Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - POODLE SSL 3.0 Protocol-Level Vulnerability (blogspot.com)

An anonymous reader writes: A protocol-level, non-implementation specific, attack against SSL 3.0 has been announced by Google: 'Today we are publishing details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. [...] Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV.'

Submission + - NSA To Scientists: We Won't Tell You What We've Told You, That's Classified (hothardware.com)

MojoKid writes: One of the downsides to the news cycle is that no matter how big or hot a story is, something else inevitably comes along. The advent of ISIS and Ebola, combined with the passing of time, have pushed national security concerns out of the limelight — until, that is, someone at the NSA helps out by reminding us that yes, the agency still exists and yes, it still has some insane policies and restrictions. Earlier this year, the Federation of American Scientists filed a Freedom of Information Act (FOIA) request with the NSA. The group was seeking information it thought would be relatively low-key — what authorized information had been leaked to the media over the past 12 months? The NSA's response reads as follows: "The document responsive to your request has been reviewed by this Agency as required by the FOIA and has been found to be currently and properly classified in accordance with Executive Order 13526. The document is classified because its disclosure could reasonably be expected to cause exceptionally grave damage to the national security." The NSA is insisting that it has the right to keep its lawful compliance and public disclosures secret not because the NSA is made of evil people but because the NSA has a knee-jerk preference and demand for secrecy. In a spy organization, that's understandable and admirable but it's precisely the opposite of what's needed to rebuild American's faith in the institution and it's judgment.

Submission + - Verizon Working On a La Carte Internet TV Service (pcmag.com)

An anonymous reader writes: One of the reasons people have been fleeing cable TV in droves is the idea that they're paying for hundreds of channels but only using a handful. Even though that's not really true, Verizon is now working an an internet TV service that lets people pick and pay for only the channels they want. Verizon CEO Lowell McAdam said, "I think everyone understands it will go to a la carte. The question is what is that transition look like ... I don't think there is anyone that would stand up here and say the only way it's going to be offered five years from now is linear and it's going to be tied to your TV set because frankly they will miss the market and they will be the ones left behind."

Submission + - Comcast adds third party wi-fi to home routers (comcast.com)

An anonymous reader writes: I got a mailing from my cable internet provider Comcast. They are modifying my cable modem so that other Comcast users can login on a separate Wi-Fi network, and I can do the same around town on all the other hotspots. The goal is to provide cheap data access for Wi-Fi users. Since I don't use their cell phone service, it seems unlikely to me that I get anything but hassle from this. I have several reservations about this;
  • Security. While they are putting it on a separate domain, I am concerned that it gives more exposure to the router software so that it can be breached and access my transmission. I'm underwhelmed by their assurances that nothing will happen although the counter argument is that any current thoughts that it's secure are delusional.
  • Performance they say

    Will my Internet slow down when someone connects to my XFINITY WiFi network? The broadband connection to your home will be unaffected by the XFINITY WiFi feature. Your in-home WiFi network, as well as XFINITY WiFi, use shared spectrum, and as with any shared medium there can be some impact as more devices share WiFi. We have provisioned the XFINITY WiFi feature to support robust usage, and therefore, we anticipate minimal impact to the in-home WiFi network

    Translation, the up to five foreign users are going to eat ithe shared spectrum in addition to my own machines. Since my video streaming usage is already marginal, I don't know if this will drop my performance.

  • Inconvenience Finally, opting out is going to require marching through their website or having the patience and understanding to deal with the delays at their call center hell.

Anyone else have thoughts on this?

Submission + - Thought crime is terror in U.S. (wnd.com)

schwit1 writes: The Justice Department is resurrecting a program designed to thwart domestic threats to the United States, and Attorney General Eric Holder says those threats include individuals the government deems anti-government or racially prejudiced.

The Domestic Terrorism Executive Committee was created in the wake of the 1995 Oklahoma City bombing but was scrapped soon after the 2001 terrorist attacks as intelligence and law enforcement officials shifted their focus to threats from outside the country. The committee will be comprised of figures from the FBI, the National Security Division of the Justice Department and the Attorney General’s Advisory Committee.

In his statement announcing the return of the committee, Holder said he remains concerned about the specter of attacks prompted by Islamic extremists, but he said this committee will be tasked with identifying other threats.

“We must also concern ourselves with the continued danger we face from individuals within our own borders who may be motivated by a variety of other causes from anti-government animus to racial prejudice,” Holder said. According to reporting from Reuters, the ACLU is pushing back against the DOJ plan, fearing “it could be a sweeping mandate to monitor and collect controversial speech.”

Submission + - A Real-Time Map of Travelers Getting Screwed By the Thanksgiving Storm (vice.com)

Daniel_Stuckey writes: Travel officials expect about 3 million people to venture by plane to their turkey dinner, and already hundreds of flights have been canceled and thousands delayed—including more than a third of routes at the major airport hub in Dallas, which will have a ripple effect down through the airline system as thwarted passengers try to hop on other flights.

The annual clusterfuck apparently inspired flight-tracking site FlightAware to develop an interactive "Misery Map" visualizing flight statuses in real-time and the megastorm traversing the country simultaneously. Because who doesn't love a little data viz schadenfreude?

