electronic convict - Slashdot User

Submission + - National Security Letter Issuance Likely Headed to Supreme Court (threatpost.com)

Submitted by Gunkerty Jeb on Thursday October 09, 2014 @11:32AM

Gunkerty Jeb writes: The Ninth Circuit appeals court in San Francisco took oral arguments from the Electronic Frontier Foundation and the Department of Justice yesterday over the constitutionality of National Security Letters and the gag orders associated with them. The EFF defended a lower court's ruling that NSLs are unconstitutional, while the DoJ defended a separate ruling that NSLs can be enforced. Whatever the court rules, the issue of NSLs is all but certainly headed for the Supreme Court in the not too distant future.

Submission + - The malware of the future may come bearing real gifts (thestack.com)

Submitted by Anonymous Coward on Wednesday October 08, 2014 @04:00PM

An anonymous reader writes: Research by Prof. Giovanni Vigna of the University of California leads him to believe that the malware of the future will come in a friendly form, be genuinely useful and may not reveal its intentions for a protracted period of time.

Prof. Vigna, speaking at IP Expo in London, outlined a fearful future of 'mimicry' in evolved strains of malware. In the current stage of the war between malware and security researchers, the emphasis is almost entirely on the attempt to convince increasingly intelligent — and increasingly suspicious — malware that it is operating in a bare-metal environment when it is in fact in a sandbox or VM environment.

For the malware, the stakes are tremendously high — if it has reached the point of OS-level execution without its hash being indexed and red-flagged by online security databases, it cannot afford to reveal its intentions in a test environment. This article outlines the extraordinary game of cat-and-mouse being played between researchers and hackers, and how future malware exploits are likely to abandon a rush for the buffer overflow in favour of 'the long game' — and to make themselves useful in the process.

Submission + - Tesla's Starting A Certified Preowned Program

Submitted by cartechboy on Tuesday October 07, 2014 @01:01PM

cartechboy writes: Name a luxury automaker that doesn't have a Certified Previously Owned (CPO) program. Go ahead, I'll wait. That's right, you can't really name one can you. Tesla isn't like a normal luxury automakers, in fact, it's not really like any automaker out there. It doesn't have franchises and it sells its own vehicles through its network of galleries. It seems the Silicon Valley start-up sees the light, or rather, the profit potential, as it plans to create its own CPO program. It seems there's a great deal of Model S sedans out there currently under lease contracts. When those cars are ready to come back, Tesla has guaranteed that it will purchase them for a figure that falls somewhere between 43 and 50 percent of the original purchase price. This is exactly how Tesla's going to create its CPO fleet. Tesla seems to do everything in an unconventional manner, so we'll have to see if its CPO program is like every other automakers, or if it blazes its own path in this area as well.

Submission + - MIT Thinks It Has Discovered the 'Perfect' Solar Cell (vice.com)

Submitted by Daniel_Stuckey on Thursday October 02, 2014 @11:50AM

Daniel_Stuckey writes: A new MIT study offers a way out of one of solar power's most vexing problems: the matter of efficiency, and the bare fact that much of the available sunlight in solar power schemes is wasted. The researchers appear to have found the key to perfect solar energy conversion efficiency—or at least something approaching it. It's a new material that can accept light from an very large number of angles and can withstand the very high temperatures needed for a maximally efficient scheme.

Conventional solar cells, the silicon-based sheets used in most consumer-level applications, are far from perfect. Light from the sun arrives here on Earth's surface in a wide variety of forms. These forms—wavelengths, properly—include the visible light that makes up our everyday reality, but also significant chunks of invisible (to us) ultraviolet and infrared light. The current standard for solar cells targets mostly just a set range of visible light.

