Enderxeno - Slashdot User

Submission + - Ford replacing Microsoft Windows with Blackberry's QNX in new vehicles (financialpost.com) 1

Submitted by innocent_white_lamb on Monday February 24, 2014 @05:10PM

innocent_white_lamb writes: Ford has announced that their in-vehicle technology called Sync will be based on Blackberry's QNX operating system and will no longer use Microsoft Windows.
My own 2013 Ford Escape has the Windows-based Sync system. I wonder if they will issue an update to change it to QNX.

Comment Re:Could someone explain EMV chips? (Score 5, Informative) 146

by Enderxeno on Thursday January 02, 2014 @05:01PM (#45849941) Attached to: How to Avoid a Target-Style Credit Card Security Breach (Video)

The reason EMV is better is because the chip allows you to sign the transaction datagram before it is sent to the bank. The chip stores the specific cards signing cert and it can't be accessed, every time there is a transaction, the pin pad sends the transaction info to the card which encodes and signs it then it is sent to the processor. NFC and other tap transactions are just as safe because even if you intercept the info you can capture the signing cert and can't duplicate the transaction.

Submission + - Google Finds Fraudulent Certificates Used by French Government (securityweek.com)

Submitted by wiredmikey on Monday December 09, 2013 @02:26PM

wiredmikey writes: Google announced on Saturday that it detected a French government agency using unauthorized digital certificates for several Google domains to perform man-in-the-middle attacks on a private network.

Google security engineer Adam Langley said the company traced the fraudulent certificates to Agence nationale de la sécurité des systèmes d’information (ANSSI), a French certificate authority that falls under the government's cyber-security agency. "ANSSI has found that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network," Langley noted in a blog post.

In a separate statement, ANSSI blamed "human error" for the incident.

Google's Langley described the incident as a "serious breach" and warned that the company is considering additional actions.

Submission + - NASA may salvage its planet-hunter spacecraft after all (networkworld.com)

Submitted by coondoggie on Tuesday November 26, 2013 @01:02PM

coondoggie writes: t may come as no surprise to those who know NASA's penchant for coming up with amazingly cool solutions to major problems, but its still pretty intersting when you some major innovation pulled off. This maybe the case with NASA's planet-hunting space telescope Kepler, which has been out of commission since May and thought to be kaput. But this week the space agency said it has come up with a way to make use of the Sun and Kepler's orbit around it to stabilize the craft and let it start taking images of space again.

Submission + - Groklaw replacement?

Submitted by mlock on Tuesday November 26, 2013 @02:35AM

mlock writes: After the various NSA reports Groklaw shut down. So many people are left in the dark across a range of "News for Nerds. Stuff that matters." — like SCO/IBM, Oracle/Google, or other litigation.
Is there another site that provides high-level overview of these things?

Submission + - The Mysterious Malware that Jumps Airgaps

Submitted by Hugh Pickens DOT Com on Thursday October 31, 2013 @11:48AM

Hugh Pickens DOT Com writes: Dan Goodwin writes at Ars Technica about a rootkit that seems straight out of a science-fiction thriller. According to security consultant Dragos Ruiu one day his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused and he also found that the machine could delete data and undo configuration changes with no prompting. Next a computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting and further investigation showed that multiple variants of Windows and Linux were also affected. But the story gets stranger still. Ruiu began observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped. With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on. It's too early to say with confidence that what Ruiu has been observing is a USB-transmitted rootkit that can burrow into a computer's lowest levels and use it as a jumping off point to infect a variety of operating systems with malware that can't be detected. It's even harder to know for sure that infected systems are using high-frequency sounds to communicate with isolated machines. But after almost two weeks of online discussion, no one has been able to rule out these troubling scenarios, either. "It looks like the state of the art in intrusion stuff is a lot more advanced than we assumed it was," says Ruiu. "The take-away from this is a lot of our forensic procedures are weak when faced with challenges like this. A lot of companies have to take a lot more care when they use forensic data if they're faced with sophisticated attackers."

Submission + - NSA broke privacy rules thousands of times per year, audit finds" (washingtonpost.com)

Submitted by NettiWelho on Thursday August 15, 2013 @09:17PM

NettiWelho writes: The Washington Post: The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.
Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by law and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls.

Feed Schneier: NSA Secrecy and Personal Privacy (schneier.com)

From feed by bsfeed on Tuesday June 18, 2013 @12:12PM

In an excellent essay about privacy and secrecy, law professor Daniel Solove makes an important point. There are two types of NSA secrecy being discussed. It's easy to confuse them, but they're very different. Of course, if the government is trying to gather data about a particular suspect, keeping the specifics of surveillance efforts secret will decrease the likelihood of...

