Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Submission + - UK Government Report Recommends Ending Online Anonymity (techdirt.com)

Submitted by Anonymous Coward
An anonymous reader writes: Every so often, people who don't really understand the importance of anonymity or how it enables free speech (especially among marginalized people), think they have a brilliant idea: "just end real anonymity online." They don't seem to understand just how shortsighted such an idea is. It's one that stems from the privilege of being in power. And who knows that particular privilege better than members of the House of Lords in the UK — a group that is more or less defined by excess privilege? The Communications Committee of the House of Lords has now issued a report concerning "social media and criminal offenses" in which they basically recommend scrapping anonymity online.

Submission + - Researchers Make Weak Passwords Virtually Uncrackable (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: A team of researchers at the New York University Polytechnic School of Engineering say they have found a way to help organizations better protect even the weakest of passwords and make them almost impossible to crack.

Using an open-source password protection scheme dubbed PolyPasswordHasher, password information is never stored directly in a database; the information is used to encode a cryptographic "store" that cannot be validated unless a certain number of passwords are entered. In other words, an attacker would need to crack multiple passwords simultaneously in order to verify any single hash.

"PolyPasswordHasher divides secret information—in this case, password hashes—into shares, and just like a puzzle that is meaningless unless the pieces are assembled, no individual password can be validated unless a certain number of them are known and entered," explained Assistant Professor of Computer Science and Engineering Justin Cappos. "Even if the password file and all other information on disk were stolen, an attacker could not verify a single correct password without guessing a large number of them correctly."

Cappos estimated an attacker using a modern laptop could crack at least three six-character passwords in an hour if the computer was checking roughly a billion password hashes per second. With PolyPasswordHasher, the attacker would be required to compute these three passwords at the same time. The researchers estimate that in practice, all 900 million computers on Earth would need to work nonstop for longer than 13 billion years to compute the three passwords at the same time. According to the researchers' paper, the method is conceptually similar to encrypting the passwords with a key that is only recoverable when a threshold of passwords are known.

Comment Re:AI is always "right around the corner". (Score 4, Insightful) 564

The chess programs had the rules of chess programmed into them, and the move to play was calculated by rating different moves in the search space using an algorithm that was programmed by the developers of the AI system. This means that it is only specialised to chess.

To be the AI in movies like The Terminator, the program will need to be able to learn the rules and strategies of chess itself, and adapt its algorithm over time. To simplify the problem of recognising the elements on the board (machine vision), you could represent the board as an 8x8 array of Unicode characters.

Teaching the rules is difficult because you need a way of communicating those rules, which means that the program will need to understand language and the meaning behind the language (or enough meaning to understand rules to a particular game). Also, chess has a lot of rules that can be complex (en passant, castling, etc.) so it would be better to start with a simple game like tic tac toe or connect 4.

The real threat is not in a generic AI that deems humans as a threat, but a specially tasked program or AI that miscalculates: allowing machines to control drones or military aircraft to perform air strikes, or similar things. There, if a machine gets things wrong it can cause untold destruction. Think SkyNet/The Terminator, but here the machines do not know what they are doing (they don't have independent thought or understanding like humans and animals), they just classify humans (or buildings) as a threat -- that is, this can be via a decision tree like in the chess games and the best "move" is to attack any building.

Submission + - Oklahoma's Earthquakes Linked To Fracking (vox.com)

Submitted by Anonymous Coward
An anonymous reader writes: Oklahoma has already experienced about 240 minor earthquakes this year, roughly double the rate at which California has had them. A recent study (abstract) has now tied those earthquakes to fracking. From the article: "Fracking itself doesn't seem to be causing many earthquakes at all. However, after the well is fracked, all that wastewater needs to be pumped back out and disposed of somewhere. Since it's often laced with chemicals and difficult to treat, companies will often pump the wastewater back underground into separate disposal wells. Wastewater injection comes with a catch, however: The process both pushes the crust in the region downward and increases pressure in cracks along the faults. That makes the faults more prone to slippages and earthquakes. ... More specifically, the researchers concluded that 89 wells were likely responsible for most of the seismic activity. And just four wells located southeast of Oklahoma City were likely responsible for about one-fifth of seismic activity in the state between 2008 and 2013."