Submission + - Why Microsoft skipped Windows 9

Submitted by Bizzeh on Thursday October 02, 2014 @10:50AM

Bizzeh writes: Microsoft may not be everybody's favorite company, but they are the kings of backwards compatibility. When testing what was Windows 9 (and is now Windows 10). It seems like they came across some compatibility issues from the Windows 9x days. Mentioned by Mikko Hypponen on twitter (https://twitter.com/mikko/status/517358472715710465), quite a lot of products test the version string with "indexOf("windows 9")". Using searchcode, we can see what he means. https://searchcode.com/?q=if(v...

Submission + - UK legalises music, film and e-book back-ups (bbc.com)

Submitted by rastos1 on Thursday October 02, 2014 @06:44AM

rastos1 writes: A law has come into effect that permits UK citizens to make copies of CDs, MP3s, DVDs, Blu-rays and e-books. Consumers are allowed to keep the duplicates on local storage or in the cloud.
While it is legal to make back-ups for personal use, it remains an offence to share the data with friends or family. Users are not allowed to make recordings of streamed music or video from Spotify and Netflix, even if they subscribe to the services.
Thirteen years after iTunes launched, it is now legal to use it to rip CDs in the UK.

Submission + - LTE Upgrade Will Let Phones Connect To Nearby Devices Without Towers (technologyreview.com)

Submitted by Anonymous Coward on Monday September 29, 2014 @06:44PM

An anonymous reader writes: A new feature being added to the LTE protocol that smartphones use to communicate with cellular towers will make it possible to bypass those towers altogether. Phones will be able to “talk” directly to other mobile devices and to beacons located in shops and other businesses. Known as LTE Direct, the wireless technology has a range of up to 500 meters, far more than either Wi-Fi or Bluetooth. It is included in update to the LTE standard slated for approval this year, and devices capable of LTE Direct could appear as soon as late 2015. ... Researchers are, for example, testing LTE Direct as a way to allow smartphones to automatically discover nearby people, businesses, and other information.

Submission + - Bash shell vulnerable to attack

Submitted by JediJeremy on Thursday September 25, 2014 @11:25AM

JediJeremy writes: Several sources are reporting that there has been a vulnerability discovered in the bash shell, with some estimates that this could affect more systems than Heartbleed. From the Red Hat article
The vulnerability arises from the fact that you can create environment variables with specially-crafted values before calling the bash shell. These variables can contain code, which gets executed as soon as the shell is invoked. The name of these crafted variables does not matter, only their contents. As a result, this vulnerability is exposed in many contexts

Submission + - Ask Slashdot: Is reporting still relevant? (nabble.com)

Submitted by MrWHO on Thursday September 25, 2014 @10:47AM

MrWHO writes: A while ago we switched for monitoring our systems to the ELK (ElasticSearch, LogStash and Kibana) stack. Our management wanted to keep the reports they got — and possibly never read — flowing in at the beginning of every week with statistics like sites traffic, servers downtime, security alerts and the works. As we migrated some of our clients to the same stack they kept all asking for the same thing: reporting.

There was no way for us to create and schedule reports from ElasticSearch — searches for ElasticSearch and Jasper Reports returned nothing apart from people asking how to do it — so we created our own Jasper Reports plugin to create reports from ElasticSearch data, which we released on GitHub a while ago, and we promptly moved along.

None of our clients were easily convinced that a dashboard — Kibana — was a substitute for mail delivered PDFs, even if all the information was there, with custom created panels and selectable date ranges. On the other hand in on the elastic search mailing list when questions were asked about "how do I do reports" the answer was, and I sum it up here, "Why would you want reports when you have a dashboard?".

What I am asking the Slashdot crowd is: are reports still relevant — the PDF, templated, straight in to your mail kind — or the subset of my clients — we operate mainly in Italy — is a skewed sample of what's the actual reality of access to summary data? Are dashboards — management targeted ones — the current accepted solution or — in your experience — reports are still a hot item for management?

Submission + - Significant BASH vulnerability found (us-cert.gov) 2

Submitted by SpuriousLogic on Thursday September 25, 2014 @10:22AM

SpuriousLogic writes: US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.

