Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

+ - Netgear and ZyXEL Confirm NetUSB Flaw, Are Working on Fixes->

Submitted by itwbennett
itwbennett writes: In follow-up to a story that appeared on Slashdot yesterday about a critical vulnerability in the NetUSB service, networking device manufacturers ZyXEL Communications and Netgear have confirmed that some of their routers are affected and said they are working on fixes. ZyXEL will begin issuing firmware updates in June, while Netgear plans to start releasing patches in the third quarter of the year.
Link to Original Source

+ - US Proposes Tighter Export Rules for Computer Security Tools->

Submitted by itwbennett
itwbennett writes: The U.S. Commerce Department has proposed tighter export rules for computer security tools and could prohibit the export of penetration testing tools without a license. The proposal would modify rules added to the Wassenaar Arrangement in 2013 that limit the export of technologies related to intrusion and traffic inspection. The definition of intrusion software would also encompass 'proprietary research on the vulnerabilities and exploitation of computers and network-capable devices,' the proposal said.
Link to Original Source

+ - Health Insurer CareFirst Reveals Cyberattack Affecting 1.1 Million->

Submitted by itwbennett
itwbennett writes: CareFirst BlueCross BlueShield, has disclosed it fell victim to a cyberattack in June last year that affected about 1.1 million people. The attack targeted a single database that contained information about CareFirst members and others who accessed its websites and services, the company said Monday.
Link to Original Source

+ - The Reason For Java's Staying Power: It's Easy To Read->

Submitted by jfruh
jfruh writes: Java made its public debut twenty years ago today, and desite a sometimes bumpy history that features its parent company being absorbed by Oracle, it's still widely used. Mark Reinhold, chief architect for the Oracle's Java platform group, offers one explanation for its continuing popularity: it's easy for humans to understand it at a glance. "It is pretty easy to read Java code and figure out what it means. There aren’t a lot of obscure gotchas in the language ... Most of the cost of maintaining any body of code over time is in maintenance, not in initial creation."
Link to Original Source

+ - New Chrome Extension Uses Sound To Share URLs Between Devices->

Submitted by itwbennett
itwbennett writes: Google Tone is an experimental feature that could be used to easily and instantly share browser pages, search results, videos and other pages among devices, according to Google Research. 'The initial prototype used an efficient audio transmission scheme that sounded terrible, so we played it beyond the range of human hearing,' researcher Alex Kauffmann and software engineer Boris Smus wrote in a post on the Google Research blog.
Link to Original Source

+ - David Letterman's Top 5 Tech Innovations->

Submitted by itwbennett
itwbennett writes: During the combined 33 year run of Late Night With David Letterman and the Late Show with David Letterman, Dave and his crew introduced some, um, original technologies that, while not having the impact of, say, Windows, Google or the iPhone, still made quite an impression. From The Late Night Monkey-Cam Mobile Unit to The Late Show Hose Cam, here are 5 innovative (or, at least, original) uses of technology that Dave and company gave to the world.
Link to Original Source

+ - E-paper Display Gives Payment Cards a Changing Security Code->

Submitted by itwbennett
itwbennett writes: Using payment cards with an embedded chip makes payments more secure in physical stores, but it’s still relatively easy for criminals to copy card details and use them online. Payment specialist Oberthur Technologies has another idea, which it will soon be testing in France. Oberthur’s Motion Code technology replaces the printed 3-digit CVV (Card Verification Value) code with a small e-paper display. The code changes periodically, reducing the time a fraudster has to act.
Link to Original Source

+ - Critical Vulnerability in NetUSB Driver Exposes Millions of Routers to Hacking->

Submitted by itwbennett
itwbennett writes: NetUSB, a service that lets devices connected over USB to a computer be shared with other machines on a local network or the Internet, is implemented in Linux-based embedded systems, such as routers, as a kernel driver. Once enabled, it opens a server that listens on TCP port 20005 for connecting clients. Security researchers from a company called Sec Consult found that if a connecting computer has a name longer than 64 characters, a stack buffer overflow is triggered in the NetUSB service.
Link to Original Source

+ - Google Offers Cheap Cloud Computing For Low-Priority Tasks->

Submitted by jfruh
jfruh writes: Much of the history of computing products and services involves getting people desperate for better performance and faster results to pay a premium to get what they want. But Google has a new beta service that's going in the other direction — offering cheap cloud computing services for customers who don't mind waiting. Jobs like data analytics, genomics, and simulation and modeling can require lots of computational power, but they can run periodically, can be interrupted, and can even keep going if one or more nodes they're using goes offline.
Link to Original Source

+ - FTC Recommends Conditions for Sale of RadioShack Customer Data->

Submitted by itwbennett
itwbennett writes: The U.S. Federal Trade Commission has weighed in on the contentious issue of the proposed sale of consumer data by bankrupt retailer RadioShack, recommending that a model be adopted based on a settlement the agency reached with failed online toy retailer Toysmart.com. Jessica L. Rich, director of the FTC’s bureau of consumer protection, said in a letter to a court-appointed consumer privacy ombudsman that the agency’s concerns about the transfer of customer information inconsistent with RadioShack’s privacy promises 'would be greatly diminished' if certain conditions were met, including that the data was not sold standalone, and if the buyer is engaged in substantially the same lines of business as RadioShack, and expressly agrees to be bound by and adhere to the privacy policies.
Link to Original Source

+ - In Desperation, Ransomware Victims Plead with Attackers->

Submitted by itwbennett
itwbennett writes: Researchers from FireEye recently collected messages from a Web site set up by the creators of a ransomware program called TeslaCrypt to interact with their victims. The messages offer a rare glimpse into the mindset of these cybercriminals and the distress they cause. Among the victims: a father who has been robbed of his baby’s pictures; an employee who lost business files to the malware and now fears losing his job; a housecleaning business set up by maids who can’t afford to pay the ransom.
Link to Original Source

+ - United Launches Bug Bounty, In-Flight Systems Off Limits->

Submitted by itwbennett
itwbennett writes: United Airlines is offering rewards to researchers for finding flaws in its websites but the company will not accept bugs found in onboard Wi-Fi, entertainment or avionics systems, which the U.S. government says may be increasingly targeted by hackers. And as a reward for their efforts, researchers won't get the piles of cash typically associated with such programs, but instead will get miles that can be used for the company’s Mileage Plus loyalty program.
Link to Original Source

+ - Qualcomm Wants To Power The Internet Of Things->

Submitted by jfruh
jfruh writes: The Internet Of Things — the world of omnipresent embedded network devices that true believers think is just around the corner — is a potential gold mine to whatever tech vendors can grab an early lead in the market. And Qualcomm thinks it's uniquely positioned to do so, with its solid background in low-powered processors and wireless networking giving it a leg up.
Link to Original Source

+ - China-Based Hackers Used Microsoft's TechNet for Attacks->

Submitted by itwbennett
itwbennett writes: The China-based hacking group, which security vendor FireEye calls APT17, created accounts on TechNet and then left comments on certain pages. Those comments contained the name of an encoded domain, which computers infected by the group’s malware were instructed to contact. The encoded domain then referred the victim’s computer to a command-and-control server that was part of APT17’s infrastructure, said Bryce Boland, FireEye’s chief technology officer for Asia-Pacific.
Link to Original Source

There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. -- Jeremy S. Anderson

Working...