Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Submission + - Why WinSCP Became An Open Source Classic

Submitted by Anonymous Coward
An anonymous reader writes: If you're a Windows user and you're connecting securely to remote machines, you've probably heard about WinSCP. This multi-functional open source tool has been around since 2000 and it's now considered a classic by a vast global user-base. WinSCP is the brainchild of a 36-year old Czech developer living in Prague, who's been refining it for 15 years. Learn more about this open source tool, the community and how the developer learned that you can pay your bills by giving software for free.

Submission + - European data protection warnings on home CCTV (ico.org.uk)

Submitted by kooky45
kooky45 writes: The UK's Information Commissioner is warning all British households with CCTV cameras that they could be breaking the Data Protection act if they are recording activity happening outside of their property, and they must register their use of cameras, warn neighbours and post notices about their coverage. This is in line with recent EU legal activity but it's likely to discourage wider adoption of domestic CCTV in Europe. And how does this affect webcams and dashcams which may also capture public activity?

Submission + - Building robots with Python using Robot Operating System (ROS) and ROSPy (talkpythontome.com)

Submitted by Anonymous Coward
An anonymous reader writes: Programming is fun. Robots are fun. Programming robots is awesome! This episode Michael speaks with Dirk Thomas from the ROS (Robot Operating System) project. You will learn how to use ROS and ROSPy to program robots.

We discuss how to use ROS from some of the largest and most complex robots built (including one on the International Space Station!) all the way down to basic robots controlled via micro-controllers such as arduinos.

Submission + - Samsung biggest loser as Chinese smartphone market shrinks

Submitted by stephendavion
stephendavion writes: China's smartphone market has contracted year-on-year for the first time in six years. According to IDC, Q1 2015 saw 98.8 million units shipped, a decline of 4 percent compared to the equivalent period last year. Compared to the previous quarter, the market saw a decline of 8 percent, which IDC attributed to a large inventory build-up at the end of 2014. The research showed that Apple was the top smartphone vendor in China in the quarter, with 14.5 million shipments. This represented year-on-year unit growth of 62.1 percent. Xiaomi followed with 13.5 million units and Huawei came in third with 11.2 million units. Most of these gains came at the expense of Samsung, the biggest loser in the quarter. The South Korean company saw its sales plummet 53 percent to 9.6 percent million. In Q1 2014 it was the biggest vendor, shifting a mighty 20.5 million units.

Submission + - Mirror, mirror on the wall: Smart mirrors boost sales (washingtontimes.com)

Submitted by ArianeBonnies
ArianeBonnies writes: This trend is a way stores aim to catch up to online rivals like Amazon.com that are able to gather information on which items shoppers browse and use that to recommend other products. The new technology that enables physical stores to collect much of the same data as online retailers raises privacy questions, but executives say customers are offered a choice and the data is protected.

Submission + - Add GitHub dorking to list of enterprise security concerns (itworld.com)

Submitted by chicksdaddy
chicksdaddy writes: IT World has a story today suggesting that GitHub may be a victim of its own success. Exhibit 1: "GitHub dorking:" the use of GitHub's powerful internal search engine to uncover security holes and sensitive data in published code repositories. (http://www.itworld.com/article/2921135/security/add-github-dorking-to-list-of-security-concerns.html)
In a nutshell: GitHub's runaway popularity among developers is putting employers and development shops in a tough spot. As the recent story about Uber accidentally publishing database administrator credentials in a public GitHub repository suggests, (http://arstechnica.com/security/2015/03/in-major-goof-uber-stored-sensitive-database-key-on-public-github-page/), it can be difficult even for sophisticated development organizations to grasp the nuances of how interactions with GitHub's public code repositories might work to undermine corporate security.

The ease with which developers can share and re-use code on GitHub is part of the problem, said Bill Ledingham, chief technology officer at Black Duck Software, which monitors some 300,000 open source software projects that use GitHub. Ledingham said leaked user credentials are inadvertent errors caused by developers too accustomed to the ease with which code can be borrowed, modified and resubmitted to GitHub.

"Developers in some cases are just taking the easiest path forward," he said. "They're checking in code or re-using it and not looking at some of these issues related to security."

Among the issues to watch out for are information leaks by way of vulnerabilities in GitHub.com or the GitHub API, leaks of intellectual property in published repositories and the leak of credentials and other shared secrets that could be used to compromise production applications.

Tools like the GitRob command line application developed by Michael Henriksen (http://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/) make it a simple matter to analyze all the public GitHub repositories associated with a particular organization. GitRob works by compiling the public repositories belonging to known employees of that firm, then flagging filenames in each repository that match patterns of known sensitive files.

Companies that are doing software development need to take an active interest in GitHub, determining which employees and contractors are using it and verifying that no proprietary code or sensitive information is leaking into the public domain.

Internally, data leak prevention products can identify and block the movement of proprietary code. Concerted education for developers about best practices and proper security hygiene when downloading and uploading code to shared and searchable source repositories can help prevent head slapping mistakes like the leak of database administrator credentials and private keys.

Submission + - Hacker given in-game death sentence (bbc.com)

Submitted by mpicpp
mpicpp writes: A character controlled by a hacker who used exploits to dominate online game Guild Wars 2 has been put to death in the virtual world.

The character, called DarkSide, was stripped then forced to leap to their death from a high bridge.
The death sentence was carried out after players gathered evidence about the trouble the hacker had caused.

This helped the game's security staff find the player, take over their account and kill them off.

Over the past three weeks many players of the popular multi-player game Guild Wars 2 have been complaining about the activities of a character called DarkSide. About four million copies of the game have been sold.

