Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security

Researcher Bypasses Google Password Alert For Second Time 35

Posted by timothy
from the if-you-watch-everything-you-lose-perspective dept.
Trailrunner7 writes with this excerpt: A security researcher has developed a method–actually two methods–for defeating the new Chrome Password Alert extension that Google released earlier this week.

The Password Alert extension is designed to warn users when they're about to enter their Google passwords into a fraudulent site. The extension is meant as a defense against phishing attacks, which remain a serious threat to consumers despite more than a decade of research and warnings about the way the attacks work.

Just a day after Google released the extension, Paul Moore, a security consultant in the U.K., developed a method for bypassing the extension. The technique involved using Javascript to look on a given page for the warning screen that Password Alert shows users. The method Moore developed then simply blocks the screen, according to a report on Ars Technica. In an email, Moore said it took him about two minutes to develop that bypass, which Google fixed in short order.

However, Moore then began looking more closely at the code for the extension, and Chrome itself, and discovered another way to get around the extension. He said this one likely will be more difficult to repair.

"The second exploit will prove quite difficult (if not near impossible) to resolve, as it leverages a race condition in Chrome which I doubt any single extension can remedy. The extension works by detecting each key press and comparing it against a stored, hashed version. When you've entered the correct password, Password Alert throws a warning advising the user to change their password," Moore said.
Earth

Giant Survival Ball Will Help Explorer Survive a Year On an Iceberg 128

Posted by Soulskill
from the rolling-the-seven-seas dept.
HughPickens.com writes: Ben Yeager reports in Outside Magazine that Italian explorer Alex Bellini plans to travel to Greenland's west coast, pick an iceberg, and live on it for a year as it melts out in the Atlantic. It's a precarious idea. Bellini will be completely isolated, and his adopted dwelling is liable to roll or fall apart at any moment, thrusting him into the icy sea or crushing him under hundreds of tons of ice. His solution: an indestructible survival capsule built by an aeronautics company that specializes in tsunami-proof escape pods. "I knew since the beginning I needed to minimize the risk. An iceberg can flip over, and those events can be catastrophic." Bellini plans to use a lightweight, indestructible floating capsules, or "personal safety systems" made from aircraft-grade aluminum in what's called a continuous monocoque structure, an interlocking frame of aluminum spars that evenly distribute force, underneath a brightly painted and highly visible aluminum shell. The inner frame can be stationary or mounted on roller balls so it rotates, allowing the passengers to remain upright at all times.

Aeronautical engineer Julian Sharpe, founder of Survival Capsule, got the idea for his capsules after the 2004 Indonesian tsunami. He believes fewer people would have died had some sort of escape pod existed. Sharpe hopes the products will be universal—in schools, retirement homes, and private residences, anywhere there is severe weather. The product appeals to Bellini because it's strong enough to survive a storm at sea or getting crushed between two icebergs. Bellini will spend almost all of his time in the capsule with the hatch closed, which will pose major challenges because he'll have to stay active without venturing out onto a slippery, unstable iceberg. If it flips, he'll have no time to react. "Any step away from [the iceberg] will be in unknown territory," says Bellini. "You want to stretch your body. But then you risk your life."
Security

Pentagon Discloses Network Breach By Russian Hackers 64

Posted by Soulskill
from the digital-diplomatic-incident dept.
An anonymous reader writes: The Pentagon has disclosed that Russian hackers were able to breach one of its secure networks earlier this year, and referred to the attack as a "worrisome" incident. "Earlier this year, the sensors that guard DOD's unclassified networks detected Russian hackers accessing one of our networks," said defense secretary Ash Carter yesterday during a speech at Stanford University. Carter warned Russia that the U.S. Department of Defense would retaliate with cyber campaigns should it see fit. "Adversaries should know that our preference for deterrence and our defensive posture don't diminish our willingness to use cyber options if necessary," said Carter. He added in a prepared statement that the Russian hackers had been able to gain access to an "unclassified network" but had been "quickly identified" by a team of cyberattack experts who managed to block the hackers "within 24 hours." The cybersecurity response team had quickly analyzed the hack patterns and code and identified the intruders as Russian, before "kicking them off the network."
Ubuntu

Ubuntu 15.04 Released, First Version To Feature systemd 494

Posted by Soulskill
from the onward-and-upward dept.
jones_supa writes: The final release of Ubuntu 15.04 is now available. A modest set of improvements are rolling out with this spring's Ubuntu. While this means the OS can't rival the heavy changelogs of releases past, the adage "don't fix what isn't broken" is clearly one 15.04 plays to. The headline change is systemd being featured first time in a stable Ubuntu release, which replaces the inhouse UpStart init system. The Unity desktop version 7.3 receives a handful of small refinements, most of which aim to either fix bugs or correct earlier missteps (for example, application menus can now be set to be always visible). The Linux version is 3.19.3 further patched by Canonical. As usual, the distro comes with fresh versions of various familiar applications.
Data Storage

Ask Slashdot: Best Medium For Storing Data To Survive a Fire (or Other Disaster) 446

Posted by samzenpus
from the burning-down-the-house dept.
First time accepted submitter aka_bigred writes Every year as I file my taxes, I replicate my most important financial data (a couple GB of data) to store an offline copy in my fire-rated home safe. This gets me thinking about what the most reliable data media would be to keep in my fire-rated home safe.

