Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Submission + - Photo bomb: CVS, Costco admit customer data stolen from printing firm (

chicksdaddy writes: The pharmacy giant CVS and discount wholesaler Costco acknowledged that a security incident at a third party firm that provides photoprinting services resulted in the exposure of customer data including credit card information, account credentials and e-mail addresses.

Customers of the two stores were advised to change their passwords and to beware of scams in the wake of the incident, which stems from the hack of the Canadian firm PNI Digital Media in July. Questions remain about the extent of the breach and its impact on other, large retailers that used PNI including Sam’s Club and Rite-Aid.

In a message on its web site dated Sept. 11, CVS admitted that a reported breach at PNI Digital Media “potentially resulted in the unauthorized acquisition of data entered by certain customers on” ( Data exposed included customers’ first and last name, phone number, email address and user name and password. In an email dated September 7, Costco separately acknowledged to its customers that some users of its online photo store may have had credit card information stolen directly from the site during their shopping session if they used the site between June 19 and July 15th, 2015.

The conclusion that customers lost data in the breach is the first indication that the incident involved the theft of personal financial information. It follows a forensic investigation of the incident, which was first reported in July. The incident resulted in the suspension of activity on, and other sites for more than a month as an investigation ensued.

Official response to the breach have varied in the weeks since it became public. In an e-mail dated September 7, Costco said that its online photo site,, was back online. That, despite the fact that “some Costco members who typed credit card numbers onto the site during the compromise window had credit card information (including security code and expiration date) taken.” The customer’s name, phone number, billing address, email address, password and ship-to information may have also been exposed but “stored credit card numbers or photos” were not believed to be compromised, Costco said. Despite brining some photo store features back online, Costco said that full access to customer photos will not be available immediately, with photos from 2013 or earlier inaccessible “for another few weeks” – a suggestion that the relaunch of PNI’s service is not yet complete.

Responses have varied.'s photo web site remains down and the site does not reflect the most recent findings of the forensic investigation. ( Sam’s Club has restored their online photo store and described a fairly low level compromise to its customers in which no data or photos were compromised in the incident at PNI. Sam’s Club even suggested that updating the password they used at PNI was “optional,” suggesting the impact of the breach was felt unevenly across PNI’s customer base.

Submission + - Unearthed E.T. Atari Game Cartridges Score $108K At Auctions ( 1

MojoKid writes: Hundreds of Atari 2600 cartridges of E.T. The Extra Terrestrial that were excavated last year from a landfill in Alamogordo, New Mexico collectively raked in nearly $108,000 through eBay auctions. Some $65,000 of that will go to the city of Alamogordo, while the Tularosa Basin Historical Society will receive over $16,000. Over $26,600 went to shipping fees and other expenses. A team of excavators led by operational consultant Joe Lewandowski unearthed the E.T. cartridges in front of a film crew. The high profile (among gaming historians) dig was the basis a documentary called Atari: Game Over, which is available for free through the Microsoft Store.

Submission + - Australians forced to pay as latest encryption virus is 'unbreakable' (

An anonymous reader writes: Australians are paying thousands of dollars to overseas hackers to rid their computers of an unbreakable virus ..

The deputy chairwoman of the Australian Competition and Consumer Commission, Delia Rickard, said over the past two months there had been a spike in the number of people falling victim to the scam.

The commission has received 2,500 complaints this year and estimates about $400,000 has been paid to the hackers.

Submission + - Why Pilots May Not See Your Drone ( 3

stowie writes: Hundreds or even thousands of feet away from a cloud, a commercial pilot will not be looking outside. And the pilot will definitely not be looking outside while in the clouds, and will likely remain staring at the control panel once out of clouds. In certain conditions, commercial pilots fly solely by instrument. They are actually prohibited from looking out the window to see anything and they must fly the airplane exclusively using those gauges. They must take off and fly almost the entire flight without looking out the window. In some cases, the pilots can’t look outside until they are only 200 feet above the ground, meaning it could be too late when the pilot sees a drone.