Via a series of exploits the character was able to teleport, deal massive damage, survive co-ordinated attacks by other players and dominate player-versus-player combat.
To spur Guild Wars' creator ArenaNet to react, players gathered videos of DarkSide's antics and posted them on YouTube.

The videos helped ArenaNet's security head Chris Cleary identify the player behind DarkSide, he said in a forum post explaining what action it had taken. Mr Cleary took over the account to carry out the punishment.
The video shows DarkSide being stripped to his underwear then made to leap from a high bridge in one of the game's cities. It also shows the character being deleted by Mr Cleary.

"Oh yah, he's also banned," he wrote. Several other accounts belonging to the same player have also been shut down.

Comment Re:Not authorized is worse than unconstional. (Score 4, Interesting) 237

No, not authorized is a lighter ruling. It means tomorrow congress can pass a law explicitly allowing it, and there would be no problem cuz it wasn't ruled unconstitutional.

Not authorized isn't a lighter ruling, it's a very damning ruling against the NSA, and it's the only ruling that can be made in this case simply for the reason that there was no law on the books where Congress gave authorization for the NSA to operate like this. To put it succinctly: The NSA was ruled to be operating outside the law... which effectively makes them criminals (won't be holding my breath for any actual prosecutions, though).

Now, if Congress goes back and creates a law that Authorizes the NSA to operate in this manner, then the issue can be brought back to court for Judgement to be made on the constitutionality of the law. Then that verdict will hold a more permanent weight on the future of government surveillance and the kind of laws Congress is able to write around it.

Comment Re:Correction (Score 1) 71

It's a reference to the (IMHO unprofessional and tasteless; the Hulk should sue) title graphic that Arse Technica (sic) used for their initial story. Until this post, the only way to get to that image from here is to click the link that goes back to the previous slashdot article, and then click that link there.

Submission + - Seafloor sensors record possible eruption of underwater volcano (washington.edu)

Submitted by vinces99
vinces99 writes: If a volcano erupts at the bottom of the sea, does anyone see it? If it is Axial Seamount, about 300 miles offshore and 1 mile deep, the answer is "yes." Thanks to high-tech instruments installed last summer by the University of Washington to bring the deep sea online, what appears to be an eruption of Axial Volcano on April 23 was observed in real time by scientists on shore.

“It was an astonishing experience to see the changes taking place 300 miles away with no one anywhere nearby, and the data flowed back to land at the speed of light through the fiber-optic cable ... in milliseconds,” said John Delaney, a UW professor of oceanography who led the installation of the instruments as part of a larger effort sponsored by the National Science Foundation.

Delaney organized a workshop on campus in mid-April at which marine scientists discussed how this high-tech observatory would support their science. Then, just before midnight on April 23 until about noon the next day, the seismic activity went off the charts. The gradually increasing rumblings of the mountain were documented over recent weeks by William Wilcock, a UW marine geophysicist who studies such systems. During last week’s event, the earthquakes increased from hundreds per day to thousands, and the center of the volcanic crater dropped by about 6 feet in 12 hours.

“The only way that could have happened was to have the magma move from beneath the caldera to some other location,” Delaney said.

Submission + - Want 30 Job Offers a Month? It's Not as Great as You Think

Submitted by Anonymous Coward
An anonymous reader writes: Software engineers suffer from a problem that most other industries wish they had: too much demand. There's a great story at the Atlantic entitled Imagine Getting 30 Job Offers a Month (It Isn't as Awesome as You Might Think). This is a problem that many engineers deal with: place your resume on a job board and proceed to be spammed multiple times per day for jobs in places that you would never go to (URGENT REQUIREMENT IN DETROIT!!!!!, etc). Google "recruiter spam" and there are many tales of engineers being overwhelmed by this. One engineer, fed up by a lack of a recruiting spam blackhole, set up NoRecruitingSpam.com with directions on how to stop this modern tech scourge. How many of you slashdotters have been the victim of recruiting spam?

Submission + - CareerBuilder cyberattack delivers malware straight to employers (thestack.com)

Submitted by Anonymous Coward
An anonymous reader writes: Security threat researchers Proofpoint have uncovered an email-based phishing attack which infected businesses with malware via the CareerBuilder online job search website. The attack involved the hacker browsing job adverts across the platform and uploading malicious files during the application process, titling the documents “resume.doc” and “cv.doc.” Once the CV was submitted, an automatic email notification was sent to the business advertising the position, along with the uploaded document. In this case, Proofpoint found that as a business opens the automatic email from CareerBuilder to view the attached file the document plays on a known Word vulnerability to sneak a malicious code onto the victim’s computer. According to the threat research group, the manual attack technique although time-consuming has a higher success rate than automated tools as the email attachments are more likely to be opened by the receiver.

Submission + - Game:ref's hardware solution to cheating in eSports (redbull.com)

Submitted by Anonymous Coward
An anonymous reader writes: Cheating is a real problem in today's most popular online multiplayer games, and not just on public servers. Some of the world's top Counter-Strike: Global Offensive players have been banned by Valve's Anti-Cheat System (VACS) in recent months too, bringing a nascent eSport into disrepute. But one gamer is taking a different approach, creating a hardware solution called Game:ref to tackle the problem. Simple in design — Game:ref, which the creator hopes to fund on Kickstarter soon, compares on screen movement with your inputs — but powerful in potential, the device has the potential to catch out illegal macro users both on and offline. It's already attracting interest in the top flight too.

"I've had some people from [eSports teams] Complexity, SK Gaming, and a few high-profile streamers reach out. I would say everyone seems onboard with making online PC gaming a more enjoyable experience," says inventor David Titarenco, a former Counter-Strike pro himself. "After all, most cheating on consoles has been eradicated, why should PC be so far behind?"

Slashdot Top Deals

The cost of feathers has risen, even down is up!

Close