CDs/DVDs/tapes could easily melt or warp rendering them useless, so I'm very hesitant to use them. I've seen more exotic solutions that let you print your digital data to paper an optically re-import it later should you ever need it, but it seems overly cumbersome and error prone should it be damaged or fire scorched. That leaves my best options being either a classic magnetic platter drive, or some sort of solid state storage, like SD cards, USB flash drives, or a small SSD. The problem is, I can't decide which would survive better if ever exposed to extreme temperatures, or water damage should my house burn down.

Most people would just suggest to store it in "the cloud", but I'm naturally averse to doing so because that means someone else is responsible for my data and I could lose it to hackers, the entity going out of business, etc. Once it leaves my home, I no longer fully control it, which is unacceptable. My thought being "they can't hack/steal what they can't physically access." What medium do other Slashdot users use to store their most important data (under say 5GB worth) in an at-home safe to protect it from fire?

Comment: Any keyboard without a numpad (Score 1) 452

by Cthefuture (#49278191) Attached to: Ask Slashdot: Good Keyboard?

Seriously, numpads are the bane of everything useful and good in keyboards. Why have that useless piece shit sticking out of the side of the keyboard right where you want the mouse? I'm not joking when I say I will never buy another keyboard that has an attached numpad on the right.

I currently use a Kinesis Maxim but I don't think it's the best keyboard ever. Yes, it has lasted over 12 years but it was really expensive and it's starting to fall apart. Many broken keys and the wrist-rests are completely broken-off and useless at this point.

MS Natural keyboards are nice but they are gigantic with that fucking useless numpad that takes up all your usable desk space. A numpad-less Natural would be really awesome (lol, like MS would ever do that unless it's insecure wireless crap).

Education

Ask Slashdot: Terminally Ill - What Wisdom Should I Pass On To My Geek Daughter? 698

Posted by Soulskill
from the f*#&-cancer dept.
An anonymous reader writes: I am a scientist and educator who has been enjoying and learning from Slashdot since the late 90s. Now I come to you, my geek brothers and sisters, for help. I've been diagnosed with Stage 4 pancreatic cancer, which you will remember is what took Steve Jobs and Randy Pausch from us. My condition is incurable. Palliative chemotherapy may delay the inevitable, but a realistic assessment suggests that I have anywhere from two to six months of "quality" time left, and likely not more than a year in total.

I am slowly coming to terms with my imminent death, but what bothers me most is that I will be leaving my wife alone, and that my daughter will have to grow up without her father. She is in sixth grade, has an inquisitive and sharp mind, and is interested in science and music. She seems well on the path to becoming a "girl geek" like her mother, an outcome I'd welcome.

Since I will not be around for all of the big events in her life, I am going to create a set of video messages for her that she can watch at those important times or just when she's having a bad day. I would like to do this before my condition progresses to the point that I am visibly ill, so time is short.

In the videos I will make clear how much I treasure the time we've spent together and the wonderful qualities I see in her. What other suggestions do you have? What did you need to hear at the different stages of your life? What wisdom would have been most helpful to you? At what times did you especially need the advice of a parent? And especially for my geek sisters, how can I help her navigate the unique issues faced by girls and women in today's world?

Please note that I'm posting anonymously because I don't want this to be about me. I'd prefer that the focus be on my daughter and how I can best help her. Thank you so much for your help.
Government

Free-As-In-Beer Electricity In Greece? 690

Posted by timothy
from the everything-free-that-money-can-buy dept.
PolygamousRanchKid writes New Greek Prime Minister Alexis Tsipras will lay out his radical left-wing government's policies in a speech later on Sunday, firmly rejecting any more austerity forced on his debt-strapped country by its euro zone partners. In his first major speech to parliament as premier, Tsipras is expected to say that Greece wants no more bailout money, plans to renegotiate its debt deal and wants a "bridge agreement" to tide the country over until a new pact is sealed. A second part of the speech will touch on his government's social and fiscal policy over the longer term and is likely to repeat pledges for such things as a rise in the minimum wage and free electricity for poorer Greeks. Which gets me to thinking: with free electricity, wouldn't that be a great business opportunity, to build a cloud of servers in poorer Greeks' basements? Maybe that is the real plan behind the free electricity idea.
Security

