Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Networking

Hacking USB Firmware 97

Posted by timothy from the fun-profit-what's-the-difference dept.
An anonymous reader writes Now the NSA isn't the only one who can hack your USB firmware: "In a talk at the Derbycon hacker conference in Louisville, Kentucky last week, researchers Adam Caudill and Brandon Wilson showed that they've reverse engineered the same USB firmware as Nohl's SR Labs, reproducing some of Nohl's BadUSB tricks. And unlike Nohl, the hacker pair has also published the code for those attacks on Github, raising the stakes for USB makers to either fix the problem or leave hundreds of millions of users vulnerable." Personally, I always thought it was insane that USB drives don't come with physical write-protect switches to keep them from being infected by malware. (More on BadUSB here.)

Submission + - Google Threatened With $100M Lawsuit Over Nude Celebrity Photos

Submitted by Dave Knott
Dave Knott writes: A Los Angeles lawyer representing over a dozen female celebrities, is threatening to sue Google for $100 million US over nude photos leaked online from personal iCloud accounts. The law firm Lavely & Singer accuses the web giant of "accommodating, facilitating and perpetuating" the distribution of the photos when it failed to remove the images from its search results. The stars involved in the law firm's action were not named, but the law firm alleges many of their photos still exist on Google sites like BlogSpot and YouTube four weeks after the firm ordered them taken down.
Science

MIT Study Outlines a 'Perfect' Solar Cell 110

Posted by timothy from the liberal-in-what-it-accepts dept.
Daniel_Stuckey writes A new MIT study offers a way out of one of solar power's most vexing problems: the matter of efficiency, and the bare fact that much of the available sunlight in solar power schemes is wasted. The researchers appear to have found the key to perfect solar energy conversion efficiency—or at least something approaching it. It's a new material that can accept light from an very large number of angles and can withstand the very high temperatures needed for a maximally efficient scheme. Conventional solar cells, the silicon-based sheets used in most consumer-level applications, are far from perfect. Light from the sun arrives here on Earth's surface in a wide variety of forms. These forms—wavelengths, properly—include the visible light that makes up our everyday reality, but also significant chunks of invisible (to us) ultraviolet and infrared light. The current standard for solar cells targets mostly just a set range of visible light.

Feed Google News Sci Tech: Lamborghini creates 910-horsepower plug-in supercar - USA TODAY (google.com)

From feed by feedfeeder

USA TODAY
Lamborghini creates 910-horsepower plug-in supercar
USA TODAY
Lamborghini may have stolen the show -- the Paris Motor Show -- with a new plug-in hybrid supercar concept. The Lamborgini Asterion LPI 910-4 wears its horsepower rating in its name -- 910. Able to rocket from a stop to 62 miles per hour in three seconds,...
Lamborghini reveals 910-hp hybrid AsterionMarketWatch
Lamborghini's hybrid high hopesTelegraph.co.uk
Lamborghini reveals its first ever hybridStuff.co.nz
New York Times-TIME-Metro
all 147 news articles

Submission + - Senators Threaten to Rescind NFL Antitrust Exemption

Submitted by Anonymous Coward
An anonymous reader writes: In response to the FCC's discontinuation of rules that support the NFL's blackout policies, the NFL issued a statement indicating that it would nevertheless continue to enforce its blackout policies through its private contract negotiations with local networks. On Wednesday, however, Senators John McCain (R-AZ) and Richard Blumenthal (D-CT) announced a bill that would rescind the antitrust exemption that enables the NFL to demand blackouts in the first place and formally warned the NFL to abandon blackouts altogether. The antitrust exemption gives sports leagues "legal permission to conduct television-broadcast negotiations in a way that otherwise would have been price collusion" and further allowed the formation of the NFL from two separate leagues. Meanwhile, the NFL enjoys a specialized tax status and direct monetary support from taxpayers to build arenas and stadiums.
Communications

