An anonymous reader writes: Sophos has a blog post up saying, "attempts to get users to choose passwords that will resist offline guessing, e.g., by composition policies, advice and strength meters, must largely be judged failures." They say a password must withstand 1,000,000 guesses to survive an online attack but 100,000,000,000,000 to have any hope against an offline one. "Not only is the difference between those two numbers mind-bogglingly large, there is no middle ground." "Passwords falling between the two thresholds offer no improvement in real-world security, they're just harder to remember." System administrators "should stop worrying about getting users to create strong passwords and should focus instead on properly securing password databases and detecting leaks when they happen."

An anonymous reader writes: Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits. "Any website can easily track a user, regardless of cookie blocking and other privacy protections. No relationship with Verizon is required. ...while Verizon offers privacy settings, they don’t prevent sending the X-UIDH header. All they do, seemingly, is prevent Verizon from selling information about a user." Just like they said they would.

alphadogg writes: The contentious debate about net neutrality in the U.S. has sparked controversy over a lack of funding transparency for advocacy groups and think tanks, which critics say subverts the political process. News stories from a handful of publications in recent months have accused some think tanks and advocacy groups of "astroturfing" — quietly shilling for large broadband carriers. In a handful of cases, those criticisms appear to have some merit, although the term is so overused by people looking to discredit political opponents that it has nearly lost its original meaning. An IDG News Service investigation found that major groups opposing U.S. Federal Communications Commission reclassification and regulation of broadband as a public utility tend to be less transparent about their funding than the other side. Still, some big-name advocates of strong net neutrality rules also have limited transparency mechanisms in place.

Sawaiz Syed's LinkedIn page says he's a "Hardware Developer at GSU [Georgia State University], Department of Physics." That's a great workplace for someone who designs low cost radiation detectors that can be air-dropped into an area where there has been a nuclear accident (or a nuclear attack; or a nuclear terrorist act) and read remotely by a flying drone or a robot ground vehicle. This isn't Sawaiz's only project; it's just the one Timothy asked him about most at the recent Maker Faire Atlanta. (Alternate Video Link)

An anonymous reader writes: The NY Times reports that Alan Eustace, a computer scientist and senior VP at Google, has successfully broken the record for highest freefall jump, set by Felix Baumgartner in 2012. "For a little over two hours, the balloon ascended at speeds up to 1,600 feet per minute to an altitude of 135,908 feet, more than 25 miles. Mr. Eustace dangled underneath in a specially designed spacesuit with an elaborate life-support system. He returned to earth just 15 minutes after starting his fall. ... Mr. Eustace cut himself loose from the balloon with the aid of a small explosive device and plummeted toward the earth at a speeds that peaked at more than 800 miles per hour, setting off a small sonic boom heard by observers on the ground. ... His technical team had designed a carbon-fiber attachment that kept him from becoming entangled in the main parachute before it opened. About four-and-a-half minutes into his flight, he opened the main parachute and glided to a landing 70 miles from the launch site."

Trailrunner7 writes: A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust users have in Tor and similar services. Josh Pitts of Leviathan Security Group ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack.

What Pitts found during his research is that an attacker with a MITM position can actively patch binaries–if not security updates–with his own code. In terms of defending against the sort of attack, Pitts suggested that encrypted download channels are the best option, both for users and site operators. "SSL/TLSis the only way to prevent this from happening. End-users may want to consider installing HTTPS Everywhere or similar plugins for their browser to help ensure their traffic is always encrypted," he said via email.

Nerval's Lobster writes: Every company needs employees who can analyze information effectively, discarding what's unnecessary and digging down into what's actually useful. But employers are getting a little bit worried that U.S. schools aren't teaching students the necessary critical-thinking skills to actually succeed once they hit the open marketplace. The Wall Street Journal talked with several companies about how they judge critical-thinking skills, a few of which ask candidates to submit to written tests to judge their problem-solving abilities. But that sidesteps the larger question: do schools need to shift their focus onto different teaching methods (i.e., downplaying the need for students to memorize lots of information), or is our educational pipeline just fine, thank you very much?

