Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Submission + - Easy to exploit critical BIND DoS bug affects all DNS->

mask.of.sanity writes: Attackers now have the ability to disrupt large swathes of the web through a remote denial of service vulnerability found in the most widely used software for DNS servers. The BIND bug (CVE-2015-5477) patched overnight affects all DNS servers running the software, and can be attacked with ease. Attackers can send a crafted DNS query packet to trigger a REQUIRE assertion failure, causing BIND to exit.
Link to Original Source

Submission + - BBC reveals links censored by Google's Right To Be Forgotten->

Mark Wilson writes: Google's Right To Be Forgotten gives people the chance to request the removal of search results linking to pages that contain information they believe to be "inadequate, irrelevant or no longer relevant". Google says it rejects more requests than it complies with, but there is still concern that the company is not providing enough detail about what it is doing. There have been calls for greater transparency from the company about the censorship that is taking place.

The BBC has published a list of all of the stories from its own site that have been removed from Google search results. The corporation announced that it wanted to be clear with people about which links has been deleted and plans to update the list each month. It already extends to nearly 200 entries and the BBC explains that while the stories may no longer be shown by Google, they are still available uncensored on the BBC site.

Writing on the BBC Internet blog, Neil McIntosh says that the list was important to maintain the integrity of the BBC's online archives.

Link to Original Source

Submission + - Australia passes site-blocking legislation->

ausrob writes: Cementing their position as Australia's most backwards and dangerous government in recent memory comes this nasty bit of legislation, riddled with holes (which is nothing new for this decrepit Government): "The legislation allows rights holders to go to a Federal Court judge to get overseas websites, or "online locations", blocked that have the "primary purpose" of facilitating copyright infringement. If a rights holder is successful in their blocking request, Australian internet providers, such as Telstra and Optus, will need to comply with a judge's order by disabling access to the infringing location."
Link to Original Source

Submission + - British Government instituted 3-month deletion policy, apparently to evade FOIA->

An anonymous reader writes: In late 2004, weeks before Tony Blair’s Freedom of Information (FOI) act first came into force, Downing Street adopted a policy [http://www.ft.com/cms/s/0/d42d3c68-141d-11e5-abda-00144feabdc0.html — PAYWALLED] of automatically deleting emails more than three months old. The IT decision has resulted in a 'dysfunctional' system according to former cabinet officials, with Downing Street workers struggling to agree on the details of meetings in the absence of a correspondence chain. It is still possible to preserve an email by dragging it to local storage, but the relevance of mails may not be apparent at the time that the worker must make the decision to do so.

Former special adviser to Nick Clegg Sean Kemp said: "Some people delete their emails on an almost daily basis, others just try to avoid putting anything potentially interesting in an email in the first place,”

Link to Original Source

Submission + - Apple CORED: Boffins reveal password-killer 0days for iOS and OS X->

An anonymous reader writes: Six university researchers have revealed dangerous zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's keychain, break app sandboxes and bypass its App Store security checks so that attackers can steal passwords from any installed app including the native email client without being detected.

The team was able to upload malware to the Apple app store, passing the vetting process without triggering alerts that could raid the keychain to steal passwords for services including iCloud and the Mail app, and all those store within Google Chrome.

Lead researcher Luyi Xing says he and his team complied with Apple's request to withhold publication of the research for six months, but had not heard back as of the time of writing. [Paper] [video demos]

Link to Original Source

Submission + - NSA Planned to Hijack Google App Store to Hack Smartphones->

Advocatus Diaboli writes: "The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals. The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia."

"The newly published document shows how the agencies wanted to “exploit” app store servers – using them to launch so-called “man-in-the-middle” attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones."

Link to Original Source

Submission + - Linux Dev's Purported 4096 bit RSA Key Factored 1 1

An anonymous reader writes: A PGP subkey for Kernel developer Peter Anvin from a public Sks Keyserver was discovered to be divisible by 3. The weak key was discovered by a web service which calls itself the Phuctor which has since factored two other keys as a chews on an sks keyserver dump. Whether the key was generated weak or if it was strong before becoming corrupted on a keyserver it is extremely troubling that such a weak key representing such an important Linux developer could be served.

Submission + - Ask Slashdot best way to solve a unique networking issue

petro-tech writes: I work as a service technician, maintaining and repairing gas pumps and POS equipment.

In my day to day activities, one that consumes a ton of time and is relatively regular is the process of upgrading the software on pumps.
This is done by connecting to the pump via direct ethernet from my laptop, then running a manufacturer provided program that connects to the device and pushes the new software.

Some sites have 8+ pumps with 2 devices in each, and at 20-30 minutes apiece this can be quite time consuming.

Unfortunately the devices are not actually on a network, and as such cannot be updated remotely, also since they are not on a network, they are all configured with the same IP address. Additionally the software doesn't allow you to specify the adapter to use.

