Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Submission + - This Gizmo Knows Your Amex Card Number Before You've Received It (

itwbennett writes: A small device built by legendary hacker Samy Kamkar can predict what new American Express card numbers will be and trick point-of-sale devices into accepting cards without a security microchip. Because American Express appears to have used a weak algorithm to generate new card numbers, the device, called MagSpoof, can predict what a new American Express card number will be based on a canceled card's number. The new expiration date can also be predicted based on when the replacement card was requested.

Submission + - Microsoft Blames Layoffs for Drop In Gender Diversity (

itwbennett writes: This year, women made up 26.8 percent of Microsoft's total workforce, down from 29 percent in 2014, the company reported Monday. In a blog post discussing the numbers, Gwen Houston, Microsoft's general manager of diversity and inclusion, pointed the finger at the thousands of layoffs the company made to restructure its phone hardware business: 'The workforce reductions resulting from the restructure of our phone hardware business ... impacted factory and production facilities outside the U.S. that produce handsets and hardware, and a higher percentage of those jobs were held by women,' she said.

Submission + - Disney IT workers prepare to sue over foreign replacements (

JustAnotherOldGuy writes: At least 23 former Disney IT workers have filed complaints with the federal Equal Employment Opportunity Commission (EEOC) over the loss of their jobs to foreign replacements. This federal filing is a first step to filing a lawsuit alleging discrimination. These employees are arguing that they are victims of national origin discrimination, a complaint increasingly raised by U.S. workers who have lost their jobs to foreign workers on H-1B and other temporary visas. Disney's layoff last January followed agreements with IT services contractors that use foreign labor, mostly from India. Some former Disney workers have begun to go public over the displacement process

Submission + - Patreon Users Threatened By Ashley Madison Scammers (

itwbennett writes: 'Over the last few days, the group responsible for extortion attempts and death threats against Ashley Madison users has turned to a new set of targets – Patreon users,' writes CSO's Steve Ragan. 'The [Bitcoin] wallet being used by the group has barely collected anything,' says Ragan, 'suggesting that after their massive push towards Ashley Madison users, people have stopped falling for their scams.'

Submission + - New IBM Tech Lets Apps Authenticate You Without Personal Data (

itwbennett writes: IBM's Identity Mixer allows developers to build apps that can authenticate users' identities without collecting personal data. Specifically, Identity Mixer authenticates users by asking them to provide a public key. Each user has a single secret key, and it corresponds with multiple public keys, or identities. IBM announced on Friday that Identity Mixer is now available to developers on its Bluemix cloud platform.

Submission + - You Can Look Forward To 8 More Years Of Leap Second Problems (

itwbennett writes: As previously reported on Slashdot, the World Radiocommunication Conference (WRC) met 'for nearly the entire month of November, and one of the hot-button issues [was] what to do about the leap second.' But, as they did at the 2012 conference, the WRC voted to postpone the decision, but not just until the next WRC in 2019 but until the one after, in 2023, while the International Telecommunication Union (ITU) conducts further studies into the impact of tinkering with the definition of Coordinated Universal Time (UTC).

Submission + - Comcast Xfinity Wi-Fi Discloses Customer Names and Addresses (

itwbennett writes: Despite assurances that only business listings and not customer names and home addresses would appear in the public search results when someone searches for an Xfinity Wi-Fi hotspot, that is exactly what's happened when the service was initiated 2 years ago — and is still happening now, writes CSO's Steve Ragan. And that isn't the only security issue with the service. Another level of exposure centers on accountability. Ken Smith, senior security architect with K Logix in Brookline, Ma., discovered that Comcast is relying on the device’s MAC address as a key component of authentication.

Submission + - Citrix Spinning Off GoTo Collaboration Business, Laying Off 1,000 People (

itwbennett writes: In addition to the decision to spin off the GoTo collaboration products business into a new company, the initial results of Citrix's operations review, which were announced Tuesday, also involves a 'realignment of resources' that is expected to eliminate about 1,000 full-time and contract roles, over and above the effect of spinning off the GoTo business. Most of the layoffs and refocusing of resources are expected in November and in January 2016.

Submission + - New Tool Will Help Windows 10 Developers Monetize Apps (

itwbennett writes: At its Connect developer conference Wednesday, Microsoft promoted its partnership with mobile video ad network Vungle to give developers a new way to monetize new apps they're building for Windows 10. The Vungle SDK for Windows 10 is designed to let developers of so-called 'universal' apps that reach across traditional PCs, tablets and phones easily add video advertising to what they're building and get paid when users look at those ads. Adding a new, easy avenue for monetization to Windows 10 is key for Microsoft, which is trying to attract applications and developers to its Windows Store, an app store built into its new operating system. As, How-To Geek points out, at this point universal apps are 'still pretty much unusable' and if you want a good experience on Windows 10, 'you’ll still be mostly using desktop apps.'

