Businesses

Security Researchers Wary of Wassenaar Rules 30

Posted by samzenpus
from the rules-of-the-game dept.
msm1267 writes: The Commerce Department's Bureau of Industry and Security today to implement the controversial Wassenaar Arrangement, and computer security specialists are wary of its language and vagaries. For starters, its definition of "intrusion software" that originally was meant to stem the effect of spying software such as FinFisher and Hacking Team, has also apparently snared many penetration testing tools. Also, despite the Commerce Department's insistence that vulnerability research does not fall under Wassenaar, researchers say that's up for interpretation.
Government

US Proposes Tighter Export Rules For Computer Security Tools 120

Posted by timothy
from the we'd-like-to-inspect-that-package dept.
itwbennett writes: The U.S. Commerce Department has proposed tighter export rules for computer security tools and could prohibit the export of penetration testing tools without a license. The proposal would modify rules added to the Wassenaar Arrangement in 2013 that limit the export of technologies related to intrusion and traffic inspection. The definition of intrusion software would also encompass 'proprietary research on the vulnerabilities and exploitation of computers and network-capable devices,' the proposal said.
Security

Telstra Says Newly Acquired Pacnet Hacked, Customer Data Exposed 15

Posted by samzenpus
from the getting-to-know-all-about-you dept.
An anonymous reader writes: Telstra’s Asian-based data center and undersea cable operator Pacnet has been hacked exposing many of the telco’s customers to a massive security breach. The company said it could not determine whether personal details of customers had been stolen, but it acknowledged the possibility. The Stack reports: "Telstra said that an unauthorized third party had been able to gain access to the Pacnet business management systems through a malicious software installed via a vulnerability on an SQL server. The hack had taken place just weeks before Telstra acquired the Asian internet service provider for $550mn on 16 April this year. The telecom company confirmed that it had not been aware of the hack when it signed the deal in December 2014."
Chrome

New Chrome Extension Uses Sound To Share URLs Between Devices 73

Posted by samzenpus
from the sound-of-malware dept.
itwbennett writes: Google Tone is an experimental feature that could be used to easily and instantly share browser pages, search results, videos and other pages among devices, according to Google Research. "The initial prototype used an efficient audio transmission scheme that sounded terrible, so we played it beyond the range of human hearing," researcher Alex Kauffmann and software engineer Boris Smus wrote in a post on the Google Research blog.
Security

How 1990s Encryption Backdoors Put Today's Internet In Jeopardy 42

Posted by samzenpus
from the grunge-net dept.
An anonymous reader writes: While debate swirls in Washington D.C. about new encryption laws, the consequences of the last crypto war is still being felt. Logjam vulnerabilities making headlines today is "a direct result of weakening cryptography legislation in the 1990s," researcher J. Alex Halderman said. "Thanks to Moore's law and improvements in cryptanalysis, the ability to break that crypto is something really anyone can do with open-source software. The backdoor might have seemed like a good idea at the time. Maybe the arguments 20 years ago convinced people this was going to be safe. History has shown otherwise. This is the second time in two months we've seen 90s era crypto blow up and put the safety of everyone on the internet in jeopardy."
Firefox

Adblock Plus Launches Adblock Browser: a Fork of Firefox For Android 108

Posted by Soulskill
from the unblocking-the-blocked-blocker dept.
An anonymous reader writes: Adblock Plus has launched Adblock Browser for Android. Currently in beta, the company's first browser was created by taking the open source Firefox for Android and including Adblock Plus out-of-the-box. The Firefox Sync functionality is disabled, as is the ability to use other addons. "Adblock Plus for Android got kicked out of Google Play along with other ad blocking apps in March 2013, because Google’s developer distribution agreement states apps cannot interfere with the functionality of other apps. Williams thus believes Adblock Browser “should be fine” as it only blocks ads that are shown as you browse the Web."
Networking