US-CERT recommends users and administrators review the Redhat Security Blog (link is external) for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A GNU Bash patch is also available for experienced users and administrators to implement.
Operating systems with updates include:
CentOS
Debian
Redhat (link is external)
Ubuntu

Submission + - 'Space bubbles' may have led to deadly battle in Afghanistan (sciencemag.org)

Submitted by sciencehabit on Tuesday September 23, 2014 @05:16PM

sciencehabit writes: A new study reveals that one of the bloodiest battles for U.S. forces in Afghanistan may have been caused by "space bubbles". In early 2002, a rescue mission went awry because a U.S. command post was unable to radio one of its helicopters about mistaken coordinates. The chopper ended up being shot down by the same al-Qaida forces that necessitated the rescue mission in the first place. Now scientists say that turbulent pockets of ionized gas may have deflected the military satellite radio signals enough to cause temporary communications blackouts in the region--and thus prevented the warning from getting to the rescue helicopter. The mission turned into a 17-hour firefight, costing seven lives.

Submission + - The sexual threats against Emma Watson are an attack on every woman (vox.com)

Submitted by Lasrick on Tuesday September 23, 2014 @03:18PM

Lasrick writes: This is an important read. If the speech that Emma Watson gave to the United Nations gathering on September 21st can cause such misogyny, then the very act of women speaking will cause it (which seems to be the case when it comes to the internet). 'Emma Watson makes a wonderful UN Goodwill Ambassador. If the campaign she champions is successful, she will have done tremendous good in the world. There is nothing about her private, consensual sexual life that has any bearing on the value of her work, the validity of her feminist views, or her integrity as a person. If her stolen nude photos are leaked on the internet in retaliation for her work, that will not mean that she was irresponsible or reckless, it will mean that she is brave. Regardless of whether any photos are released, the threats against Watson are already an attack on all of us. And we should all take it personally.'

Comment Note to mods (Score 1) 1

by electronic convict on Tuesday September 23, 2014 @03:14PM (#47976793) Attached to: Apple's TouchID Fingerprint Scanner: Still Hackable

Rogers only tested the iPhone 6 sensor, not the 6 Plus. His reference to "both devices" is to the 5S and the 6. Apologies for the hurried reading of his post.

Submission + - Apple's TouchID Fingerprint Scanner: Still Hackable (lookout.com) 1

Submitted by electronic convict on Tuesday September 23, 2014 @02:43PM

electronic convict writes: A year ago, security researcher Marc Rogers demonstrated how to spoof the TouchID sensor in the iPhone 5S using some Elmer's glue and glycerol — oh, and a high resolution camera and a laser printer.

Has TouchID security improved at all on the iPhone 6 and 6 Plus? Not really, Rogers reports in his latest post, in which he again hacks the latest TouchID sensors using the same method as before. 'Fake fingerprints created using my previous technique were able to readily fool both devices,' he reports.

Rogers, however, says there's no reason to panic, as the attack requires substantial skill, patience and a good clear fingerprint. . As he writes: 'We use locks on our doors to keep criminals out not because they are perfect, but because they are both convenient and effective enough to meet most traditional threats.'

Submission + - Big bang finding from earlier this year may be dead (sciencemag.org)

Submitted by sciencehabit on Tuesday September 23, 2014 @02:35PM

sciencehabit writes: A beleaguered claim that appeared to reveal the workings of the big bang may instead say more about how science is done in an age of incessant news coverage. In March, researchers working with a specialized telescope at the South Pole, known as BICEP2, reported extremely faint pinwheel-like swirls in the afterglow of the big bang—the so-called cosmic microwave background (CMB). They claimed they had found traces of gravitational waves rippling through the infant universe—direct evidence that the newborn cosmos had undergone a bizarre exponential growth spurt known as inflation. But the supposed signal might have been emitted by warm dust within our own galaxy, others argued. Now, data from the European Space Agency's Planck spacecraft show that dust accounts for some, and possibly all, of the BICEP signal.

Slashdot Top Deals