Feed Google News Sci Tech: Google tells UK media which of their stories it is hiding from search results - (google.com)

From feed by feedfeeder

Times of India
Google tells UK media which of their stories it is hiding from search results
PCWorld
Google has informed several U.K. media which of their news articles it is hiding in search results shown to European Union users as a consequence of a recent EU court ruling that gives people the “right to be forgotten” by search engines under certain...
Google right to be forgotten 'to get messy' after BBC story disappearsCNET
Censorship claimed as Google cuts search resultsSalt Lake Tribune
Google 'forgets' BBC man's blog post: We saw what you did thereRegister
Wall Street Journal (blog)-Businessweek-PC Magazine
all 164 news articles

Submission + - WinZip distributes infected 18.5 update

Submitted by VMB74
VMB74 writes: Paying WinZip customers received an e-mail notification of the Free Upgrade to WinZip 18.5 availability yesterday. The e-mail included a link to the following site:
http://www.winzip.com/en/landi...

Clicking the Get Update button downloads a 802K winzip180xp.exe executable which installs nothing more than a Rocket PUP. Please do not try to run the downloaded winzip180xp.exe on a useful Windows machine you care about. Cleanup is very time consuming.

Here are the VirusTotal scan results:
https://www.virustotal.com/en/...

And the most amazing part is the response of the WinZip technical support which I provided with all technical details. Here it comes in full, in the original formatting, and with the original spelling:

"Hi, I am writing in response to your message:

Thank you for your inquiry.

This is the false positive warning message from Windows or Antivirus application when you are downloading any executable(.exe) files. The WinZip application setup file and other downloads from WinZip download page are safe and does not contains any Virus, malware etc.

Please temporarily disable the your Antivirus application and complete the download of WinZip application Setup file. After completing the download, Please enable your Antivirus application.

Thanks,
Mukesh, WinZip Customer Support"

Submission + - Should Billionaire-Backed Code.org Pay Its Interns?

Submitted by theodp
theodp writes: Code.org's Corporate and Founding Donors page reads like a Who's Who of the world's wealthiest corporations and individuals. But a job posting entitled Marketing / Communications Intern (Seattle only, part-time, unpaid, Sept-Dec) (screenshot) makes it clear that no portion of the tax-deductible donations will trickle down to the successful candidate, who will be required to put in an unpaid 10-20 hours/week "under pressure" in a "fast-paced environment" for four months "assisting marketing efforts for December’s global Hour of Code campaign, coordinating prize packages, managing partner commitments and events in databases and researching media prospects." So, does this count as one of the "high-paying jobs" provided by the computing revolution that Code.org supporters told California Governor Jerry Brown about last May in a letter touting the Hour of Code? Perhaps Code.org is just trying to be frugal — after all, it's requiring K-12 teachers from school districts in Chicago, New York City, Boston, and Seattle to report to the presumably rent-free offices of Corporate Donors Google, Microsoft, and Amazon to be re-educated on how Computer Science should be taught.

Submission + - YouTube's new music service is shortchanging independent acts

Submitted by mrspoonsi
mrspoonsi writes: A European group by the name of Impala that represents the continent's independent artists and labels, says that indies are being presented with non-negotiable contracts to join the service. What's more, if the artists don't sign to "probably the lowest rates in the business," the videos that they've posted to their YouTube channels will reportedly be blocked from the site entirely. A musician (understandably) not playing ball with Google's video wing hurts everyone involved, all the way down to the end user. If Impala isn't familiar, you've almost assuredly heard of its artists: Jack White, Adele, M.I.A., Royksopp, Arctic Monkeys, and The National, to name a few.

Submission + - TrueCrypt is dead? What now? 7

Submitted by Archeron
Archeron writes: A colleague visited Truecrypt.org today and brought this to my attention. All the links are gone and the front page contains the message:
"The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP." It goes on to list migration instructions. Is this the end for our beloved open source, multi-platform crypto solution? The question is what now? Planned forks? Any recommendations for freely available, open and multi-platform solutions that will allow for moving storage devices from Linux -> Windows -> Mac?

