Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

+ - NSA Planned to Hijack Google App Store to Hack Smartphones->

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: "The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals. The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia."

"The newly published document shows how the agencies wanted to “exploit” app store servers – using them to launch so-called “man-in-the-middle” attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones."

Link to Original Source

+ - Ask Slashdot best way to solve a unique networking issue

Submitted by petro-tech
petro-tech writes: I work as a service technician, maintaining and repairing gas pumps and POS equipment.

In my day to day activities, one that consumes a ton of time and is relatively regular is the process of upgrading the software on pumps.
This is done by connecting to the pump via direct ethernet from my laptop, then running a manufacturer provided program that connects to the device and pushes the new software.

Some sites have 8+ pumps with 2 devices in each, and at 20-30 minutes apiece this can be quite time consuming.

Unfortunately the devices are not actually on a network, and as such cannot be updated remotely, also since they are not on a network, they are all configured with the same IP address. Additionally the software doesn't allow you to specify the adapter to use.

I would like to be able to get to a site, connect a cable to each pump, and load them all at the same time.

The only way I can figure to accomplish this with the software we've been provided is to do this:

Get a 16 port powered usb hub, with a usb-ethernet adaptor in each port. Set up 16 VM's with extremely stripped down XP running on each, with only one usb-ethernet adaptor assigned to each VM. Set xp to boot the application for loading software as its shell. and load each device that way at the same time.

Is there a better way to accomplish this?

+ - Linux Dev's Purported 4096 bit RSA Key Factored 1

Submitted by Anonymous Coward
An anonymous reader writes: A PGP subkey for Kernel developer Peter Anvin from a public Sks Keyserver was discovered to be divisible by 3. The weak key was discovered by a web service which calls itself the Phuctor which has since factored two other keys as a chews on an sks keyserver dump. Whether the key was generated weak or if it was strong before becoming corrupted on a keyserver it is extremely troubling that such a weak key representing such an important Linux developer could be served.

+ - MenuetOS, an operating system written entirely in assembly, hits 1.0->

Submitted by angry tapir
angry tapir writes: MenuetOS, a GUI-toting, x86-based operating system written entirely in assembly language that's super-fast and can fit on a floppy disk, has hit version 1.0 — after almost a decade and a half of development. (And yes, it can run Doom). I caught up with its developers to talk about the operating system and what comes next for it.
Link to Original Source

+ - DSLreports new bufferbloat test->

Submitted by mtaht
mtaht writes: While I have long advocated using professional tools like netperf-wrapper's rrul test suite to diagnose and fix your bufferbloat issues, there has long been a need for a simpler web based test for it. Now dslreports has incorporated bufferbloat testing in their speedtest. What sort of bloat do slashdot readers experience? Give the test a shot at http://www.dslreports.com/speedtest

Has anyone here got around to applying fq_codel against their bloat?

Link to Original Source

+ - Is iPhone's Lack of FM Support Increasing Your Chances of Dying in a Disaster?

Submitted by theodp
theodp writes: "You may not know it," reports NPR's Emma Bowman, "but most of today's smartphones have FM radios inside of them. But the FM chip is not activated on two-thirds of devices. That's because mobile makers have the FM capability switched off. The National Association of Broadcasters has been asking mobile makers to change this. But the mobile industry, which profits from selling data to smartphone users, says that with the consumer's move toward mobile streaming apps, the demand for radio simply isn't there." But FEMA Administrator Craig Fugate says radio-enabled smartphones could sure come in handy during times of emergency. So, is it irresponsible not to activate the FM chips? And should it's-the-app-way-or-the-highway Apple follow Microsoft's lead and make no-static-at-all FM available on iPhones?

+ - Who is Discouraging Women From STEM Careers?->

Submitted by Press2ToContinue
Press2ToContinue writes: Having worked in a STEM field (computer programming) for over a quarter of a century, I have found the idea that girls are discouraged from entering STEM fields to be curious. It certainly didn't line up with my experience in the industry. Schools have been pushing girls into math and science, not discouraging them. In my experience technology companies have been bending over backwards and jumping through hoops to get more women into IT (information technology). From programs aimed at getting high school students involved in technology to hiring decisions, there has always been a blunt, out-in-the-open emphasis on getting more women into IT.

