Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Submission + - Security Firm Cylance say Iran hackers targeted airlines, energy, defense (reuters.com)

An anonymous reader writes: Iranian hackers have infiltrated major airlines, energy companies, and defense firms around the globe over the past two years in a campaign that could eventually cause physical damage, according to U.S. cyber security firm Cylance.

The California-based company said its researchers uncovered breaches affecting more than 50 entities in 16 countries, and had evidence they were committed by the same Tehran-based group that was behind a previously reported 2013 cyber attack on a U.S. Navy network.

It did not identify the companies targeted, but said they included major aerospace firms, airports and airlines, universities, energy firms, hospitals, and telecommunications operators based in the United States, Israel, China, Saudi Arabia, India, Germany, France, England and others.

Cylance said it had evidence the hackers were Iranian, and added the scope and sophistication of the attacks suggested they had state backing.

Submission + - When Slashdot Beta goes mainstream, where will you go? 5

EzInKy writes: I'm sure most of you have checked it out, and am just as sure most of you don't like what they are plan to force upon us. So my question is, where do you plan on getting your Slashdot fix once the beta becomes the default? I know I'm trying to learn CSS so I can undo the damage they are inflicting.

Submission + - Hacker took over BBC server, tried to 'sell' access on Christmas Day

An anonymous reader writes: A hacker secretly took over a computer server at the BBC, Britain's public broadcaster, and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system.

It was not clear how the BBC, the world's oldest and largest broadcaster, uses that site, ftp.bbc.co.uk.

Submission + - How to get non-developers to send meaningful bug r 2

DemonGenius writes: I'm in the midst of a major rollout of one of our primary internal applications at work and we have a beta version available for all the staff to use. The problem here is most of the staff don't know how to send reports meaningful enough to get us devs started on solving their problems without constant back and forth correspondence that wastes both developer time and theirs. Some common examples are: screenshots of the YSOD that don't include the page URL, scaled screenshots that are unreadable, the complaint that wants to be a bug report but is still just a complaint, etc. FYI, from the user's perspective they just send an email, but that email registers in our tracking system. Any thoughts on how to get the non-devs sending us descriptive and/or meaningful reports? Does anyone here have an efficient and user-friendly bug tracking system/policy/standard at their workplace and how does it work?

Comment Re:Define professionals? (Score 1) 556

Bzzt. Try again.


That's, as of this posting, $339.99 for two 8GB DDR3 ECC DIMMS for the current-generation Mac Pro. To get to your precious 64G goal, you'd buy four of those two-dimm bundles which would total $1359.96 before taxes and shipping. And that's prices a well-known seller, without whatever coupons might be offered. I'm sure there's a newegg deal or something that'd make it even less. But that's "retail" right there. A far cry from your claimed "more than 5k by itself."

Comment Re:NASA and cards (Score 1) 44

the FIPS201 PIV (HSPD12) cards you refer to can be used for contactless authentication in a number of ways:
1. CHUID (easily duplicated, no authentication required to read from the card)
2. CAK (PKI validation of the card itself)
3. PKI (PKI validation of the cert issued to the person, stored on the card)
4. BIO (on card or off card matching of fingerprints)

3+4 = awesome stuff. if they can do it. i'd be surprised if they are using this for their doors. it's a ton of equipment, labor, time for end users, money, and burden for getting through a door.
1 = horrific, LESS secure than mifare or desfire or prox. i believe someone at Defcon was sniffing and playing these on a wall-of-sheep sort of display in '08 or '09

now. wanna know how most organizations are doing contactless access control with their HSPD-12 cards? they get them manufactured with a mifare or desfire inlay inside, instead of the contactless antenna for the PIV electronics. and they can even go further and have a PIV+Mifare+Prox card or PIV+Desfire+Prox card by putting a oldschool 125khz prox inlay inside as well (different frequencies, so no interference)

to the outsider or layperson it looks like your super-sexy PIV card is doing everything. In reality, it's the same old tech sandwiched in the middle of your PIV card.

not saying this is the case at NASA, i have no knowledge of their PIV deployment. But this is how it's done elsewhere.....

Submission + - Clever Patch Cable Management

sooth... writes: What clever ways have network administrators found to cleanly sort varying length patch cables withing IDFs, BDFs, and MDFs or simply wiring closets? Pictures or examples are welcome.

We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. -- Larry Wall