User Error Is the Primary Weak Point In Tor 70

Posted by timothy from the setting-aside-whether-you-like-particular-users dept.
blottsie (3618811) writes with a link to the Daily Dot's "comprehensive analysis of hundreds of police raids and arrests made involving Tor users in the last eight years," which explains that "the software's biggest weakness is and always has been the same single thing: It's you." A small slice: In almost all the cases we know about, it’s trivial mistakes that tend to unintentionally expose Tor users. Several top Silk Road administrators were arrested because they gave proof of identity to Dread Pirate Roberts, data that was owned by the police when Ulbricht was arrested. Giving your identity away, even to a trusted confidant, is always huge mistake. A major meth dealer’s operation was discovered after the IRS started investigating him for unpaid taxes, and an OBGYN who allegedly sold prescription pills used the same username on Silk Road that she did on eBay. Likewise, the recent arrest of a pedophile could be traced to his use of “gateway sites” (such as Tor2Web), which allow users to access the Deep Web but, contrary to popular belief, do not offer the anonymizing power of Tor. "There's not a magic way to trace people [through Tor], so we typically capitalize on human error, looking for whatever clues people leave in their wake," James Kilpatrick, a Homeland Security Investigations agent, told the Wall Street Journal.

Feed Techdirt: Sheriff Slams EFF As 'Not Credible,' Insists ComputerCOP Isn't Malware & Wou (google.com)

From feed by feedfeeder
Okay, so we thought the response from San Diego's District Attorney Bonnie Dumanis was pretty bad to the revelations about ComputerCOP. After all, she was responding to the news that she had purchased and distributed dangerous spyware masquerading as software to "protect the children" -- and the best she could come up with was that her "security" people still thought it would protect kids? But apparently Damanis has nothing on Sheriff Mike Blakely of Limestone County, Alabama.

Blakely, in a bit of unfortunate timing, just announced that his department had purchased 5,000 copies of the spyware earlier this week, so perhaps it's understandable that this "perfect election and fundraising tool" might actually turn into something of a liability. But Blakely's not going down without a fight. When presented with the news that he's proudly handing out tools that are making the children he's supposed to be protecting less safe, Blakely went with an ad hom the messenger approach, attacking EFF's credibility, and calling them "liberals."

Blakely referred to the EFF criticism politics as an "Ultra-liberal organization that is not in any way credible on this. They're more interested in protecting predators and pedophiles than in protecting our children."
Anyone even remotely familiar with EFF recognizes that basically every word in that statement is ridiculous, but what are you going to do? The idea that EFF isn't credible on security issues is laugh out loud funny (and, indeed, despite attending a conference and being in a room full of people, I literally laughed out loud upon reading it). However, Blakely insists his IT people are sure the software's fine:

"We have had the key logger checked out with our IT people. They have run it on our computer system." He said. "There is no malware."
Reread that a few times. "We had the key logger checked out... there is no malware." Dude. A keylogger is malware. That's what it does. From the description here, it sounds like his "IT people" ran some anti-malware software on the computer they installed ComputerCOP on, and because it didn't flag it, they insist it's not malware. But a keylogger is malware by definition. And the fact that this malware happens to pass unencrypted text, including passwords and credit card numbers, over the internet makes it really, really bad.

But don't tell that to Sheriff Blakely. He insists that ComputerCOP might have stopped Columbine. I'm not joking.

On the phone Wednesday he added "There are some parents out in Columbine Colorado, if they had this kind of software, things would have turned out differently."
That comment is so off it defies a coherent response.

Meanwhile, I'm sure that Sheriff Blakely's "IT People" are trustworthy, given that his website looks like it was designed in 1997 and hasn't been touched since. It even has a visitor counter and a "this site best viewed in Internet Explorer" badge. I'm not joking. And a scroll. The only thing it's missing is an under construction gif and the blink tag: And, uh, note that text there:

You are not permitted to copy, broadcast, download, store (in any medium), transmit, show or play in public, adapt or change in any way, the content of these web pages for any other purpose whatsoever without the prior written permission of the site webmaster.
And there's a copyright notice below it. Of course, anyone who views the website has copied, downloaded, stored and transmitted the webpage in some manner -- so, I'm not quite sure what to do other than to say, that most of those demands are completely bogus and not based on any actual law. As for the copyright -- well, while technically only federal government works are exempt from copyright, and state and local governments can get a copyright in some fashion, it's generally not considered the appropriate role of government officials to be copyrighting official government works. Furthermore, in such cases, there would likely be a very strong presumption of fair use for a whole host of reasons.