Lizard Stresser DDoS-for-Hire Service Built On Hacked Home Routers 65

Posted by Soulskill
from the go-change-your-parents'-router-credentials dept.
tsu doh nimh writes: The online attack service launched late last year by the same criminals who knocked Sony and Microsoft's gaming networks offline over the holidays is powered mostly by thousands of hacked home Internet routers, reports Brian Krebs. From the story: "The malicious code that converts vulnerable systems into stresser bots is a variation on a piece of rather crude malware first documented in November by Russian security firm Dr. Web, but the malware itself appears to date back to early 2014. As we can see in that writeup, in addition to turning the infected host into attack zombies, the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as 'admin/admin,' or 'root/12345.' In this way, each infected host is constantly trying to spread the infection to new home routers and other devices accepting incoming connections (via telnet) with default credentials.
Science

Researchers Develop Remote-Controlled Cyber-Roaches 35

Posted by samzenpus
from the bug-and-rescue dept.
An anonymous reader writes "Researchers at North Carolina State University have developed a series of remote-controlled cyber-roaches that could aid in future disaster relief efforts. The cockroaches are strapped to circuit boards and microphones, which they carry around. The circuits control the movements of each roach, and the microphone is capable of detecting environmental sounds and their sources. "In a collapsed building, sound is the best way to find survivors," said Dr. Alper Bozkurt, an assistant professor of electrical and computer engineering at North Carolina State University and senior author of two papers on the work."
Operating Systems

OpenBSD 5.6 Released 125

Posted by timothy
from the making-the-world-a-better-place dept.
An anonymous reader writes Just as per the schedule, OpenBSD 5.6 was released today, November 1, 2014. The theme of the 5.6 release is "Ride of the Valkyries". OpenBSD 5.6 will be the first version with LibreSSL. This version also removed sendmail from the base system, smtpd is the default mail transport agent (MTA). The installer no longer supports FTP, network installs via HTTP only. The BIND name server will be removed from the OpenBSD base system. Its replacement comes in the form of the two daemons nsd(8) for authoritative DNS service and unbound(8) for recursive resolver service. OpenSSH 6.7 is included along with GNOME 3.12.2, KDE 4.13.3, Xfce 4.10, Mozilla Firefox 31.0, Vim 7.4.135, LLVM/Clang 3.5 and more. See a detailed log of changes between the 5.5 and 5.6 releases for more information. If you already have an OpenBSD 5.5 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide (a quick video upgrade demo is here). You can order the 5.6 CD set from the new OpenBSD Store and support the project.
Operating Systems

Systemd Adding Its Own Console To Linux Systems 774

Posted by Soulskill
from the if-you-want-something-done-right dept.
An anonymous reader writes: The next version of systemd is poised to introduce an experimental "systemd-consoled" that serves as a user-space console daemon. The consoled furthers the Linux developers' goal of eventually deprecating the VT subsystem found within the Linux kernel in favor of a user-space driven terminal that supports better localization, increased security, and greater robustness of the kernel's seldom touched and hairy CONFIG_VT'ed code.
Television

Senators Threaten To Rescind NFL Antitrust Exemption 242

Posted by samzenpus
from the new-rules dept.
An anonymous reader writes In response to the FCC's discontinuation of rules that support the NFL's blackout policies, the NFL issued a statement indicating that it would nevertheless continue to enforce its blackout policies through its private contract negotiations with local networks. On Wednesday, however, Senators John McCain (R-AZ) and Richard Blumenthal (D-CT) announced a bill that would rescind the antitrust exemption that enables the NFL to demand blackouts in the first place and formally warned the NFL to abandon blackouts altogether. The antitrust exemption gives sports leagues "legal permission to conduct television-broadcast negotiations in a way that otherwise would have been price collusion" and further allowed the formation of the NFL from two separate leagues. Meanwhile, the NFL enjoys a specialized tax status and direct monetary support from taxpayers to build arenas and stadiums.
Networking

Ask Slashdot: Is It Worth Being Grandfathered On Verizon's Unlimited Data Plan? 209

Posted by timothy
from the grandfather-is-a-verb dept.
An anonymous reader writes I understand a lot of people dislike Verizon in general, but assuming for a moment that they were your only option for a cellular service provider, is staying on their grandfathered unlimited data plan still worth it? Their recent announcement to not throttle traffic is inpiring, but I just don't know the long-term benefits of staying on this plan. I fear there is a tipping point where enough people will swap over to a metered plan and Verizon will ultimately abandon the unlimited altogether and assume the risk of losing a percentage of those remaining folks, at which point all of us who bought unsubsidized phones will have wasted the money doing so. Does anyone have any insight on this? Useful answers to this should take into account the problem with the question of "How long is a piece of string?" Give some context about how much you pay, and how much you use -- and how much that would change if the price were different.

Innovation is hard to schedule. -- Dan Fylstra

Working...