Please create an account to participate in the Slashdot moderation system


Forgot your password?

Submission + - Microsoft, Tesla, build smart, adaptable, long-life battery that predicts usage (

mask.of.sanity writes: Engineers from Microsoft, Tesla, and Columbia and Massachusetts universities have teamed up to develop what on paper looks like a revolution in consumer battery technology that meets demands for fast charge, long life, and the ability to bend. The "Software-Defined Battery" system allows different batteries with different chemistries to be integrated into the same system. Fast charging and the ability to work for longer by adapting to different tasks are the result of the blended battery plan. Read the PDF paper.

Submission + - iCloud celebrity hacker admin reveals RipSec, says 11,300 accounts raided (

mask.of.sanity writes: The chief hacker behind the infamous iCloud celebrity hacks has revealed in a documentary how the group dubbed RipSec shook Hollywood by plundering thousands of naked photos and financial data of Tinsel Town icons. The film maker gained access to RipShock using a photoshopped naked image of major TV star who offered access to her iCloud account.

Submission + - Inside the booming, unhinged, and dangerous malvertising menace (

mask.of.sanity writes: A feature on the online malicious advertising (malvertising) menace that has become an explosively potent threat to end-user security on the internet. Experts say advertising networks and exchanges need to vet their customers, and publishers need to vet the third party content they display. Users should also consider script and ad blockers in the interim.

Submission + - High-heeled hacker builds pen-test kit into skyscraper shoes (

mask.of.sanity writes: A Chinese hardware hacker has created a penetration testing toolkit built into high-heeled shoes to help social engineers slip hacking tools into secure areas. The WiFi-popping platforms were forged in a 3D printer and contain spacing so that hacking hardware can be hidden to bypass strict security checks in place at datacentres and the like and later retrieved.

Original album source is somewhat NSFW.

Submission + - Microsoft drops out-of-band Internet Explorer fix for remote code executio hole (

mask.of.sanity writes: Microsoft has released an out-of-band patch for Internet Explorer versions seven to 11 that closes a dangerous remote code execution flaw allowing attackers to commandeer machines.

The attack will be a highly useful tool in hacker arsenals likely allowing them to build powerful phishing, watering hole, and malvertising campaigns. Windows 10 Edge browser is not impacted.

Submission + - Gazan medico team 3D-prints world-leading stethoscope for 30c (

mask.of.sanity writes: Tarek Loubani, an emergency physician working in the Gaza strip, has 3D-printed a 30 cent stethoscope that beats the world's best $200 equivalent as part of a project to bottom-out the cost of medical devices.

Loubani together with a team of medical and technology specialists designed the stethoscope and tested it against global standard benchmarks, finding it out performed the gold-standard Littmann Cardiology 3. They now intend to make a range of ultra-low cost medical devices for the developing world.

Submission + - Easy to exploit critical BIND DoS bug affects all DNS (

mask.of.sanity writes: Attackers now have the ability to disrupt large swathes of the web through a remote denial of service vulnerability found in the most widely used software for DNS servers. The BIND bug (CVE-2015-5477) patched overnight affects all DNS servers running the software, and can be attacked with ease. Attackers can send a crafted DNS query packet to trigger a REQUIRE assertion failure, causing BIND to exit.

Submission + - Hackers flay open Italian surveillance company Hacking Team (

mask.of.sanity writes: Italian surveillance software outfit Hacking Team has allegedly been cracked by hackers who exfiltrated some 400Gbs of data and upoaded it to BitTorrent.

The data allegedly includes audio recordings, emails, and source code for its popular Da Vinci malware surveillance software it sells to law enforcement agencies claiming to only deal with ethical governments. The company is marked as an Enemy of the Internet by activist outfit Reporters Without Borders.

The hackers also hijacked Hacking Team's Twitter account where they are revealing alleged email screenshots from Hacking Team's CEO, revealing customers and other sensitive internal discussions.

The leaked stolen data if accurate will result in a massive fall out for the company in the coming days.

Submission + - Killer character HOSES almost all versions of Adobe Reader, Windows (

mask.of.sanity writes: Google Project Zero hacker Mateusz Jurczyk has dropped 15 remote code execution vulnerabilities, including a single devastating hack against Adobe Reader and Windows he reckons beats all exploit defences.

The accomplished offensive security researcher published a video demonstration of the exploit for 32-bit and 64-bit systems. His slides are here [PDF].

Submission + - Spooks BUSTED: 27,000 profiles reveal new intel ops, home addresses (

mask.of.sanity writes: Researchers have collected the LinkedIn profiles of 27,000 intelligence officers they say are working on surveillance programs.

The resulting dump not only names the officers, but in some cases tells you where they live, and has revealed codenames and context for new intelligence programs.

The records are compiled into the ICWatch database searchable by company, title, name, and location.

Submission + - Buggy Win 95 code almost wrecked Stuxnet campaign (

mask.of.sanity writes: Super-worm Stuxnet could have blown its cover and failed its sabotage mission due to a bug that allowed it to spread to ancient Windows boxes, malware analysts say. Stuxnet was on the brink of failure thanks to buggy code allowing it to spread to PCs running older and unsupported versions of Windows, and probably causing them to crash as a result. Those blue screens of death would have raised suspicions at the Natanz nuclear lab.

Submission + - POS vendor uses same password - 166816 - non-stop since 1990 (

mask.of.sanity writes: Fraud fighters David Byrne and Charles Henderson say one of the world's largest Point of Sale systems vendors has been slapping the same default passwords – 166816 – on its kit since 1990. Worse still: about 90 per cent of customers are still using the password. Fraudsters would need physical access to the PoS in question to exploit it by opening a panel using a paperclip.

But such physical PoS attacks are not uncommon and are child's play for malicious staff. Criminals won't pause before popping and unlocking. The enraged pair badged the unnamed PoS vendor by its other acronym labelling it 'Piece of S***t

Submission + - 'Super-secure' BlackPhone pwned by super-silly txt msg bug (

mask.of.sanity writes: The maker of BlackPhone – a mobile marketed as offering unusually high levels of security – has patched a critical vulnerability that allows hackers to run malicious code on the handsets. Attackers need little more than a phone number to send a message that can compromise the devices via the Silent Text application.

The impact of the flaw is troubling because BlackPhone attracts what hackers see as high-value victims: those willing to invest AU$765 (£415, $630) in a phone that claims to put security above form and features may well have valuable calls and texts to hide from eavesdroppers.

Submission + - Adobe: Click-to-Play would have avoided Java zero-day massacre (

mask.of.sanity writes: Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button to enable Java.

Don't sweat it -- it's only ones and zeros. -- P. Skelly