Oh, but it gets worse. Not only are you not supposed to copy any of the text on Sheriff Blakely's website, the terms of service on his website say he might put you in jail if you do:

The unauthorized use, copy, or reproduction of any content of this site inclusive, may be punishable by both fine and imprisonment.
Under what legal theory is that happening? As a sheriff, aren't you supposed to, you know, actually know what the law is? Maybe work on that before slamming the good folks at EFF while distributing dangerous spyware that makes kids less safe. And find someone who's built a website in the last decade.

Permalink | Comments | Email This Story








Social Networks

Online Creeps Inspire a Dating App That Hides Women's Pictures 482

Posted by timothy from the long-walks-on-the-beach dept.
HughPickens.com (3830033) writes "Tricia Romano reports at the Seattle Times that Susie Lee and Katrina Hess have developed Siren, a new online dating app designed to protect against men inundating women with messages that are by turns gross, hilarious, objectifying and just plain sad. A 2012 experiment by Jon Millward, a data journalist, found that women were messaged 17 times more than men; the best-looking woman received 536 messages in four months, while the best-looking guy received only 38. Lee hopes to change the nature of the messages and put women in the driver's seat. As online dating options have grown, Lee noticed that her friends' frustration did, too: With every good introduction often came a slew of lewd ones. "I just started looking (at online dating options) and very quickly realized how many things are out there and how immediately my 'creepy meter' went up," Lee says. The free iPhone app, currently launched to a select market in Seattle in August, allows women to peruse men's pictures and their answers to the "Question of the Day" ("You found a magic lamp and get three wishes. What are they?") and view their Video Challenges ("Show us a hidden gem in Seattle"). If a woman is suitably impressed by a man's answers, she can make herself visible to him. Only then can he see what she looks like. "It's a far more thoughtful — and cautious — approach than the one taken by the dating app of the moment, Tinder, which is effectively a "hot or not" game, with little information beyond a few photos, age and volunteered biographical tidbits," writes Romano. "And the implicit notion that it's a "hookup" app can be uncomfortable for some women." OK Cupid's stats as illustrated by co-founder Christian Rudder give another example of how steep the curve is, when it comes to physical attractiveness vs. messages received on online dating sites.
Networking

Ask Slashdot: Is It Worth Being Grandfathered On Verizon's Unlimited Data Plan? 209

Posted by timothy from the grandfather-is-a-verb dept.
An anonymous reader writes I understand a lot of people dislike Verizon in general, but assuming for a moment that they were your only option for a cellular service provider, is staying on their grandfathered unlimited data plan still worth it? Their recent announcement to not throttle traffic is inpiring, but I just don't know the long-term benefits of staying on this plan. I fear there is a tipping point where enough people will swap over to a metered plan and Verizon will ultimately abandon the unlimited altogether and assume the risk of losing a percentage of those remaining folks, at which point all of us who bought unsubsidized phones will have wasted the money doing so. Does anyone have any insight on this? Useful answers to this should take into account the problem with the question of "How long is a piece of string?" Give some context about how much you pay, and how much you use -- and how much that would change if the price were different.

Submission + - The extensive security behind Apple Pay (tuaw.com)

Submitted by Anonymous Coward
An anonymous reader writes: With Apple Pay slated to go live later this month, one can soon expect to see an avalanche of fear mongering from pundits who, like PayPal, will question the wisdom of trusting Apple with user credit card information.

The reality, though, is that Apple Pay is an exceedingly secure mobile payment platform. In fact, it may very well be the safest way to make any type of credit card payment.