An anonymous reader writes: Eric Betzig recently shared in the Nobel Prize for Chemistry for his work on high-resolution microscopy. Just yesterday, Betzig and a team of researchers published a new microscopy technique (abstract) that "allows them to observe living cellular processes at groundbreaking resolution and speed." According to the article, "Until now, the best microscope for viewing living systems as they moved were confocal microscopes. They beam light down onto a sample of cells. The light penetrates the whole sample and bounces back. ... The light is toxic, and degrades the living system over time. Betzig's new microscope solves this by generating a sheet of light that comes in from the side of the sample, made up of a series of beams that harm the sample less than one solid cone of light. Scientists can now snap a high-res image of the entire section they're illuminating, without exposing the rest of the sample to any light at all."

sciencehabit writes: Here's one reason libraries hang on to old science journals: A paper from an experiment conducted 32 years ago may shed light on the nature of dark matter, the mysterious stuff whose gravity appears to keep the galaxies from flying apart. The old data put a crimp in the newfangled concept of a 'dark photon' and suggest that a simple bargain-basement experiment could put the idea to the test. The data come from E137, a "beam dump" experiment that ran from 1980 to 1982 at SLAC National Accelerator Laboratory in Menlo Park, California. In the experiment, physicists slammed a beam of high-energy electrons, left over from other experiments, into an aluminum target to see what would come out. Researchers placed a detector 383 meters behind the target, on the other side of a sandstone hill 179 meters thick that blocked any ordinary particles.

AberBeta writes: PCGamingWiki contributor Soeb has been looking into the recent larger budget game releases to appear on Linux, including XCOM: Enemy Unknown and Borderlands: The Pre–Sequel produced by Mac porting houses Feral and Aspyr. Soeb reports that while feature parity is high, performance could be a bit better. Performance differences aside, the games are finally arriving on Linux — now the userbase needs to expand to make a virtuous cycle.

New submitter Intrepid imaginaut sends word of a study (PDF) into how e-commerce sites show online shoppers different prices depending on how they found an item and what the sites know about the customer. "For instance, the study found, users logged in to Cheaptickets and Orbitz saw lower hotel prices than shoppers who were not registered with the sites. Home Depot shoppers on mobile devices saw higher prices than users browsing on desktops. Some searchers on Expedia and Hotels.com consistently received higher-priced options, a result of randomized testing by the websites. Shoppers at Sears, Walmart, Priceline, and others received results in a different order than control groups, a tactic known as “steering.” To get a better price, the article advises deleting cookies before shopping, using your browser's private mode, putting the items in your shopping cart without buying them right away, and using tools like Camelcamelcamel to keep an eye out for price drops.

dcblogs writes: McDonald's this week told financial analysts of its plans to install self-ordering kiosks and mobile ordering at its restaurants. This news prompted the Wall Street Journal to editorialize, in " Minimum Wage Backfire," that while it may be true for McDonald's to say that its tech plans will improve customer experience, the move is also "a convenient way...to justify a reduction in the chain's global workforce." Minimum wage increase advocates, the Journal argued, are speeding along an automation backlash. But banks have long relied on ATMs, and grocery stores, including Walmart, have deployed self-service checkouts. In contrast, McDonald's hasn't changed its basic system of taking orders since its founding in the 1950s, said Darren Tristano, executive vice president of Technomic, a research group focused on the restaurant industry. While mobile, kiosks and table ordering systems may help reduce labor costs, the automated self-serve technology is seen as an essential. It will take the stress out of ordering (lines) at fast food restaurants, and the wait for checks at more casual restaurants. It also helps with upselling and membership to loyalty programs. People who can order a drink refill off a tablet, instead of waving down waitstaff, may be more inclined to do so. Moreover, analysts say younger customers want self-service options.