Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Not Open (Score 1) 368

If he uses Hibernation either a swap partition or a swap file (if you have uswsusp installed) is a requirement. The reason it's usually recommended that swap partitions are to be at least as big as your RAM (more often I hear twice as large as available RAM) is so that when the system is being placed into hibernation, the entire contents and state of RAM can be written to disk before the system powers down.

Comment Re:Moral (Score 1) 124

by RavenLrD20k (#49689981) Attached to: Hackers Using Starbucks Gift Cards To Access Credit Cards

Technology is supposed to make life easier, not harder.

That may be true, but the current track record of technology is that when it makes things easier for the user it also makes things easier for the hacker.

Don't want a smartphone? All the capabilities stated above could in theory be placed into a relatively small dedicated device that is only used for Authentication purposes. Hell, instead of even having an onboard battery, the device could have a cord that plugs into the POS device and transfers data while receiving power that way.

I personally want something more secure than the Swipe & PIN that my Debit Card uses with the protection that comes with Swipe and Sign that's the current method used by American Credit Card companies. Like I said, Chip and PIN is only mildly more secure than Swipe & PIN and I feel that my proposed method would bring security to a more comfortable level, at least for me.

Comment Re:Moral (Score 2, Interesting) 124

by RavenLrD20k (#49688941) Attached to: Hackers Using Starbucks Gift Cards To Access Credit Cards

I still don't like Chip & PIN. It's better than swipe and sign of current credit cards, but it's not much more secure than using a Debit Card at the terminals now, which is Mag-stripe Swipe and PIN here. I'd rather have cards with 2FA. Sure, my idea requires a smartphone with data access, but a business needs some kind of data-line to process credit card transactions now anyway. For my Idea to work replace the card machines with a type that has a keypad and provides NFC or Bluetooth access, or uses a screen to display a QR code; similar to the parent's idea so far... Now the device doesn't even have to be a smartphone... just smartphone like. Smartphones now are capable of using fingerprint readers so a payment device only would need a Camera, NFC radio, Cell Radio (possibly optional, but would make SMS messaging viable), WiFi radio, Fingerprint reader, and a TFT (maybe GPS too...).

My idea goes something like this: POS has rung up all the customer's items and requests payment. POS Pay-Pad Pops up the total and a QR code on the screen and activates the NFC Radio. Customer can either use the NFC or Camera on their device to get the relevant information (Store Name/Number/Location, Total amount due, any other pertinent info), Device then uses whatever data connection it has available (POS NFC, POS Bluetooth, Wi-Fi hotspot, Cell Data, SMS...etc) to send the information to the requisite Authentication company (MC/V/AmEx/Dsc/Store Card Auth; possibly chosen from a menu on device), Authenticator application then requests fingerprint from user to authenticate with. Upon successful authentication a confirmation page would come up where the user can verify all the information received from the QR code / NFC transfer and make sure it's right (the information would not be what was stored from the initial read but received again from the AuthCo to ensure that the data wasn't corrupted in transfer). Re-authenticating by fingerprint confirms the info, hitting a physical button will cancel it. Upon successful second authentication, a one time use pin number would appear on the screen for the user to punch into the POS terminal keypad. When the POS receives the PIN and verifies it against information it just received from the Authentication Company, it accepts payment and marks the transaction complete. The only time this whole scenario would fail is during data outages, which could be mitigated by having a physical card as a backup for performing imprints and manual processing on, which the user can possibly log in their authenticator application.

This is just a thought, but I'm just a dreamer. I hope I'm not the only one.

Submission + - One of the Strongest, Lightest Metals Ever Made Is Less Dense Than Water

Submitted by Jason Koebler
Jason Koebler writes: A new class of magnesium-alloy syntactic foam, which is made out of hollow particles to lower its weight and density is one of the strongest metals for its weight and density ever developed, which makes it ideal for use in boats.
Developed by Nikhil Gupta at NYU Polytechnic University, the alloy is 44 percent stronger than similar, aluminum-based foams, and each individual sphere within the foam can withstand pressure of more than 25,000 pounds per square inch before breaking, which is roughly 100 times the pressure exerted by water coming out of a firehose. Gupta's foams are currently used by the Navy and he suspects this one will be ready for use in warships within three years.

Submission + - Why WinSCP Became An Open Source Classic

Submitted by Anonymous Coward
An anonymous reader writes: If you're a Windows user and you're connecting securely to remote machines, you've probably heard about WinSCP. This multi-functional open source tool has been around since 2000 and it's now considered a classic by a vast global user-base. WinSCP is the brainchild of a 36-year old Czech developer living in Prague, who's been refining it for 15 years. Learn more about this open source tool, the community and how the developer learned that you can pay your bills by giving software for free.

Submission + - European data protection warnings on home CCTV (ico.org.uk)

Submitted by kooky45
kooky45 writes: The UK's Information Commissioner is warning all British households with CCTV cameras that they could be breaking the Data Protection act if they are recording activity happening outside of their property, and they must register their use of cameras, warn neighbours and post notices about their coverage. This is in line with recent EU legal activity but it's likely to discourage wider adoption of domestic CCTV in Europe. And how does this affect webcams and dashcams which may also capture public activity?