Submission + - Icom America sponsors ham radio study website (icomamerica.com)

Submitted by Taxilian on Wednesday June 12, 2013 @01:52PM

Taxilian writes: Icom America, one of the largest manufacturers of Amateur Radio equipment in the world, has just announced that it will be sponsoring the relatively new ham radio study website HamStudy.org. This is interesting given the close ties that Icom has with many other study websites and companies that deal with amateur radio license exam preparation and that the other websites are extremely entrenched and well connected. HamStudy aims to provide free and modern (HTML5) tools to people trying to get involved with Ham Radio.

Submission + - This American Life: When Patents Attack Part Two

Submitted by Morty on Thursday June 06, 2013 @06:28AM

Morty writes: Patent trolls are nothing new to tech websites. Now the more mainstream media has discovered them, too. The recent "This American Life" podcast When Patents Attack Part Two is geared towards a more general audience. This is something to point family members to.

Submission + - DOJ Fights To Keep Illegal Surveillance Court Ruling Hidden (ibtimes.com)

Submitted by coolnumbr12 on Thursday May 30, 2013 @01:07PM

coolnumbr12 writes: The Justice Department may soon be forced to reveal a classified document that details unconstitutional surveillance of American citizens. The Justice Department has fought to keep the document secret for about a year, but a recent court order demands that they respond to a formal request filed by the Electronic Frontier Foundation by next week, June 7, 2013.

Submission + - Google converts links sent via Google Chat to referral links 1

Submitted by MotorMachineMercenar on Tuesday May 21, 2013 @04:13PM

MotorMachineMercenar writes: Google has apparently introduced a new feature to track user behavior in the revamped Google Chat, called Hangouts.

A friend of mine sent me a link, incidentally about an MIT study about the futility of folio hats in blocking the thought police. I use Chrome for Gmail, but being the folio-hat -wearing type, I do all my other browsing in a tightly locked down FF. I copy-pasted the link to FF, and noticed that there was flash of a Google URL before it went to the right URL.

After pasting the link to a note, I noticed it's a Google referral link, similar to the ones most (all?) links on Google search are — in case you weren't aware. So now Google knows who sent what link to whom. The only way around that is to select the entire link, and copy the text.

Now, I'm aware that by definition of me being on a Google platform they implicitly know our conversations. But the fact that they bother to make a referral link means there is even more datamining going on behind the scenes than what we already knew of.

Submission + - Transporting a 15-m, 600-ton Magnet Cross Country

Submitted by necro81 on Tuesday May 21, 2013 @12:47PM

necro81 writes: Although its Tevatron particle accelerator has gone dark, Fermi Laboratory outside Chicago is still doing physics. A new experiment, called muon g-2 will investigate quantum mechanical behavior of the electron's heavier sibling: the muon. Fermi needs a large ring chamber to store the muons it produces and investigates, and it just so happens that Brookhaven National Laboratory outside NYC has one to spare. But how do you transport a delicate, 15-m diameter, 600-ton superconducting magnet halfway across the country? Very carefully.

Submission + - Mozilla Firefox Patch Deals with Third Party Cookies, Smartly (paritynews.com) 1

Submitted by hypnosec on Tuesday March 26, 2013 @08:12AM

hypnosec writes: Mozilla is testing a new patch for its Firefox browser that would provide more privacy to users and control over third party cookies by targeting the manner in which they are installed on users’ systems. Currently when users visit a website that site may be calling up a number of things from other websites – be it advertising, analytics, behavior tracking, etc. These third party elements drop cookies onto users’ machines, which may be accessed at a later date or time to gather data about users' usage habits. The new mechanism effectively prohibits websites from installing third party cookies onto users’ systems. Users who have the patch installed will have to directly interact with the website or the company "for a cookie to be installed on their machine." This means that up until a user actively interacts with the third party website directly, Firefox will not allow for those cookies to be installed on the user’s system.

Submission + - BlackBerry 10: Five Reasons Why It Will Succeed (ibtimes.co.uk)

Submitted by AlistairCharlton on Tuesday January 29, 2013 @01:39PM

AlistairCharlton writes: As Research in Motion prepares to launch BlackBerry 10 at press events around the world tomorrow, we take a look at five reasons why RIM's last role of the dice could save it from failure.

Slashdot Top Deals