63065201
submission
DavidGilbert99 writes:
Imagine using chips implanted in accessories like glasses, shoes and belts — or even under your skin — to generate a personal electronic aura. This would be your own personal safe zone, and only inside this would your electronics work, including a device which logs and stores thousands of passwords. This is the vision of a Cambridge University professor who wants to create an Electronic Aura for everyone.
63062947
submission
An anonymous reader writes:
A team of researchers at the TU Berlin and RWTH Aachen presented an analysis of the Internet Census 2012 data set in the July edition of the ACM Sigcomm Computer Communication Review journal. After its release on March 17, 2013 by an anonymous author, the Internet Census data created an immediate media buzz, mainly due to its unethical data collection methodology that exploited default passwords to form the Carna botnet.
The now published analysis suggests that the released data set is authentic and not faked, but also reveals a rather chaotic picture. The Census suffers from a number of methodological flaws and also lacks meta-data information, which renders the data unusable for many further analyses. As a result, the researchers have not been able to verify several claims that the anonymous author(s) made in the published Internet Census report. The researchers also point to similar but legal efforts measuring the Internet and remark that the illegally measured Internet Census 2012 is not only unethical but might have been overrated by the press.
62890425
submission
alphadogg writes:
Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don’t conform to new internal domain naming and IP address conventions designed to safeguard networks. The concern is that SSL server digital certificates issued by CAs at present for internal corporate e-mail servers, Web servers and databases are not unique and can potentially be used in man-in-the-middle attacks involving the setup of rogue servers inside the targeted network, say representatives for the Certification Authority/Browser Forum (CA/B Forum), the industry group that sets security and operational guidelines for digital certificates. Members include the overwhelming bulk of public CAs around the globe, plus browser makers such as Microsoft and Apple. The problem today is that network managers often give their servers names like “Server1” and allocate internal IP addresses so that SSL certificates issued for them through the public CAs are not necessarily globally unique, notes Trend Micro's Chris Bailey.
62889863
submission
TechForensics writes:
We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.
Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA – hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been vitiated.
This is the situation we have: all of the main are important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:
Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered false. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother.
Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?
62859389
submission
itwbennett writes:
Don't forget that tomorrow is Sysadmin Day — a good day to show love to the folks who save your butt again and again when you mess up your computer. Forget the chocolate and flowers, long-time sysadmin Sandra Henry-Stocker has tailored some poems to celebrate these under appreciated, hard-working souls.
62859093
submission
An anonymous reader writes:
A central Iowa Boy Scout troop just returned from a three-week trip they will likely never forget.
Boy Scout Troop 111 Leader Jim Fox spelled out what happened to him and the Mid-Iowa Boy Scout Troop 111 as four van-loads of Scouts and adult volunteers tried to drive from Canada into Alaska.
Fox said one of the Scouts took a picture of a border official, which spurred agents to detain everyone in that van and search them and their belongings.
âoeThe agent immediately confiscated his camera, informed him he would be arrested, fined possibly $10,000 and 10 years in prison,â Fox said.
Another of the Scouts was taking luggage from the top of a van to be searched when something startling happened.
âoeHe hears a snap of a holster, turns around, and hereâ(TM)s this agent, both hands on a loaded pistol, pointing at the young manâ(TM)s head,â Fox explained.
62858513
submission
dcblogs writes:
The Census Bureau reports that only 26% of people with any type of four-year STEM degree are working in a STEM field. For those with a degree specifically in computer, math or statistics, the figure is 49%, nearly the same for engineering degrees. What happens to the other STEM trained workers? The largest numbers are managers at non-STEM businesses (22.5%), or having careers in education (17.7%), business/finance (13.2%) and office support (11.5%). Some other data points: Among those with college degrees in computer-related occupations, men are paid more than women ($90,354 vs. $78,859 on average), and African American workers are more likely to be unemployed than white or Asian workers.
62854661
submission
Norsak writes:
I work as an IT Manager. We have 1000 users on a Windows domain, a fairly common scenario
I personally doubt that implementing 2 Factor Authentication in my organization would be possible. If some of you have successfully upgraded a company to 2 factor authentication, I would be very interested in hearing about your experience.
My primary concern is:
There are so many different ways a user can currently use AD credentials.
Wouldn’t any Two Factor Authentication solution support fewer access permutations than the old Username + Password system it is replacing?
Here are some scenarios that come to mind:
- Offline Laptop cached credentials login
- Iphone & Android email login, as well as offline access to old emails.
- Non IIS webservers that use LDAP to authenticate against AD
My second concern is ease of use and its impact on user acceptance.
At the bank they plug smartcards into a reader; but solutions beyond the desktop, like Microsoft’s Azure MFA, appear much more clunky.
Please share your experiences.
62803575
submission
An anonymous reader writes:
Simplocker, the first Android ransomware that actually encrypts files located on the device, has begun to target English-speaking users, ESET researchers warn. The new version shows a message sporting the FBI logo and asks users to pay a fine in the amount of $300 (via MoneyPak voucher) in order to get their device unblocked and their files decrypted. It also displays the camera feed from the device in order to make it seem that the authorities know how the user looks like.
62800189
submission
gunner_von_diamond writes:
I was just reading a story on ./ from 10 years ago today, about Lasik Eye Surgery. Personally, I've had Lasik done and loved every single part of the surgery. I went from wearing contacts/glasses every day to having 20/15 vision! In the older post, everyone seemed to be cautious about it, waiting for technical advances to get the surgery done. In present day, the surgery is fairly inexpensive [even for a programmer :) ], takes about 10-15 minutes for the actual surgery, and I recovered from the surgery that same day. So my question is, what is holding everyone else back from being reliant on contacts and/or glasses?
62799927
submission
Zothecula writes:
It was just last week that we heard about how researchers from Nottingham Trent University are looking at embedding heart rate sensors in car seats, to detect when drivers are nodding off. Well, it turns out that they're not the only ones. A consortium of European companies and institutes is developing a similar system known as HARKEN, which uses seat-located sensors to monitor both the driver's heart rate and their rate of respiration.
62798695
submission
MojoKid writes:
Intel just launched their new SSD 2500 Pro series solid state drive, the follow-up to last year's SSD 1500 Pro series, which targets corporate and small-business clients. The drive shares much of its DNA with some of Intel's consumer-class drives, but the Pro series cranks things up a few notches with support for advanced security and management features, low power states, and an extended management toolset. In terms of performance, the Intel SSD 2500 Pro isn't class-leading in light of many enthusiast-class drives but it's no slouch either. Intel differentiates the 2500 Pro series by adding support for vPro remote-management and hardware-based self-encryption. The 2500 Pro series supports TCG (Trusted Computing Group) Opal 2.0 features and is Microsoft eDrive capable as well. Intel also offers an administration tool for easy management of the drive. With the Intel administration tool, users can even reset the PSID (physical presence security ID), though the contents of the drive will be wiped. The SSD 2500 Pro series of solid state drives will be offered in both 2.5" SATA (7mm Z-Height) and M.2 "gumstick" form factors, with capacities ranging from 120GB on up to 480GB. Sequential reads are rated at up to 540MB/s, sequential writes at up to 480MB/s, with 45K – 80K random read / write IOps.