Submission + - EU Plastic Bag Debate Highlights a Wider Global Problem

jones_supa writes: An EU citizen uses around 200 plastic bags per year. That's too much, says the EU. But, wasting plastic bags is not just a European problem. Countries around the world are struggling with the issue, and it especially affects growing economies such as Asia. Some Southeast Asian countries don't even have the proper infrastructure in place to dispose of the bags properly. The problems for the environment are many. Plastic bags usually take several hundred years until they decay thereby filling landfills, while animals often mistake the plastic for food and choke to death. Additionally they are a major cause of seaborne pollution, which is a serious hazard for marine life. This autumn, EU has started ambitious plans which suggest reducing usage by 80% by 2017. Some countries have already applied measures: England has added a 5p charge to previously free bags, and in Ireland the government has already imposed a tax of 22 euro cents ($0.29) per plastic bag. The EU Environment Commissioner Janez Potonik said: 'We're taking action to solve a very serious and highly visible environmental problem.'

Submission + - Advent of Religious Search Engines (npr.org)

Beetle B. writes: "Do Google search results contradict your religious views? Tired of getting pornographic results and worried you'll burn in Hell for it? Are you Christian? Try SeekFind — "a Colorado Springs-based Christian search engine that only returns results from websites that are consistent with the Bible." Muslim? Look no further: I'm Halal. Jewish? Jewogle is for you. NPR ran a story on the general trend of search engines cropping up to cater to certain religious communities. I wonder how many other "filtered" search engines exist out there to cater to various groups (religious or otherwise) — not counting specialized searches (torrents, etc)."
Google

Submission + - Oracle sues Google over Android (mercurynews.com)

suraj.sun writes: Oracle said Thursday that it has filed a federal copyright lawsuit alleging that Google's popular Android operating system was built on Oracle's Java software without permission.

Android, which was first released in late 2008, is used by several computer manufacturers as the operating system that runs smartphones and other computing devices. Oracle's lawsuit, filed in the U.S. District Court for Northern California, accuses Google of infringing on patents and copyrights that Oracle acquired when it bought Sun Microsystems earlier this year.

Google had no immediate comment.

But one analyst called the lawsuit surprising because Sun, whose engineers developed Java, decided several years ago to release key elements of the widely used programming language under an open-source license which allows others to use it freely. "Java is essential for Android," said Al Hilwa, a software expert at the IDC research firm. "But a big chunk of Java is open-source. Since Android has been out there for more than a year, most people would have expected they were in compliance with whatever license terms apply."

Mercury News: http://www.mercurynews.com/breaking-news/ci_15762198

Submission + - Wikileaks "a clear and present danger"

bedmison writes: "In an op-ed in the Washington Post titled "WikiLeaks must be stopped", Marc A. Thiessen writes that "WikiLeaks represents a clear and present danger to the national security of the United States.", and that the United States has the authority to arrest its founder, Julian Assange, even if it has to contravene international law to do so. Thiessen also suggests that the new USCYBERCOM be unleashed to destroy WikiLeaks as an internet presense. From the article:

"With appropriate diplomatic pressure, these governments may cooperate in bringing Assange to justice. But if they refuse, the United States can arrest Assange on their territory without their knowledge or approval. In 1989, the Justice Department's Office of Legal Counsel issued a memorandum entitled "Authority of the Federal Bureau of Investigation to Override International Law in Extraterritorial Law Enforcement Activities."

This memorandum declares that "the FBI may use its statutory authority to investigate and arrest individuals for violating United States law, even if the FBI's actions contravene customary international law" and that an "arrest that is inconsistent with international or foreign law does not violate the Fourth Amendment." In other words, we do not need permission to apprehend Assange or his co-conspirators anywhere in the world.

Arresting Assange would be a major blow to his organization. But taking him off the streets is not enough; we must also recover the documents he unlawfully possesses and disable the system he has built to illegally disseminate classified information.

This should be done, ideally, through international law enforcement cooperation. But if such cooperation is not forthcoming, the United States can and should act alone. Assange recently boasted that he has created "an uncensorable system for untraceable mass document leaking." I am sure this elicited guffaws at the National Security Agency. The United States has the capability and the authority to monitor his communications and disrupt his operations.""
Space

Submission + - Incoming! The Sun Unleashes CME at Earth (discovery.com)

astroengine writes: "It's been an exciting day on the sun. This morning, at 08:55 UT, NASA's Solar Dynamics Observatory (SDO) detected a C3-class flare erupt inside a sunspot cluster. 100,000 kilometers away, deep within the solar atmosphere (the corona), an extended magnetic field filled with cool plasma forming a dark ribbon across the face of the sun (a feature known as a "filament") erupted at the exact same time. It seems very likely that both eruptions were connected after a powerful shock wave produced by the flare destabilized the filament, causing the eruption. A second solar observatory, the Solar and Heliospheric Observatory (SOHO), then spotted a huge coronal mass ejection (CME) blast into space, straight in the direction of Earth. Solar physicists have calculated that this magnetic bubble filled with energetic particles should hit Earth on August 3, so look out for some intense aurorae, a solar storm is coming..."
Security

Submission + - ATM hack gives cash on demand (idg.com.au)

angry tapir writes: "Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATM machines at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge,"
Games

Submission + - Roger Ebert Apologizes, Sort Of (suntimes.com)

Jhyrryl writes: Roger Ebert has again posted about video games. It's an apology of sorts, for having publicly said that games are not art. He still holds that opinion, he apparently just wants to apologize for pissing people off.
Bug

Submission + - Windows XP Zero-Day Hits 10,000 PCs (infoworld.com)

snydeq writes: "Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug. The attacks, which are being launched from malicious Web pages, are concentrated in the U.S., Russia, Portugal, Germany, and Brazil, according to a report from Microsoft. The flaw being exploited resides in the Windows Help and Support Center software that comes with Windows XP. It was disclosed on June 10 by Google researcher Tavis Ormandy."

Slashdot Top Deals

% "Every morning, I get up and look through the 'Forbes' list of the richest people in America. If I'm not there, I go to work" -- Robert Orben

Working...