink screen to be an amazingly better reading experience. Oh well, I'm out of luck. It's not the worst thing in the world, but I'd fix it immediately if I could.
The Gimp

20 Years of GIMP ( 346

jones_supa writes: Back in 1995, University of California students Peter Mattis and Kimball Spencer were members of the eXperimental Computing Facility, a Berkeley campus organization. In June of that year, the two hinted at their intentions to write a free graphical image manipulation program as a means of giving back to the free software community. On November 21st, 20 years ago today, Peter Mattis announced the availability of the "General Image Manipulation Program" on Usenet (later "GNU Image Manipulation Program"). Over the years, GIMP amassed a huge amount of new features designed for all kinds of users and practical applications: general image editing, retouching and color grading, digital painting, graphic design, science imaging, and so on. To celebrate the 20th anniversary, there is an update of the current stable branch of GIMP. The newly released version 2.8.16 features support for layer groups in OpenRaster files, fixes for layer groups support in PSD, various user interface improvements, OSX build system fixes, translation updates, and more.

Amazon Screenplay-Writing Software Submits Work To Amazon Studios ( 33

An anonymous reader writes: Amazon has released new screenplay-writing software aimed to help connect new writing talent to its original content production company, Amazon Studios. Storywriter contains many of the autoformatting tools familiar to users of similar software such as Final Draft and Celtx, but no other screenwriting tool can claim to actually send unknown writers' output to potentially interested producers.

Mozilla Is Removing Tab Groups and Complete Themes From Firefox ( 311

An anonymous reader writes: As part of Mozilla's "Go Faster" initiative for Firefox, the company is removing features that aren't used by many and require a lot of technical effort to continually improve. VentureBeat learned that the first two features to get the axe are tab groups and complete themes. Dave Camp, Firefox’s director of engineering, said, "Tab Groups was an experiment to help users deal with large numbers of tabs. Very few people chose to use it, so we are retiring it because the work required to maintain it is disproportionate to its popularity."

TrueCrypt Safer Than Previously Thought ( 42

An anonymous reader writes: Back in September, members of Google's Project Zero team found a pair of flaws in the TrueCrypt disk encryption software that could lead to a system compromise. Their discovery raised concerns that TrueCrypt was unsuitable for use in securing sensitive data. However, the Fraunhofer Institute went ahead with a full audit of TrueCrypt's code, and they found it to be more secure than most people think. They correctly point out that for an attacker to exploit the earlier vulnerabilities (and a couple more vulnerabilities they found themselves), the attacker would already need to have "far-reaching access to the system," with which they could do far worse things than exploit an obscure vulnerability.

The auditors say, "It does not seem apparent to many people that TrueCrypt is inherently not suitable to protect encrypted data against attackers who can repeatedly access the running system. This is because when a TrueCrypt volume is mounted its data is generally accessible through the file system, and with repeated access one can install key loggers etc. to get hold of the key material in many situations. Only when unmounted, and no key is kept in memory, can a TrueCrypt volume really be secure." For other uses, the software "does what it's designed for," despite its code flaws. Their detailed, 77-page report (PDF) goes into further detail.


Video Meet Mårten Mickos, Serial Open Source CEO (Video) 22

Marten was the MySQL CEO who built the company from a small-time free software database developer into a worldwide software juggernaut he sold to Sun Microsystems. Next, he became CEO of Eucalyptus Systems, another open source operation, which Hewlett Packard bought in 2014. Now Mårten is CEO of hackerone, a company that hooks security-worried companies up with any one of thousands of ethical hackers worldwide.

Some of those hackers might be companies that grew out of university CS departments, and some of them may be individual high school students working from their kitchen tables. Would a large company Board of Directors trust a kid hacker who came to them with a bug he found in their software? Probably not. But if Mårten or one of his hackerone people contacts that company, it's likely to listen -- and set up a bug bounty program if they don't have one already.

Essentially, once again Mårten is working as an intermediary between technically proficient people -- who may or may not conform to sociey's idea of a successful person -- and corporate executives who need hackers' skills and services but may not know how to find non-mainstream individuals or even know the difference between "hackers" and "crackers." Editor's note: I have known and respected Mårten for many years. If this interview seems like a conversation between two old friends, it is.