Ask Slashdot: Best Way To Solve a Unique Networking Issue? 358

Posted by timothy
from the that-seems-like-a-decent-way dept.
New submitter petro-tech writes: I work as a service technician, maintaining and repairing gas pumps and POS equipment. In my day to day activities, one that consumes a ton of time and is relatively regular is the process of upgrading the software on pumps. This is done by connecting to the pump via direct ethernet from my laptop, then running a manufacturer-provided program that connects to the device and pushes the new software. Some sites have 8+ pumps with 2 devices in each, and at 20-30 minutes apiece this can be quite time consuming. Unfortunately the devices are not actually on a network, and as such cannot be updated remotely, also since they are not on a network, they are all configured with the same IP address. Additionally the software doesn't allow you to specify the adapter to use. I would like to be able to get to a site, connect a cable to each pump, and load them all at the same time. The only way I can figure to accomplish this with the software we've been provided is to do this: Get a 16-port powered USB hub, with a usb-ethernet adaptor in each port; Set up 16 VM's with extremely stripped down XP running on each, with only one USB-ethernet adaptor assigned to each VM; Set XP to boot the application for loading software as its shell; and load each device that way at the same time. Is there a better way to accomplish this?
Encryption

Australian Law Could Criminalize the Teaching of Encryption 200

Posted by Soulskill
from the technophobes-writing-laws dept.
New submitter petherfile writes: According to Daniel Mathews, new laws passed in Australia (but not yet in effect) could criminalize the teaching of encryption. He explains how a ridiculously broad law could effectively make any encryption stronger than 512 bits criminal if your client is not Australian. He says, "In short, the DSGL casts an extremely wide net, potentially catching open source privacy software, information security research and education, and the entire computer security industry in its snare. Most ridiculous, though, are some badly flawed technicalities. As I have argued before, the specifications are so imprecise that they potentially include a little algorithm you learned at primary school called division. If so, then division has become a potential weapon, and your calculator (or smartphone, computer, or any electronic device) is a potential delivery system for it."
Programming

Choosing the Right IDE 423

Posted by Soulskill
from the whichever-one-reminds-me-when-my-code-sucks dept.
Nerval's Lobster writes: Modern software development often requires working with multiple tools in a variety of languages. The complexity can give even the most skilled developer a nasty headache, which is why many try to rely on Integrated Development Environments (IDEs) to accomplish most of the work; in addition to source-code editors and automation, some even feature intelligent code completion. With so much choice out there, it's hard to settle on an IDE, so we interviewed several developers, who collectively offered up a list of useful questions to ask when evaluating a particular IDE for use. But do developers even need an IDE at all? When you go to smaller, newer developer shops, you're seeing a lot more standalone editors and command-line tools; depending on what you do, you might just need a good editor, and to master the command-line tools for the languages you use. What IDE do you prefer, if any, and why?
Software

Software Glitch Caused Crash of Airbus A400M Military Transport Aircraft 119

Posted by Soulskill
from the complexity-breeds-failures dept.
An anonymous reader writes: A software glitch caused the crash of an Airbus A400M military transport aircraft, claims German newspaper Der Spiegel (Google translation). The accident, which happened in Seville on the vehicle's first production test flight on 9 May, killed four crew members. Airbus is investigating the system controlling the aircraft's engines. The early suspicions are that it was an installation problem, rather than a design problem.
Television

Why Apple Ditched Its Plan To Build a Television 240

Posted by Soulskill
from the team-shifted-to-smellovision-development dept.
Apple has been rumored to be developing their own line of HDTVs for years, but a new report from the Wall Street Journal (paywalled) says while those plans did exist, they've been abandoned. Apple began pondering the idea of jumping into the television market roughly a decade ago, as iTunes started hosting video content. The AppleTV made a foray into living rooms in 2007, and other devices reached the prototype stage. The company continued to do research and work on their ideas, but eventually gave up more than a year ago. Apple had searched for breakthrough features to justify building an Apple-branded television set, those people said. In addition to an ultra-high-definition display, Apple considered adding sensor-equipped cameras so viewers could make video calls through the set, they said. Ultimately, though, Apple executives didn't consider any of those features compelling enough to enter the highly competitive television market, led by Samsung Electronics Co. Apple typically likes to enter a new product area with innovative technology and easier-to-use software.
Encryption

