Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security

Video Veteran IT Journalist Worries That Online Privacy May Not Exist (Video) 9 9

Tom Henderson is a long-time observer of the IT scene, complete with scowl and grey goatee. And cynicism. Tom is a world-class cynic, no doubt about it. Why? Cover enterprise IT security and other computing topics long enough for big-time industry publications like ITWorld and its IDG brethren, and you too may start to think that no matter what you do, your systems will always have (virtual) welcome mats in front of them, inviting crackers to come in and have a high old time with your data.

Note: Alert readers have probably noticed that we talked with Tom about cloud security back in March. Another good interview, worth seeing (or reading).
Programming

.NET 4.6 Optimizer Bug Causes Methods To Get Wrong Parameters 104 104

tobiasly writes: A serious bug in the just-released .NET 4.6 runtime causes the JIT compiler to generate incorrectly-optimized code which results in methods getting called with different parameters than what were passed in. Nick Craver of Stack Exchange has an excellent write-up of the technical details and temporary workarounds; Microsoft has acknowledged the problem and submitted an as-yet unreleased patch.

This problem is compounded by Microsoft's policy of replacing the existing .NET runtime, as opposed to the side-by-side runtimes which were possible until .NET 2.0. This means that even if your project targets .NET 4.5, it will get the 4.6 runtime if it was installed on that machine. Since it's not possible to install the just-released Visual Studio 2015 without .NET 4.6, this means developers must make the difficult choice between using the latest tools or risking crippling bugs such as this one.

Submission + - Rematch--Newegg beats patent troll over SSL and RC4 encryption->

codguy writes: After a previous failed attempt (http://yro.slashdot.org/story/13/11/26/1927254/jury-finds-newegg-infringed-patent-owes-23-million) to fight patent troll TQP Development in late 2013, Newegg has now beaten this troll in a rematch (http://blog.newegg.com/newegg-vs-patent-trolls-when-we-win-you-win/). From the article:

"Newegg went against a company that claimed its patent covered SSL and RC4 encryption, a common encryption system used by many retailers and websites. This particular patent troll has gone against over 100 other companies, and brought in $45 million in settlements before going after Newegg."

This follows on Intuit's recent success in defending itself against this claim (http://yro.slashdot.org/story/14/06/26/1353216/intuit-beats-ssl-patent-troll-that-defeated-newegg).

Link to Original Source

Submission + - The First Airplane on Mars

braindrainbahrain writes: Undergoing research by NASA, the Preliminary Research Aerodynamic Design to Land on Mars, or Prandtl-M (not-so-coincidentally named after German aeronautical engineer Ludwig Prandtl) program is developing an airfoil with the ultimate goal of flying in the Martian atmosphere. The program has flown 12-ft. span models, the Prandtl-D1 and -D2, in Earth's atmosphere to prove that the flying wing design could overcome adverse yaw effects without including a tail. A larger 25 ft. model will be tested shortly and further tests call for prototypes to be balloon dropped at 85,000 feet and later at 115,000 feet to simulate Martian atmospheric density. If all goes well, it could be deployed from a cubesat container after hitching a ride to Mars with a rover in 2022.

Alternate, non-pay walled source: http://www.nasa.gov/centers/ar...

Submission + - Microsoft's Windows 10 now live

mrspoonsi writes: Right on schedule, Microsoft has begun prompting users of Windows 7 and 8.1 to upgrade their machines to Windows 10. The process has begun in the parts of the world where it is already July 29th; this includes China. The company began taking reservations for Windows 10 back in June, and as we reported earlier this morning, it is already starting to pre-load the OS on to those machines. While not everyone will get the OS tomorrow through the upgrade program, it does appear that there will be quite a few users who will be able to install the OS as a free upgrade on the 29th. Windows 10 is expected to be installed on a billion devices within the next three years and to achieve that milestone, they will need to upgrade a significant number of devices to the new OS from Windows 7 or 8.1.

Feed Google News Sci Tech: How hackers can take control of your Android with one text message - Christian Science Monitor->


Christian Science Monitor

How hackers can take control of your Android with one text message
Christian Science Monitor
A flaw in the Android operating system could give hackers easy access to 95% of Android devices, according to cyber security firm Zimperium. By Gretel Kauffman, Staff July 28, 2015. Save for later Saved. close. A hostess displays the Samsung Galaxy S6...
Stagefright: Android phone flaw may let hackers in via text messageSyracuse.com
Millions of Android phones at risk of being sent malware-infected textsTelegraph.co.uk
Android Flaw Allows Hacks Via Text MessageDiscovery News
ABC News-CBS Local-BBC News
all 438 news articles

Link to Original Source
Software

Why Your Software Project Is Failing 88 88

An anonymous reader writes: At OSCON this year, Red Hat's Tom Callaway gave a talk entitled "This is Why You Fail: The Avoidable Mistakes Open Source Projects STILL Make." In 2009, Callaway was starting to work on the Chromium project—and to say it wasn't a pleasant experience was the biggest understatement Callaway made in his talk. Callaway said he likes challenges, but he felt buried by the project, and reached a point where he thought he should just quit his work. (Callaway said it's important to note that Chromium's code is not bad code; it's just a lot of code and a lot of code that Google didn't write.) This was making Callaway really frustrated, and people wanted to know what was upsetting him. Callaway wanted to be able to better explain his frustration, so he crafted this list which he called his "Points of Fail."
Chrome

Chrome Extension Thwarts User Profiling Based On Typing Behavior 53 53

An anonymous reader writes: Per Thorsheim, the founder of PasswordsCon, created and trained a biometric profile of his keystroke dynamics using the Tor browser at a demo site. He then switched over to Google Chrome and not using the Tor network, and the demo site correctly identified him when logging in and completing a demo financial transaction. Infosec consultant Paul Moore came up with a working solution to thwart this type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM. A Firefox version of the plugin is in the works.