I would like to be able to get to a site, connect a cable to each pump, and load them all at the same time.

The only way I can figure to accomplish this with the software we've been provided is to do this:

Get a 16 port powered usb hub, with a usb-ethernet adaptor in each port. Set up 16 VM's with extremely stripped down XP running on each, with only one usb-ethernet adaptor assigned to each VM. Set xp to boot the application for loading software as its shell. and load each device that way at the same time.

Is there a better way to accomplish this?

Submission + - MenuetOS, an operating system written entirely in assembly, hits 1.0->

angry tapir writes: MenuetOS, a GUI-toting, x86-based operating system written entirely in assembly language that's super-fast and can fit on a floppy disk, has hit version 1.0 — after almost a decade and a half of development. (And yes, it can run Doom). I caught up with its developers to talk about the operating system and what comes next for it.
Link to Original Source

Submission + - DSLreports new bufferbloat test->

mtaht writes: While I have long advocated using professional tools like netperf-wrapper's rrul test suite to diagnose and fix your bufferbloat issues, there has long been a need for a simpler web based test for it. Now dslreports has incorporated bufferbloat testing in their speedtest. What sort of bloat do slashdot readers experience? Give the test a shot at http://www.dslreports.com/speedtest

Has anyone here got around to applying fq_codel against their bloat?

Link to Original Source

Submission + - Is iPhone's Lack of FM Support Increasing Your Chances of Dying in a Disaster?

theodp writes: "You may not know it," reports NPR's Emma Bowman, "but most of today's smartphones have FM radios inside of them. But the FM chip is not activated on two-thirds of devices. That's because mobile makers have the FM capability switched off. The National Association of Broadcasters has been asking mobile makers to change this. But the mobile industry, which profits from selling data to smartphone users, says that with the consumer's move toward mobile streaming apps, the demand for radio simply isn't there." But FEMA Administrator Craig Fugate says radio-enabled smartphones could sure come in handy during times of emergency. So, is it irresponsible not to activate the FM chips? And should it's-the-app-way-or-the-highway Apple follow Microsoft's lead and make no-static-at-all FM available on iPhones?

Submission + - Who is Discouraging Women From STEM Careers?->

Press2ToContinue writes: Having worked in a STEM field (computer programming) for over a quarter of a century, I have found the idea that girls are discouraged from entering STEM fields to be curious. It certainly didn't line up with my experience in the industry. Schools have been pushing girls into math and science, not discouraging them. In my experience technology companies have been bending over backwards and jumping through hoops to get more women into IT (information technology). From programs aimed at getting high school students involved in technology to hiring decisions, there has always been a blunt, out-in-the-open emphasis on getting more women into IT.

So, if it's not “the patriarchy” pushing women down and denying them a chance to enter technology fields, what does account for women being underrepresented in technology fields? After a little research into personality types and career fields, I think I found the answer.

The Myers-Briggs personality test places people into 16 personality type categories. One researcher surveyed computer programmers to determine what personality types were represented. I compared how common the personality types were among programmers compared to how common they were in the general population, and although there is always room for error, a clear pattern emerged from my analysis placing programmers, men, and women, into a clearer picture for me to understand their under-representation.

Link to Original Source

Submission + - Columbia University doctors ask for Dr. Mehmet Oz's dismissal from faculty

circletimessquare writes: Dr. Mehmet Oz serves as vice chairman of Columbia University Medical Center's department of surgery. He is a respected cardiothoracic surgeon but his television show has been accused of pushing snake oil. Now other doctors at Columbia University want Dr. Oz kicked off the medical school faculty. Dr. Oz has responded on his Facebook account: 'I bring the public information that will help them on their path to be their best selves. We provide multiple points of view, including mine which is offered without conflict of interest. That doesn't sit well with certain agendas which distort the facts. For example, I do not claim that GMO foods are dangerous, but believe that they should be labeled like they are in most countries around the world.' In their letter, the doctors accuse Dr. Oz of quackery: 'Dr. Oz has repeatedly shown disdain for science and for evidence-based medicine, as well as baseless and relentless opposition to the genetic engineering of food crops. Worst of all, he has manifested an egregious lack of integrity by promoting quack treatments and cures in the interest of personal financial gain.'

Submission + - An alternative to SoundCloud, MixCloud and similar services->

blogologue writes: I've been creating music and doing cover songs the last couple of years, but have run into some issues when it comes to sharing the things I've created. Basically I can't find a place where I can share cover songs, adaptations etc. of existing works and still keep control of what I've created (details here). Does anyone have suggestions on what one can do?
Link to Original Source

How can you do 'New Math' problems with an 'Old Math' mind? -- Charles Schulz

Working...