Submission + - Hackers Trick Email Systems Into Wiring Them Large Sums ( 1

schwit1 writes: Cybercriminals are exploiting publicly available information and weaknesses in corporate email systems to trick small businesses into transferring large sums of money into fraudulent bank accounts, in schemes known as "corporate account takeover" or "business email fraud."

Companies across the globe lost more than $1 billion from October 2013 through June 2015 as a result of such schemes, according to the Federal Bureau of Investigation. The estimates include complaints from businesses in 64 countries, though most come from U.S. firms. Both "organized crime groups from overseas and domestic-based actors" are typical perpetrators, said Patrick Fallon, a section chief in the FBI's Criminal Investigative Division.

Submission + - Digg cofounder Jay Adelson on Reddit's meltdown ( 1

harrymcc writes: As Reddit has experienced a revolt of its community in recent weeks, many pundits have referenced Digg--the once-mighty social news site which predated Reddit and suffered its own member rebellion. But Digg's cofounder and former CEO, Jay Adelson, told Fast Company's Jared Newman that the two situations aren't as similar as they may appear.

Submission + - China's Unsettling Stock Market Collapse (

schwit1 writes: The Shanghai index is firmly in bear market territory, down 28.6% since the June peak, while the tech-heavy Shenzhen Composite has fallen 33.2%.

There were also signs on Friday that the stock market turmoil is beginning to reverberate beyond China. The Australian dollar, often traded as a proxy for China growth, is down 1.2% to a six-year low of US$0.7539. The 21st Century Business Herald, a Chinese daily newspaper, on Friday quoted multiple futures traders as saying they had received phone calls from the China Financial Futures Exchange instructing them not to short the market.

China's financial titans are attempting to set up a "market stabilization fund." This doesn't sound good.

Submission + - SpaceX Dragon V2 passes pad-abort milestone w/ NASA

taiwanjohn writes: NASA has approved a $30 million milestone payment to SpaceX under the agency’s Commercial Crew Integrated Capability (CCiCap) agreement with the company following a recent and successful pad abort test of its Crew Dragon spacecraft.

“The reams of data collected provide designers with a real benchmark of how accurate their analyses and models are at predicting reality. As great as our modern computational methods are, they still can’t beat a flight test, like this, for finding out what is going on with the hardware,” said Jon Cowart, partner manager for NASA’s Commercial Crew Program.

The next milestone will be an in-flight abort test, scheduled for this fall.

Submission + - Undetectable NSA-linked hybrid malware hits Intel Security radar ( 1

Errorcod3 writes: CTB Locker ransomware attacks rose 165 per cent in the first three months of 2015.

More than a third (35 per cent) of victims were based in Europe, McAfee Labs reported. CTB Locker encrypts files and holds them hostage until the ransom is paid. As such, the crimeware is picking up the baton that dropped with the takedown of the infamous CryptoLocker ransomware scam in May last year.

The latest edition of Intel Security's report, released on Tuesday, reports attacks on firmware for the first time. More specifically, the report details "persistent and virtually undetectable attacks" by the so-called Equation Group that reprogram hard disk drives and solid state drive firmware.

McAfee Labs assessed the reprogramming modules exposed in February and found that they could be used to reprogram the firmware in SSDs in addition to the previously-reported HDD reprogramming capability.
Once reprogrammed, the HDD and SSD firmware can reload associated malware each time infected systems boot and the malware persists even if the drives are reformatted or the operating system is reinstalled.

Once infected, security software cannot detect the associated malware stored in a hidden area of the drive.

Submission + - USAF thinking of sharing space surveillance data with scientists (

Taco Cowboy writes: The data could be redacted nevertheless the United States Air Force is thinking of open up its treasure trove of space surveillance data that the military doesn’t need for its space situational awareness mission could be made available to scientists interested in using that data to search for asteroids or other research

“We collect a lot of data, and a lot of data we throw off to the side because it isn’t relevant to national security,” Whelan said in a talk at an asteroid science symposium here March 26 organized by the Universities Space Research Association and George Washington University’s Space Policy Institute. “Our trash is your treasure”