So, if it's not “the patriarchy” pushing women down and denying them a chance to enter technology fields, what does account for women being underrepresented in technology fields? After a little research into personality types and career fields, I think I found the answer.

The Myers-Briggs personality test places people into 16 personality type categories. One researcher surveyed computer programmers to determine what personality types were represented. I compared how common the personality types were among programmers compared to how common they were in the general population, and although there is always room for error, a clear pattern emerged from my analysis placing programmers, men, and women, into a clearer picture for me to understand their under-representation.

Link to Original Source

+ - Columbia University doctors ask for Dr. Mehmet Oz's dismissal from faculty

Submitted by circletimessquare
circletimessquare writes: Dr. Mehmet Oz serves as vice chairman of Columbia University Medical Center's department of surgery. He is a respected cardiothoracic surgeon but his television show has been accused of pushing snake oil. Now other doctors at Columbia University want Dr. Oz kicked off the medical school faculty. Dr. Oz has responded on his Facebook account: 'I bring the public information that will help them on their path to be their best selves. We provide multiple points of view, including mine which is offered without conflict of interest. That doesn't sit well with certain agendas which distort the facts. For example, I do not claim that GMO foods are dangerous, but believe that they should be labeled like they are in most countries around the world.' In their letter, the doctors accuse Dr. Oz of quackery: 'Dr. Oz has repeatedly shown disdain for science and for evidence-based medicine, as well as baseless and relentless opposition to the genetic engineering of food crops. Worst of all, he has manifested an egregious lack of integrity by promoting quack treatments and cures in the interest of personal financial gain.'

+ - An alternative to SoundCloud, MixCloud and similar services->

Submitted by blogologue
blogologue writes: I've been creating music and doing cover songs the last couple of years, but have run into some issues when it comes to sharing the things I've created. Basically I can't find a place where I can share cover songs, adaptations etc. of existing works and still keep control of what I've created (details here). Does anyone have suggestions on what one can do?
Link to Original Source

+ - Drone show to replace Top Gear->

Submitted by garymortimer
garymortimer writes: Airheads, will pit teams of drone constructors against each other in building and flying challenges. Much like Robot Wars, did in the 80s. The program is produced by Graham Nortons SO Television and will take Sunday nights Top Gear slot
Link to Original Source

+ - China overwhelming sites hosting Censored Content->

Submitted by puddingebola
puddingebola writes: The New York times reports that China is using a "new weapon" called the "Great Cannon" to overwhelm sites such as GitHub and GreatFire.org that host censored websites. The story is based on a report from UC Berkley and the University of Toronto, found here https://citizenlab.org/2015/04... From the story, "China’s new Internet weapon, the report says, is similar to one developed and used by the National Security Agency and its British counterpart, GCHQ, a system outlined in classified documents leaked by Edward J. Snowden, the former United States intelligence contractor. "
Link to Original Source

+ - Gemalto Hack Could Compromise Contactless And ID Cards 1

Submitted by dkatana
dkatana writes: A recent article published by The Intercept reports that the U.S. National Security Agency (NSA) and Britain’s Government Communications Headquarters (GCHQ) stole millions of encryption keys used in SIM cards manufactured by Gemalto. While the article focuses on the possibility that those keys could be used by the agencies to monitor communications and possibly hack mobile devices using the SIM cards, it also gives some room to the possibility that other IC security modules based on Gemalto technology could be compromised.

Gemalto not only manufacturers Subscriber Identity Modules (SIM) cards for cellular providers, it is also the world’s largest manufacturer of contactless credit card ICs and a leading provider of identity modules used in government documents such as passports, driving licenses and ID cards.

+ - The Ghosts in the MP3s-> 1

Submitted by el_flynn
el_flynn writes: Continuing the debate about whether there's really any difference between lossless and lossy audio codecs, as well as the whole Pono debacle, Ryan Maguire, a Ph.D student at the University of Virginia, has found a way to "hear" what we're not hearing. From TFA, Ryan goes on to ask "what does the music which this codec delete sound like?", and builds a technique to recover these "lost" sounds... the ghosts in the MP3, so to speak.
Link to Original Source

Money doesn't talk, it swears. -- Bob Dylan

Working...