Submission + - Google Starts Blocking Extensions Not In The Chrome Web Store

Submitted by Anonymous Coward
An anonymous reader writes: Google has begun blocking local Chrome extensions to protect Windows users. This means that as of today, extensions can be installed in Chrome for Windows only if they’re hosted on the Chrome Web Store. Furthermore, Google says extensions that were previously installed “may be automatically disabled and cannot be re-enabled or re-installed until they’re hosted in the Chrome Web Store.” The company didn’t specify what exactly qualifies the “may” clause, though we expect it may make exceptions for certain popular extensions for a limited time. Google is asking developers to reach out to it if they run into problems or if they “think an extension was disabled incorrectly.”

Submission + - Parenting Rewires the Male Brain (sciencemag.org) 1

Submitted by sciencehabit
sciencehabit writes: Cultures around the world have long assumed that women are hardwired to be mothers. But a new study suggests that caring for children awakens a parenting network in the brain—even turning on some of the same circuits in men as it does in women. The research implies that the neural underpinnings of the so-called maternal instinct aren't unique to women, or activated solely by hormones, but can be developed by anyone who chooses to be a parent.

Submission + - Uk to end net neutrality (dailydot.com)

Submitted by Anonymous Coward
An anonymous reader writes: The uk government is planning on vetoing the EU legislation that enforces net neutrality under the guise of "won't anyone think of the child pornography blocking?" again.

Submission + - LibreSSL Update (openbsd.org)

Submitted by the_B0fh
the_B0fh writes: Bob Beck reports on the progress the OpenBSD team has made on LibreSSL. Some highlights:

Code was horrible. Nobody wanted to touch it. OpenSSL Foundation appears to be a million dollar a year for-profit company doing FIPS consulting. Bugs rot for years in bug tracker. ROP coding function — allows you to jump to any arbitrary address — ROP coder's wet dream! Current third party ports are all insecure. Need funding. Linux Foundation has not committed to support LibreSSL.

Comment Re:Fuzz Testing. Next! (Score 1) 116

by msclrhd (#47019275) Attached to: Finding More Than One Worm In the Apple

They are all tools that can be applied to improve the quality of the code. No one thing is "The Solution".

* Test Driven Development (TDD) is a good approach to ensure that the code you write is testable. This will not work for things like UI code, but other code will benefit.

* Unit Tests can either be developed via a TDD-like approach (easier to do), or after the code is written (harder to do).

* Automated Regression Tests (a superset of Unit Tests) provide good coverage for ensuring code works as expected without involving a large manual testing team. These will only detect the things covered by the automated tests.

* Static Code Analysis tools can pick up a lot of problem areas, but will not detect every problem. These results can be used to identify what tests need to be created to prevent future regression.

* Fuzz testing is good at providing strange data to e.g. a protocol or file format parser. These are intended to be soak tests -- e.g. "does my regular expression parser handle all these strange and possibly invalid constructs". Fuzz testing would have most likely found the heartbleed bug (because it would have permutated the length of data to request). Any failures here should be converted to Unit/Regression tests to ensure that the problem is (a) fixed by any code changes made and (b) does not occur in the future. Fuzz testing will typically find hard to identify bugs (e.g. data races) that are not easy to identify from manually constructed tests or static analysis.

* Manual/ad hoc testing is important as it can uncover bugs that the developers are not aware of.

* Code and Security Reviews help identify potential issues (e.g. if you have someone knowledgeable about SQL injection, they can assess whether some code is vulnerable to that attack).

None of these is a silver bullet, but the more you have the better the code will be.

Submission + - British government willing to block EU net neutrality deal (buzzfeed.com)

Submitted by Anonymous Coward
An anonymous reader writes: The British government has said it will block the EU's recently signed net neutrality deal if it stops it censoring the internet. The European Parliament passed net neutrality legislation last month, but member state governments have to sign off the plan before it can become law.

Slashdot Top Deals

For God's sake, stop researching for a while and begin to think!

Close