With upgrades to the network, including the upcoming Space Surveillance Telescope and the Space Fence radar, will provide the Air Force will vast amounts of additional data, which the service plans to process only to the level needed to carry out its mission of tracking objects in Earth orbit

“We’re going to have all of this data. We’re not going to process it as deeply as you might process data,” he said. “We will consume what we want to consume, the rest of it will go onto the floor”

Whelan said DARPA will hand over the telescope to the Air Force to incorporate into the Space Surveillance Network by 2017. “Those of you who have played with this know that it is a vacuum cleaner. It sucks up all kinds of data,” he said of the telescope

That telescope, coupled with the Space Fence radar system scheduled to begin operating by 2019, will greatly increase the Air Force’s ability to track satellites and other objects in Earth orbit. “We expect our catalog to explode in size,” Whelan said, from the current 22,000 objects being tracked to more than 50,000

In a separate presentation at the symposium, Mark Boslough of the U.S. Department of Energy’s Sandia National Laboratory in New Mexico showed a map of airbursts in the upper atmosphere caused by exploding meteors. He described the data, released just in the last few months, as coming from “U.S. government sensors” without being more specific. It is widely believed, however, that the information comes from U.S. missile warning satellites

Those data showed approximately 550 such events from 1994 through 2013, including the February 2013 airburst above Chelyabinsk, Russia, that released the equivalent of nearly half a megaton of TNT. That single event, Boslough said, accounted for at least as much energy as all the others combined

Submission + - Apple posts $18B quarterly profit, highest ever by any company

jmcbain writes: Today, Apple reported its financial results for the quarter ending December 31, 2014. It posted $18 billion in profit (on $74 billion in revenue), the largest quarterly profit by any company ever. The previous record was $16 billion by Russia’s Gazprom (the largest natural gas extractor in the world) in 2011. Imagine how much better Apple could be if they open-sourced their software.

Submission + - The untold story of the invention of the game cartridge ( 2

harrymcc writes: In 1973, an obscure company which had been making electronic cash registers looked for a new business opportunity. It ended up inventing the game cartridge--an innovation which kickstarted a billion-dollar industry and helped establish videogames as a creative medium. The story has never been told until now, but over at Fast Company, Benj Edwards chronicles the fascinating tale, based on interviews with the engineers responsible for the feat back in the mid-1970s.

Submission + - New Flash Zero Day Found in Angler Exploit Kit 1

Trailrunner7 writes: The dangerous Angler exploit kit has a new piece of ammunition to use in its attacks: a fresh Adobe Flash zero-day vulnerability. The kit is exploiting the previously unknown vulnerability in several versions of Internet explorer running on Windows 7 and Windows 8.

French security researcher Kafeine has spotted a version of the Angler kit that’s firing exploits for several vulnerabilities in Flash, including two known bugs. But the big problem is that the kit also has exploit code for what appears to be a zero-day in the latest version of Flash, version Kafeine said that he first spotted the exploit for the zero-day in Flash on Wednesday and that it is being used to install a piece of malware known as Bedep.

The researcher said that not all instances of Angler are using the new Flash zero-day exploit, nor is it being used against all of the popular browsers. In his tests, Kafeine found that IE 10 on Windows 8, IE 8 on Windows 7 and IE 6-9 on Windows XP all are being exploited. Chrome is not being targeted and fully patched Windows 8.1 is not exploitable, he said.

Adobe officials said they are looking into the report.

Submission + - Illinois Says Rule-Breaking Students Must Give Teachers Their Facebook Passwords (

derekmead writes: School districts in Illinois are telling parents that a new law may require school officials to demand the social media passwords of students if they are suspected in cyberbullying cases or are otherwise suspected of breaking school rules.

The law (PDF), which went into effect on January 1, defines cyberbullying and makes harassment on Facebook, Twitter, or via other digital means a violation of the state's school code, even if the bullying happens outside of school hours.

A letter sent out to parents in the Triad Community Unit School District #2, a district located just over the Missouri-Illinois line near St. Louis, that was obtained by Motherboard says that school officials can demand students give them their passwords.

Slashdot Top Deals

The universe seems neither benign nor hostile, merely indifferent. -- Sagan