Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Submission + - How a mobile app firm found the XcodeGhost in the machine (

SpacemanukBEJY.53u writes: A Denver-based mobile app development company, Possible Mobile, had a tough time figuring out why Apple recently rejected its app from the App Store. After a lot of head scratching, it eventually found the XcodeGhost malware hidden in an unlikely place — a third-party framework that it had wrapped into its own app. Their experience shows that the efforts of malware writers can have far-ranging effects on the mobile app component supply chain.

Submission + - Ransomware Found Targeting Linux Servers, MySQL, Git, Subversion, etc.

An anonymous reader writes: A new ransomware was discovered that targets Linux servers only, looking to encrypt only files that are related to Web hosting, Web servers, MySQL, Subversion, Git, and other technologies used in Web development and HTTP servers. Weirdly, despite targeting business environments, the ransomware only asks for 1 Bitcoin, compared to other ransomware.

Submission + - Intel Skylake-U For Notebooks Shows Solid Gains Especially In Graphics (

MojoKid writes: Intel's 6th Generation Skylake family of Core processors has been available for some time now for desktops. However, the mobile variant of Skylake is perhaps Intel's most potent incarnation of the new architecture that's power-optimized on 14nm technology with a beefier graphics engine for notebooks. In late Q3, Intel started rolling out Skylake-U versions of the chip in a 15 Watt TDP flavor. This is the power envelope that most "ultrabooks" are built with and it's likely to be Intel's highest volume SKU of the processor. The Lenovo Yoga 900 tested here was configured with an Intel Core i7-6500U dual-core processor that also supports Intel HyperThreading for 4 logical processing threads available. Its base frequency is 2.5GHz, but the chip will Turbo Boost to 3GHz and down clocks way down to 500MHz when idle. The chip also has 4MB of shared L3 cache and 512K of L2 and 128K of data cache, total. In the benchmarks, the new Skylake-U mobile chip is about 5 — 10 faster than Intel's previous generation Broadwell platform in CPU-intensive tasks and 20+ percent faster in graphics and gaming, at the same power envelope, likely with better battery life, depending on the device.

Submission + - Vulnerability In Java Commons Library Leads to Hundreds of Insecure Applications (

An anonymous reader writes: What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.

The most underrated, underhyped vulnerability of 2015 has recently come to my attention, and I’m about to bring it to yours. No one gave it a fancy name, there were no press releases, nobody called Mandiant to come put out the fires. In fact, even though proof of concept code was released OVER 9 MONTHS AGO, none of the products mentioned in the title of the blog post have been patched, along with many more. In fact no patch is available for the Java library containing the vulnerability. In addition to any commercial products that are vulnerable, this also affects many custom applications.

For full details see the original blog post at

Submission + - Leaked Info on Comcast Data Caps (

An anonymous reader writes: I saw this on Reddit yesterday and thought to share here. A customer service rep from Comcast leaked info on the upcoming data cap expansion in the Southeastern US. The info also shows the script customer service reps are told to use if subscribers call to complain about these new usage caps.

Quoting the post:
Last night an anonymous comcast customer service employee on /b/ leaked these documents in the hopes that they would get out. Unfortunately the thread 404'd a few minutes after I downloaded these. All credit for this info goes to them whoever they are.

This info is from the internal "Einstein" database that is used by Comcast customer service reps.

The images leaked by the customer service rep:

Submission + - documents expose the inner workings of Obama's drone wars

An anonymous reader writes: A little over 2-years-ago Edward Snowden leaked a giant batch of NSA documents, Chelsea Manning handed Wikileaks a pile of government secrets in 2010, and now another source has leaked an equally impressive cache of papers focusing on Obama's drone program. The Intercept published the documents covering the U.S.A.'s use of drones to kill targets. Perhaps most eye-opening is the disclosure that as much as 90% of attacks over a five month period hit the wrong targets. According to The Intercept: "When the Obama administration has discussed drone strikes publicly, it has offered assurances that such operations are a more precise alternative to boots on the ground and are authorized only when an 'imminent' threat is present and there is 'near certainty' that the intended target will be eliminated. Those terms, however, appear to have been bluntly redefined to bear almost no resemblance to their commonly understood meanings."

Submission + - Browser Performance Tests Show Edge Fastest But Trails Standards Compliance (

MojoKid writes: The Internet and web browsers are an ever changing congruous mass of standards and design. Browser development is a delicate balance between features, security, compatibility and performance. However, although each browser has its own catchy name, some of them share a common web engine. Regardless, if you are in a business environment that's rolling out Windows 10, and the only browsers you have access to are Microsoft Edge or IE — go with Edge. It's the better browser of the two by far (security not withstanding). If you do have a choice, then there might better options to consider, depending on your use case. The performance differences between browsers currently are less significant than one might think. If you exclude IE, most browsers perform within 10-20% of each other, depending on the test. For web standards compliance like HTML5, Blink browsers (Chrome, Opera and Vivaldi) still have the upper-hand, even beating the rather vocal and former web-standards champion, Mozilla. Edge seems to trail all others in this area even though it's often the fastest in various tests.

Submission + - Beware of Oracle's Licensing 'Traps,' Law Firm Warns (

itwbennett writes: Slashdot readers are no strangers to Oracle's aggressive licensing practices, practices that have earned the notoriety over the years. This week, Texas law firm Scott & Scott wrote a blog post warning enterprises about the 'traps' in Oracle software licensing. One of the biggest problems with Oracle software is how difficult it is for companies to track internally what they're using and how they're using it, said Julie Machal-Fulks, a partner with Scott & Scott, in an interview with Katherine Noyes. 'They may use just one Oracle product and think they're using it correctly, but then Oracle comes along and says, 'no, you're using it wrong — you owe us a million bucks.'

Submission + - How is NSA breaking so much crypto? ( 1

schwit1 writes: There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a "computing breakthrough" that gave them "the ability to crack current public encryption." The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand.

However, the documents do not explain how these breakthroughs work, and speculation about possible backdoors or broken algorithms has been rampant in the technical community. Yesterday at ACM CCS, one of the leading security research venues, we and twelve coauthors presented a paper that we think solves this technical mystery.

If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn't just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to "crack" a particular prime, then easily break any individual connection that uses that prime.

Comment Re:Never understand jailbreaking an Apple iOS devi (Score 1) 217

Since having a reliable and secure phone is more important to me than features, I have have decided to get an iPhone and not jailbreak it.

You obviously didn't do any research then. The iPhone can be compromised via malicious websites with no user interaction. Apple is also really slow to fix such problems (fixes are often available via Cydia the same day, Apple can take months). How many malicious text message bugs does it take before people realize what Apple's focus is, making money, not security.

Going the speed of light is bad for your age.