mask.of.sanity writes: Fraud fighters David Byrne and Charles Henderson say one of the world's largest Point of Sale systems vendors has been slapping the same default passwords – 166816 – on its kit since 1990. Worse still: about 90 per cent of customers are still using the password. Fraudsters would need physical access to the PoS in question to exploit it by opening a panel using a paperclip. But such physical PoS attacks are not uncommon and are child's play for malicious staff. Criminals won't pause before popping and unlocking. The enraged pair badged the unnamed PoS vendor by its other acronym labelling it 'Piece of S***t.
An anonymous reader writes Today, The Register has learned of 13 science projects approved by boffins at the US Department of Energy to run on the 300-petaFLOPS Summit. These software packages, selected for the Center for Accelerated Application Readiness (CAAR) program, will be ported to the massive parallel machine, and are hoped to make full use of the supercomputer's architecture.They range from astrophysics, biophysics, chemistry, and climate modeling to combustion engineering, materials science, nuclear physics, plasma physics and seismology.
RoccamOccam writes with the following news from The Register: Internet giants Google, Amazon, Microsoft and Taboola have reportedly paid AdBlock Plus to allow their ads to pass through its filter software. The confidential deals were confirmed by the Financial Times, the paper reported today [Paywalled]. From the Register's article: Eyeo GmbH, the German startup behind Adblock Plus, said it did not wish to comment. So far more than 300 million users have downloaded its software, it said. The add-on is free to download, with Eyeo generating revenue through its "whitelisting" programme. Companies can request their ads to be unblocked as long as they comply with AdBlock's "acceptable ads" policy. Large companies pay a fee for the service.
Bennett Haselton writes: They would never admit it, but your high school admins would probably breathe a sigh of relief if all of their sexting-mad students would go ahead and install Snapchat so that evidence of (sometimes) illegal sexting would disappear into the ether. They can't recommend that you do this, because it would sound like an implicit endorsement, just like they can't recommend designated drivers for teen drinking parties -- but it's a good bet they would be grateful. Read on for the rest.
Earthquake Retrofit writes The Register is reporting that the Tor Project has warned that its network – used to mask peoples' identities on the internet – may be knocked offline in the coming days. In a Tor blog post, project leader Roger 'arma' Dingledine said an unnamed group may seize Tor's directory authority servers before the end of next week. These servers distribute the official lists of relays in the network, which are the systems that route users' traffic around the world to obfuscate their internet connections' public IP addresses.
Cognitive Dissident writes The Register has a story about federal prosecutors using a law signed by George Washington to force manufacturers to help law enforcement access encrypted data on devices they manufacture. The All Writs Act is a broad statute simply authorizing courts to issue any order necessary to obtain information within their jurisdiction. Quoting the Register article: "Last month, New York prosecutors successfully persuaded a judge that the ancient law could be used to force an unnamed smartphone manufacturer to help unlock a phone allegedly used in a credit card fraud case. The judge ordered the manufacturer to offer 'reasonable technical assistance' to make the phone's contents available." What will happen when this collides with Apple and Google deliberately creating encryption that they themselves cannot break?
Bennett Haselton writes: Social networking company Ello has converted itself to a Public Benefit Corporation, bound by a charter saying that they will not now, nor in the future, make money by running advertisements or selling user data. Ello had followed these policies from the outset, but skeptics worried that venture capitalist investors might pressure Ello to change those policies, so this binding commitment was meant to assuage those fears. But is the commitment really legally binding and enforceable down the road? Read on for the rest.
Contributor Bennett Haselton writes with a interesting take on the recent release of racy celebrity photos: "Lawyers for Olympic gymnast McKayla Maroney succeeded in getting porn sites to take down her stolen nude photos, on the grounds that she was under 18 in the pictures, which meant they constituted child pornography. If true, that means that under current laws, Maroney could in theory be prosecuted for taking the original pictures. Maybe the laws should be changed?" Read on for the rest.
Bennett Haselton writes My LG Optimus F3Q was the lowest-end phone in the T-Mobile store, but a cheap phone is supposed to suck in specific ways that make you want to upgrade to a better model. This one is plagued with software bugs that have nothing to do with the cheap hardware, and thus lower one's confidence in the whole product line. Similar to the suckiness of the Stratosphere and Stratosphere 2 that I was subjected to before this one, the phone's shortcomings actually raise more interesting questions — about why the free-market system rewards companies for pulling off miracles at the hardware level, but not for fixing software bugs that should be easy to catch. Read below to see what Bennett has to say.
mask.of.sanity writes Forensics and industry experts have cast doubt on an alleged National Security Agency capability to locate whistle blowers appearing in televised interviews based on how the captured background hum of electrical devices affects energy grids. Divining information from electrified wires is a known technique: Network Frequency Analysis (ENF) is used to prove video and audio streams have not been tampered with, but experts weren't sure if the technology could be used to locate individuals.
jfruh writes: "Creators of compilers are in an arms race to improve performance. But according to a presentation at this week's annual USENIX conference, those performance boosts can undermine your code's security. For instance, a compiler might find a subroutine that checks a huge bound of memory beyond what's allocated to the program, decide it's an error, and eliminate it from the compiled machine code — even though it's a necessary defense against buffer overflow attacks."
Bennett Haselton writes: "In March I asked why Netflix doesn't offer their rental DVD service in 'virtual DVD' form -- where you can 'check out' a fixed number of 'virtual DVDs' per month, just as you would with their physical DVDs by mail, but by accessing the 'virtual DVDs' in streaming format so that you could watch them on a phone or a tablet or a laptop without a DVD drive. My argument was that this is an interesting, non-trivial question, because it seems Netflix and (by proxy) the studios are leaving cash on the table by not offering this as an option to DVD-challenged users. I thought some commenters' responses raised questions that were worth delving into further." Read on for the rest of Bennett's thoughts.
mask.of.sanity (1228908) writes "Criminals could potentially cause black-outs and mess with power grid configurations by exploiting flaws in a popular solar panel management system used by thousands of homes and businesses. The threat is substantial because, as the company boasts, its eponymous management system runs globally on roughly 229,300 solar plants that typically pump out 566TWh of electrical energy."
Bennett Haselton writes: "If you watch a movie or TV show (legally) on your mobile device while away from your home network, it's usually by streaming it on a data plan. This consumes an enormous amount of a scarce resource (data bundled with your cell phone provider's data plan), most of it unnecessarily, since many of those users could have downloaded the movie in advance on their home broadband connection — if it weren't for pointless DRM restrictions." Read on for the rest of Bennett's thoughts.
Slashdot contributor Bennett Haselton writes: "A California company called Shape Security claims that their network box can disable malware attacks, by using polymorphism to rewrite webpages before they are sent to the user's browser. Most programmers will immediately spot several ways that the system can be defeated, but it may still slow attackers down or divert them towards other targets." Read on for the rest of Bennett's thoughts.