Submission + - Advertising companies accused of deliberately slowing page-load times for profit->

An anonymous reader writes: An industry insider has told Business Insider [http://www.businessinsider.com/conspiracy-web-pages-load-slowly-because-they-make-more-money-that-way-2015-7] of his conviction that ad-serving companies deliberately prolong the 'auctioning' process for ad spots when a web-page loads in order to maximise revenue by allowing automated 'late-comers' to participate beyond the 100ms limit placed on the decision-making process. The unnamed source, a principal engineer at a global news company (whose identity and credentials were confirmed by Business Insider), concluded with the comment "My entire team of devs and testers mostly used Adblock when developing sites, just because it was so painful otherwise,". Publishers use 'daisy-chaining' [http://www.masternewmedia.org/online-advertising-management-ad-network-defaulting-and-daisy-chaining-for-ad-revenue-optimization/#ixzz2bKLfDIU9] to solicit bids from the most profitable placement providers down to the 'B-list' placements, and the longer the process is run, the more likely that the web-page will be shown with profitable advertising in place.
Link to Original Source

Submission + - Why your software project is failing->

An anonymous reader writes: At OSCON this year, Red Hat's Tom Callaway gave a talk entitled "This is Why You Fail: The Avoidable Mistakes Open Source Projects STILL Make." In 2009, Callaway was starting to work on the Chromium project—and to say it wasn't a pleasant experience was the biggest understatement Callaway made in his talk.

Callaway said he likes challenges, but he felt buried by the project, and reached a point where he thought he should jut quite his work. (Callaway said it's important to note that Chromium's code is not bad code; it's just a lot of code and a lot of code that Google didn't write.) This was making Callaway really frustrated, and people wanted to know what was upsetting him. Callaway wanted to be able to better explain his frustration, so he crafted this list which he called his "Points of Fail."

Link to Original Source

Submission + - Chrome Extension Thwarts User Profiling Based On Typing Behavior

An anonymous reader writes: Per Thorsheim, the founder of PasswordsCon, created and trained a biometric profile of his keystroke dynamics using the Tor browser at a demo site. He then switched over to Google Chrome and not using the Tor network, and the demo site correctly identified him when logging in and completing a demo financial transaction. Infosec consultant Paul Moore came up with a working solution to thwart this type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM. A Firefox version of the plugin is in the works.

Submission + - .NET 4.6 optimizer bug causes methods to get wrong parameters

tobiasly writes: A serious bug in the just-released .NET 4.6 runtime causes the JIT compiler to generate incorrectly-optimized code which results in methods getting called with different parameters than what were passed in. Nick Craver of Stack Exchange has an excellent write-up of the technical details and temporary workarounds; Microsoft has acknowledged the problem and submitted an as-yet unreleased patch.

This problem is compounded by Microsoft's policy of replacing the existing .NET runtime, as opposed to the side-by-side runtimes which were possible until .NET 2.0. This means that even if your project targets .NET 4.5, it will get the 4.6 runtime if it was installed on that machine. Since it's not possible to install the just-released Visual Studio 2015 without .NET 4.6, this means developers must make the difficult choice between using the latest tools or risking crippling bugs such as this one.

Submission + - Pentagon: Poor testing generated Army shipping live anthrax.->

An anonymous reader writes: Some sort of Pentagon research blames substandard killing in addition to testing of anthrax specimens one of many main factors behind why a great Army laboratory mistakenly sent live spores for just a decade that found themselves at 183 labs in the us and abroad, according to your report unveiled Thursday on the military’s investigation from the blunders.
Link to Original Source
Security

Your Stolen Identity Goes For $20 On the Internet Black Market 52 52

HughPickens.com writes: Keith Collins writes at Quartz that the going rate for a stolen identity is about twenty bucks on the internet black market. Collins analyzed hundreds of listings for a full set of someone's personal information—identification number, address, birthdate, etc., known as "fullz" that were put up for sale over the past year, using data collected by Grams, a search engine for the dark web. The listings ranged in price from less than $1 to about $450, converted from bitcoin. The median price for someone's identity was $21.35. The most expensive fullz came from a vendor called "OsamaBinFraudin," and listed a premium identity with a high credit score for $454.05. Listings on the lower end were typically less glamorous and included only the basics, like the victim's name, address, social security number, perhaps a mother's maiden name. Marketplaces on the dark web, not unlike eBay, have feedback systems for vendors ("cheap and good A+"), refund policies (usually stating that refunds are not allowed), and even well-labeled sections. "There is no shortage of hackers willing to do about anything, computer related, for money," writes Elizabeth Clarke. "and they are continually finding ways to monetize personal and business data."

Get hold of portable property. -- Charles Dickens, "Great Expectations"

Working...