Apple Pay relies on an emerging tokenization standard whereby merchants never touch a user's credit card data. What's more, credit card information is never stored on the iPhone nor on Apple's servers. Additionally, Apple, along with banks and credit card networks, have implemented multiple layers of security and encryption mechanisms to ensure that Apple Pay transactions remain free from prying eyes.

Here's how the whole system works.

Submission + - Satellites reveal hidden features at the bottom of Earth's seas (sciencemag.org)

Submitted by sciencehabit
sciencehabit writes: Oceanographers have a saying: Scientists know more about the surface of Mars than they do about the landscape at the bottom of our oceans. But that may soon change. Using data from satellites that measure variations in Earth’s gravitational field, researchers have found a new and more accurate way to map the sea floor. The improved resolution has already allowed them to identify previously hidden features—including thousands of extinct volcanoes more than 1000 meters tall—as well as piece together some lingering uncertainties in Earth’s ancient history.
Software

End of an Era: After a 30 Year Run, IBM Drops Support For Lotus 1-2-3 156

Posted by timothy from the final-death-knell-is-the-best-one dept.
klubar writes Although it has been fading for years, the final death knell came recently for the iconic Lotus 1-2-3. In many ways, Lotus 1-2-3 launched the PC era (and ensured the Apple II success), and once was a serious competitor for Excel (and prior to that Multiplan and VisiCalc). Although I doubt if anyone is creating new Lotus 1-2-3 spreadsheets, I'm sure there are spreadsheets still being used who trace their origin to Lotus 1-2-3, and even Office 2013 still has some functions and key compatibility with Lotus 1-2-3. Oh, how far the mighty have fallen.

Submission + - Shellshock Proves It: CGI Must Die 1

Submitted by snydeq
snydeq writes: Remember that incredibly stupid thing you did a decade or two ago? You wouldn't want to live it down every day. Neither should the Internet, writes Andrew C. Oliver, putting CGI squarely in the cross hairs, thanks to Shellshock. 'Frankly, this nasty bug in Bash should not be a big deal — and wouldn’t be if it weren’t for CGI, one of the most widespread, terrible ideas ever invented. ... If not for CGI, this bug would be a minor privilege escalation path for users with permissions to kick off shell scripts as root (or other more privileged users). It would not be an “oh, did someone break the Internet again?”-level threat. The issue is that CGI exposes the HTTP headers as environment variables, and since Bash may be kicking off your shell script, anyone on the Internet can do it.'
Windows

Lost Opportunity? Windows 10 Has the Same Minimum PC Requirements As Vista 554

Posted by timothy from the such-small-portions dept.
MojoKid writes Buried in the details of Microsoft's technical preview for Windows 10 is a bit of a footnote concerning the operating system's requirements. Windows 10 will have exactly the same requirements as Windows 8.1, which had the same requirements as Windows 8, which stuck to Windows 7 specs, which was the same as Windows Vista. At this point, it's something we take for granted with future Windows release. As the years roll by, you can't help wondering what we're actually giving up in exchange for holding the minimum system spec at a single-core 1GHz, 32-bit chip with just 1GB of RAM. The average smartphone is more powerful than this these days. For decades, the standard argument has been that Microsoft had to continue supporting ancient operating systems and old configurations, ignoring the fact that the company did its most cutting-edge work when it was willing to kill off its previous products in fairly short order. what would Windows look like if Microsoft at least mandated a dual-core product? What if DX10 — a feature set that virtually every video card today supports, according to Valve's Steam Hardware Survey, became the minimum standard, at least on the x86 side of the equation? How much better might the final product be if Microsoft put less effort into validating ancient hardware and kicked those specs upwards, just a notch or two? If Microsoft did raise the specs a notch or two with each release, I think there'd be some justified complaints about failing to leave well enough alone, at least on the low end.

Slashdot Top Deals

If you have a procedure with 10 parameters, you probably missed some.

Close