Submission + - How Cisco is Trying To Prove It Can Keep NSA Spies Out Of Its Gear (

itwbennett writes: 'A now infamous photo [leaked by Edward Snowden] showed NSA employees around a box labeled Cisco during a so-called 'interdiction' operation, one of the spy agency's most productive programs,' writes Jeremy Kirk. 'Once that genie is out of the bottle, it's a hell of job to put it back in,' said Steve Durbin, managing director of the Information Security Forum in London. Yet that's just what Cisco is trying to do, and early next year, the company plans to open a facility in the Research Triangle Park in North Carolina where customers can test and inspect source code in a secure environment. But, considering that a Cisco router might have 30 million lines of code, proving a product hasn't been tampered with by spy agencies is like trying 'to prove the non-existence of god,' says Joe Skorupa, a networking and communications analyst with Gartner.

Submission + - Electromagnetic Pulse Weapons Could Knock Businesses Offline (

itwbennett writes: Historically only possible as a bi-product of a nuclear attack or an intended cause of a large scale missile attack, '[Electromagnetic Pulse] attacks have become more defined and developed,' says T. Casey Fleming, CEO of special operations firm BLACKOPS Partners. The U.S. and China have both announced significant progress in advancing the state of the art of these attacks. China’s advancements are in improved large-scale EMP attacks using long-range missiles such as their new DF41 mobile ICBM launchers, according to a report from The Blaze. As for the US: 'It has become public information that the U.S. Air Force has enabled the technology on a drone. They can actually surgically target a building with it,' says Fleming. The effect would be that the enterprise would be immediately shutdown and become inoperable. 'Anything to do with circuit boards and electronic technology would be blown out unless it is hardened,' says Fleming.

Submission + - Don't Fall for Drone Registration Scams, Warns FAA ( 1

itwbennett writes: It's not exactly news that there's an abundance of confusion over what owners of consumer drones can do, can't do, and need to pay for. And it doesn't help matters that the FAA and Department of Transportation in early November said they intend to set up a registry that will likely cover many small consumer drones, but it's yet to happen. Because while the government is notoriously slow, scammers are notoriously fast. 'At least one company is already offering to help people register their drones for a fee,' the FAA said. 'Owners should wait until additional details about the forthcoming drone registration system are announced later this month before paying anyone to do the work for them.'

Submission + - Could a Change in Wording Attract More Women to Infosec? (

itwbennett writes: 'Information security is an endeavor that is frequently described in terms of war,' writes Lysa Myers. 'But what would the gender balance of this industry be like if we used more terms from other disciplines?' Just 14 percent of US federal government personnel in cybersecurity specialties are women, a number startling close to the 14.5 percent of active duty military who are women (at least as of 2013). By comparison, women are well represented in other STEM fields: 'As of 2011, women earn 60 percent of bachelor-level biology degrees. Women also earn between 40 and 50 percent of chemistry, mathematics and statistics, and Earth sciences undergraduate degrees,' writes Myers. Why the difference? Myers points to a comment from someone who taught a GenCyber camp for girls: 'He found that one effective way to get girls to feel passionate about security was to create an emotional connection with the subject: e.g. the shock and distress of seeing your drone hacked or your password exposed,' writes Myers. Is it really that simple?

Submission + - After Paris, ISIS Moves Propaganda Machine To Darknet (

itwbennett writes: Over the weekend, researcher Scot Terban came across the new website of Al-Hayat Media Center, the media division of Daesh (aka ISIS/ISIL), in a post on Shamikh forum (a known jihadi bulletin board), 'someone had posted the new address and instructions for reaching it,' writes CSO's Steve Ragan. The website hosts the usual anti-Western iconography, as well as songs (Nasheeds) and poems for mujahids in various locations. Terban has mirrored the website and its files; he says he plans to publish more details in the coming days. 'Over the years, there have been several claims made that Daesh had propaganda and recruitment hubs on the Darknet, but no one has ever published proof of those claims or explored how the propaganda machine operates in public,' says Ragan.

Submission + - Can the Cloud Save Deutsche Bank From Itself? (

itwbennett writes: Like many large banks, Deutsche Bank for years followed a strategy of sacrificing upgrading back-end systems for building new client-facing solutions, ostensibly to generate new revenue. Now the company, which last month recorded a $6.6 billion loss for the third quarter, has to pay back the technical debt and has set its sights on being 'a state of the art digital standard,' according to Deutsche Bank Co-CEO John Cryan. And the path to 'digital standard' runs straight through the cloud. By 2020 the bank expects to pare its existing 45 operational systems to four, quadruple its use of private cloud systems to 80 percent, and increase application virtualization to 95 percent from 46 percent, at an estimated cost savings to run the bank of 800 million euros. Can they do it? Jost Hopperman, vice president of banking and applications and architecture at Forrester Research remains skeptical, noting that Cryan has claimed the strategy was sound, even if the execution was poor. 'I do not know what has changed to allow them to execute on plans that are not very different than plans they had previously,' said Hopperman.

Neckties strangle clear thinking. -- Lin Yutang