Submission + - Building robots with Python using Robot Operating System (ROS) and ROSPy (talkpythontome.com)

Submitted by Anonymous Coward
An anonymous reader writes: Programming is fun. Robots are fun. Programming robots is awesome! This episode Michael speaks with Dirk Thomas from the ROS (Robot Operating System) project. You will learn how to use ROS and ROSPy to program robots.

We discuss how to use ROS from some of the largest and most complex robots built (including one on the International Space Station!) all the way down to basic robots controlled via micro-controllers such as arduinos.

Submission + - Samsung biggest loser as Chinese smartphone market shrinks

Submitted by stephendavion
stephendavion writes: China's smartphone market has contracted year-on-year for the first time in six years. According to IDC, Q1 2015 saw 98.8 million units shipped, a decline of 4 percent compared to the equivalent period last year. Compared to the previous quarter, the market saw a decline of 8 percent, which IDC attributed to a large inventory build-up at the end of 2014. The research showed that Apple was the top smartphone vendor in China in the quarter, with 14.5 million shipments. This represented year-on-year unit growth of 62.1 percent. Xiaomi followed with 13.5 million units and Huawei came in third with 11.2 million units. Most of these gains came at the expense of Samsung, the biggest loser in the quarter. The South Korean company saw its sales plummet 53 percent to 9.6 percent million. In Q1 2014 it was the biggest vendor, shifting a mighty 20.5 million units.

Submission + - Mirror, mirror on the wall: Smart mirrors boost sales (washingtontimes.com)

Submitted by ArianeBonnies
ArianeBonnies writes: This trend is a way stores aim to catch up to online rivals like Amazon.com that are able to gather information on which items shoppers browse and use that to recommend other products. The new technology that enables physical stores to collect much of the same data as online retailers raises privacy questions, but executives say customers are offered a choice and the data is protected.

Submission + - Add GitHub dorking to list of enterprise security concerns (itworld.com)

Submitted by chicksdaddy
chicksdaddy writes: IT World has a story today suggesting that GitHub may be a victim of its own success. Exhibit 1: "GitHub dorking:" the use of GitHub's powerful internal search engine to uncover security holes and sensitive data in published code repositories. (http://www.itworld.com/article/2921135/security/add-github-dorking-to-list-of-security-concerns.html)
In a nutshell: GitHub's runaway popularity among developers is putting employers and development shops in a tough spot. As the recent story about Uber accidentally publishing database administrator credentials in a public GitHub repository suggests, (http://arstechnica.com/security/2015/03/in-major-goof-uber-stored-sensitive-database-key-on-public-github-page/), it can be difficult even for sophisticated development organizations to grasp the nuances of how interactions with GitHub's public code repositories might work to undermine corporate security.

The ease with which developers can share and re-use code on GitHub is part of the problem, said Bill Ledingham, chief technology officer at Black Duck Software, which monitors some 300,000 open source software projects that use GitHub. Ledingham said leaked user credentials are inadvertent errors caused by developers too accustomed to the ease with which code can be borrowed, modified and resubmitted to GitHub.

"Developers in some cases are just taking the easiest path forward," he said. "They're checking in code or re-using it and not looking at some of these issues related to security."

Among the issues to watch out for are information leaks by way of vulnerabilities in GitHub.com or the GitHub API, leaks of intellectual property in published repositories and the leak of credentials and other shared secrets that could be used to compromise production applications.

Tools like the GitRob command line application developed by Michael Henriksen (http://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/) make it a simple matter to analyze all the public GitHub repositories associated with a particular organization. GitRob works by compiling the public repositories belonging to known employees of that firm, then flagging filenames in each repository that match patterns of known sensitive files.

Companies that are doing software development need to take an active interest in GitHub, determining which employees and contractors are using it and verifying that no proprietary code or sensitive information is leaking into the public domain.

Internally, data leak prevention products can identify and block the movement of proprietary code. Concerted education for developers about best practices and proper security hygiene when downloading and uploading code to shared and searchable source repositories can help prevent head slapping mistakes like the leak of database administrator credentials and private keys.

Submission + - Hacker given in-game death sentence (bbc.com)

Submitted by mpicpp
mpicpp writes: A character controlled by a hacker who used exploits to dominate online game Guild Wars 2 has been put to death in the virtual world.

The character, called DarkSide, was stripped then forced to leap to their death from a high bridge.
The death sentence was carried out after players gathered evidence about the trouble the hacker had caused.

This helped the game's security staff find the player, take over their account and kill them off.

Over the past three weeks many players of the popular multi-player game Guild Wars 2 have been complaining about the activities of a character called DarkSide. About four million copies of the game have been sold.

Via a series of exploits the character was able to teleport, deal massive damage, survive co-ordinated attacks by other players and dominate player-versus-player combat.
To spur Guild Wars' creator ArenaNet to react, players gathered videos of DarkSide's antics and posted them on YouTube.

The videos helped ArenaNet's security head Chris Cleary identify the player behind DarkSide, he said in a forum post explaining what action it had taken. Mr Cleary took over the account to carry out the punishment.
The video shows DarkSide being stripped to his underwear then made to leap from a high bridge in one of the game's cities. It also shows the character being deleted by Mr Cleary.

"Oh yah, he's also banned," he wrote. Several other accounts belonging to the same player have also been shut down.

Slashdot Top Deals

To the systems programmer, users and applications serve only to provide a test load.

Close