Trojanized, Info-Stealing PuTTY Version Lurking Online 215

Posted by timothy
from the at-your-command-prompt dept.
One of the best first steps in setting up a Windows machine is to install PuTTY on it, so you have a highly evolved secure shell at your command. An anonymous reader writes, though, with a note of caution if you're installing PuTTY from a source other than the project's own official page. A malicious version with information-stealing abilities has been found in the wild. According to the article: Compiled from source, this malicious version is apparently capable of stealing the credentials needed to connect to those servers. "Data that is sent through SSH connections may be sensitive and is often considered a gold mine for a malicious actor. Attackers can ultimately use this sensitive information to get the highest level of privileges on a computer or server, (known as 'root' access) which can give them complete control over the targeted system," the researchers explained. The Symantec report linked above also shows that (at least for this iteration) the malware version is easy to spot, by hitting the "About" information for the app.
Businesses

Apple Acquires GPS Start-Up 68

Posted by Soulskill
from the you-can't-get-there-from-here dept.
An anonymous reader writes: Apple is still sprinting to catch up with Google with its navigation software — the company just acquired Coherent Navigation, a startup focused on GPS tech. Its navigation services are reportedly more precise than most commercial-grade systems. Their system "combines signals from the traditional mid-earth orbit GPS satellites with those from the low-earth satellites of voice and data provider Iridium to offer greater accuracy and precision, higher signal integrity, and greater jam resistance." They've already worked with Boeing and the U.S. Department of Defense. Apple didn't disclose the terms of the deal or explain any specific plans for the GPS technology.
Games

Blizzard Bans 100,000 Cheaters In Massive "World of Warcraft" Ban Spree 204

Posted by samzenpus
from the lowering-the-boom dept.
MojoKid writes: Like many MMORPGs, World of Warcraft can be a grind. To sidestep the time commitment required to continually level up a character, gather resources, improve skills, or whatever else is desired, some gamers turn to bots, software that automates the process. The only problem is, Activision Blizzard isn't so keen on this behavior and has dropped the ban hammer hard on gamers who've been using them. Activision Blizzard didn't specify exactly how many people it booted, saying only that it was a "large number of World of Warcraft accounts." However, a screenshot of a conversation between a player, Game Master, and Activision Blizzard employee suggests that over 100,000 World of Warcraft accounts were identified and booted.
Transportation

FBI Alleges Security Researcher Tampered With a Plane's Flight Control Systems 190

Posted by Soulskill
from the feel-free-to-not-do-that dept.
Salo2112 writes with a followup to a story from April in which a security researcher was pulled off a plane by FBI agents seemingly over a tweet referencing a security weakness in one of the plane's systems. At the time, the FBI insisted he had actually tampered with core systems on an earlier flight, and now we have details. The FBI's search warrant application (PDF) alleges that the researcher, Chris Roberts, not only hacked the in-flight entertainment system, but also accessed the Thrust Management Computer and issued a climb command. "He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system." Roberts says the FBI has presented his statements out of their proper context.
Microsoft

In-Database R Coming To SQL Server 2016 94

Posted by Soulskill
from the r,-me-hearties dept.
theodp writes: Wondering what kind of things Microsoft might do with its purchase of Revolution Analytics? Over at the Revolutions blog, David Smith announces that in-database R is coming to SQL Server 2016. "With this update," Smith writes, "data scientists will no longer need to extract data from SQL server via ODBC to analyze it with R. Instead, you will be able to take your R code to the data, where it will be run inside a sandbox process within SQL Server itself. This eliminates the time and storage required to move the data, and gives you all the power of R and CRAN packages to apply to your database." It'll no doubt intrigue Data Scientist types, but the devil's in the final details, which Microsoft was still cagey about when it talked-the-not-exactly-glitch-free-talk (starts @57:00) earlier this month at Ignite. So, brush up your R, kids, and you can see how Microsoft walks the in-database-walk when SQL Server 2016 public preview rolls out this summer.
Classic Games (Games)