Ask Slashdot: Convincing a Team To Undertake UX Enhancements On a Large Codebase? 189

unteer writes: I work at a enterprise software company that builds an ERP system for a niche industry (i.e. not Salesforce or SAP size). Our product has been continuously developed for 10 years, and incorporates code that is even older. Our userbase is constantly expanding, and many of these users expect modern conveniences like intuitive UI and documented processes. However, convincing the development teams that undertaking projects to clean up the UI or build more self-explanatory features are often met with, "It's too big an undertaking," or, "it's not worth it." Help me out: What is your advice for how to quantify and qualify improving the user experience of an aging, fairly large,but also fairly niche, ERP product?

Docker Turns To Minecraft For Server Ops ( 93

dmleonard618 writes: A new GitHub project is allowing software teams to construct software like Legos. DockerCraft is a Minecraft mod that lets administrators handle and deploy servers within Minecraft. What makes this project really interesting is that it lets you navigate through server stacks in a 3D space. "In today's world, we wanted to focus more on building. Minecraft has emerged as the sandbox game of the decade, so we chose to use that as our visual interface to Docker," Docker wrote in a blog.

NASA Selects Universities To Develop Humanoid Robot Astronauts ( 21

MarkWhittington writes: NASA announced that it is sending copies of its R5 Valkyrie humanoid robot to two universities for software upgrades and other research and development. The effort is part of a continuing project to develop cybernetic astronauts that will assist human astronauts in exploring other worlds. The idea is that robot astronauts would initially scout potentially hazardous environments, say on Mars, and then actively collaborate with their human counterparts in exploration. NASA is paying each university chosen $250,000 per year for two years to perform the R&D. The university researchers will have access to NASA expertise and facilities to perform the upgrades. Spoiler alert: the robots are both going to Greater Boston, to teams at MIT and Northeastern University respectively.

The War On Campus Sexual Assault Goes Digital 399 writes: According to a recent study of 27 schools, about one-quarter of female undergraduates said they had experienced nonconsensual sex or touching since entering college, but most of the students said they did not report it to school officials or support services. Now Natasha Singer reports at the NYT that in an effort to give students additional options — and to provide schools with more concrete data — a nonprofit software start-up in San Francisco called Sexual Health Innovations has developed an online reporting system for campus sexual violence. One of the most interesting features of Callisto is a matching system — in which a student can ask the site to store information about an assault in escrow and forward it to the school only if someone else reports another attack identifying the same assailant. The point is not just to discover possible repeat offenders. In college communities, where many survivors of sexual assault know their assailants, the idea of the information escrow is to reduce students' fears that the first person to make an accusation could face undue repercussions.

"It's this last option that makes Callisto unique," writes Olga Khazan. "Most rapes are committed by repeat offenders, yet most victims know their attackers. Some victims are reluctant to report assaults because they aren't sure whether a crime occurred, or they write it off as a one-time incident. Knowing about other victims might be the final straw that puts an end to their hesitation—or their benefit of the doubt. Callisto's creators claim that if they could stop perpetrators after their second victim, 60 percent of campus rapes could be prevented." This kind of system is based partly on a Michigan Law Review article about "information escrows," or systems that allow for the transmitting of sensitive information in ways that reduce "first-mover disadvantage" also known to economists as the "hungry penguin problem". As game theorist Michael Chwe points out, the fact that each person creates her report independently makes it less likely they'll later be accused of submitting copycat reports, if there are similarities between the incidents.

Carnegie Mellon Denies FBI Paid For Tor-Breaking Research ( 79

New submitter webdesignerdudes writes with news that Carnegie Mellon University now implies it may have been subpoenaed to give up its anonymity-stripping technique, and that it was not paid $1 million by the FBI for doing so. Wired reports: "In a terse statement Wednesday, Carnegie Mellon wrote that its Software Engineering Institute hadn’t received any direct payment for its Tor research from the FBI or any other government funder. But it instead implied that the research may have been accessed by law enforcement through the use of a subpoena. 'In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed,' the statement reads. 'The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance.'"