MAME Changing License To Fully Libre One 55

Posted by Soulskill
from the emulating-success dept.
jones_supa writes: The source code of MAME (Multiple Arcade Machine Emulator) has long been freely available, but it's never been completely libre. Instead, it's been available under a modified BSD license that prohibits, among other things, commercial use of the code. MAME engineer Miodrag Milanovic explains that such a license was put in place to deter "misuse of MAME in illegal ways," but it also kept legitimate commercial entities doing business with the software. Examples of such could be museums that charge entry fees from using MAME in their exhibits, or copyright holders rereleasing vintage games encapsulated inside MAME. Now the project wants to go fully open. Milanovic continues: "Our aim is to help legal license owners in distributing their games based on MAME platform, and to make MAME become a learning tool for developers working on development boards." As of yet, there are no specific details about the new license.
Advertising

European Telecoms May Block Mobile Ads, Spelling Trouble For Google 198

Posted by timothy
from the scrabble-will-still-show-their-ads-to-me-I-bet dept.
Mark Wilson has news that may have a big impact on both advertisers and end-users who use their phones as portals to ad-supported websites. Several European telecom providers are apparently planning to use ad-blocking software at the data-center level, which would mean benefit for users (in the form of less obnoxious advertising, and less data being eaten by it) but quite a pickle for online advertisers, and sites that rely on advertising revenue. From BetaNews's article (based on this Financial Times article, paywalled): Talking to the Financial Times, one wireless carrier said that the software had been installed at its data centers and could be enabled by the end of the year. With the potential to automatically block most ads on web pages and within apps, the repercussion of the ad boycott could be huge as mobile providers try to wrestle control from the likes of Google. I just wish my mobile provider would start testing this out, too.
Security

Mobile Spy Software Maker MSpy Hacked, Customer Data Leaked 79

Posted by samzenpus
from the have-some-information dept.
pdclarry writes: mSpy sells a software-as-a-service package that claims to allow you to spy on iPhones. It is used by ~2 million people to spy on their children, partners, Exes, etc. The information gleaned is stored on mSpy's servers. Brian Krebs reports that mSpy has been hacked and their entire database of several hundred GB of their customer's data has been posted on the Dark Web. The trove includes Apple IDs and passwords, as well as the complete contents of phones that have mSpy installed. So much for keeping your children safe.
Programming

Is Agile Development a Failing Concept? 507

Posted by timothy
from the surely-you're-not-all-out-of-buzzwords dept.
Nerval's Lobster writes: Many development teams have embraced Agile as the ideal method for software development, relying on cross-functional teams and adaptive planning to see their product through to the finish line. Agile has its roots in the Agile Manifesto, the product of 17 software developers coming together in 2001 to talk over development methods. And now one of those developers, Andy Hunt, has taken to his blog to argue that Agile has some serious issues. Specifically, Hunt thinks a lot of developers out there simply aren't adaptable and curious enough to enact Agile in its ideal form. 'Agile methods ask practitioners to think, and frankly, that's a hard sell,' Hunt wrote. 'It is far more comfortable to simply follow what rules are given and claim you're 'doing it by the book.'' The blog posting offers a way to power out of the rut, however, and it centers on a method that Hunt refers to as GROWS, or Growing Real-World Oriented Working Systems. In broad strokes, GROWS sounds a lot like Agile in its most fundamental form; presumably Hunt's future postings, which promise to go into more detail, will show how it differs. If Hunt wants the new model to catch on, he may face something of an uphill battle, given Agile's popularity.