Microsoft Open-Sources Visual Studio Code ( 158

An anonymous reader writes: Microsoft today unleashed a torrent of news at its Connect(); 2015 developer event in New York City. The company open-sourced code editing software Visual Studio Code, launched a free Visual Studio Dev Essentials program, pushed out .NET Core 5 and ASP.NET 5 release candidates, unveiled Visual Studio cloud subscriptions, debuted the Visual Studio Marketplace, and a lot more. The source for Visual Studio Code is available at GitHub under the MIT license. They've also released an extension (preview) for Visual Studio that facilitates code debugging on Linux.

Drone Makers Add Geofencing To Keep Drones Out of Restricted Airspace ( 91

An anonymous reader writes: Two of the biggest drone manufacturers, DJI and 3D Robotics, are adding geofencing systems to their products to keep them out of restricted airspace. DJI's Geospatial Environment Online will be available on current versions of the Phantom, Inspire and Matrice drones, providing updated data on restricted flight zones due to regulation or safety concerns, including forest fires, major stadium events, VIP travel and other circumstances. GEO will also include restrictions around areas such as prisons, power plants and more. GEO, by default, will not allow DJI drones to fly in restricted areas. However, DJI is allowing its users to "temporarily unlock or self-authorize" flights in some locations. 3D Robotics will add the safety information software to its Solo smart drone app, containing basic information about federal guidelines (stay five miles from an airport, for example), national parks, airbases and more.

Microsoft's Plan To Port Android Apps To Windows Proves Too Complex ( 131

An anonymous reader writes: The Astoria project at Microsoft has failed because a breakthrough was needed to overcome the complexity of the software development challenge. Microsoft tried to automate mapping the Android UI into the Windows 10 UI and to map Google services within the app such as maps, payments and notifications into Microsoft equivalents. Automated conversion of a UI from one platform to another has never been successfully demonstrated. When I first saw Microsoft's Android bridge at Build 15, I thought it was achievable. But project Astoria, as it is called, is much too complex. Drawing on my architectural knowledge of the underlying Microsoft/Lumia hardware that is very similar to Android phones.I concluded that in the context of partitioning the device or running a VM Microsoft would succeed. But Microsoft tried something much more ambitious. Rather than "failed," The Next Web reports that for now the project may have only been delayed.

Snowden Says It's Your Duty To Use an Ad Blocker (for Security) 341

AmiMoJo writes: In a long interview about reclaiming your privacy online, ex-NSA whistleblower Edward Snowden states that it's not just a good idea to use ad blocking software, it's your duty: "Everybody should be running adblock software, if only from a safety perspective. We've seen internet providers like Comcast, AT&T, or whoever it is, insert their own ads into your plaintext http connections. As long as service providers are serving ads with active content that require the use of JavaScript to display, that have some kind of active content like Flash embedded in it, anything that can be a vector for attack in your web browser — you should be actively trying to block these. Because if the service provider is not working to protect the sanctity of the relationship between reader and publisher, you have not just a right but a duty to take every effort to protect yourself in response." Other recommendations include encrypting your hard drive and using Tor to keep your internet use private.

Slashdot Asks: Is Scrum Still Relevant? ( 371

An anonymous reader writes: In an article titled "Scrum is dead: breaking down the new open development method," Ahmad Nassri writes: "Among the most 'oversold as a cure' methodologies introduced to business development teams today is Scrum, which is one of several agile approaches to software development and introduced as a way to streamline the process. Scrum has become something of an intractable method, complete with its own holy text, the Manifesto for Agile Software Development , and daily devotions (a.k.a., Scrum meetings). Although Scrum may have made more sense when it was being developed in the early '90s, much has changed over the years. Startups and businesses have work forces spread over many countries and time zones, making sharing offices more difficult for employees. As our workforce world evolves, our software development methods should evolve, too." What do you think? Is Scrum still a viable approach to software development, or is it time to make way for a different process?