Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

+ - C Code On GitHub Has the Most 'Ugly Hacks'->

Submitted by itwbennett
itwbennett writes: An analysis of GitHub data shows that C developers are creating the most ugly hacks — or are at least the most willing to admit to it. To answer the question of which programming language produces the most ugly hacks, ITworld's Phil Johnson first used the search feature on GitHub, looking for code files that contained the string 'ugly hack'. In that case, C comes up first by a wide margin, with over 181,000 code files containing that string. The rest of the top ten languages were PHP (79k files), JavaScript (38k), C++ (22k), Python (19k), Text (11k), Makefile (11k), HTML, (10k), Java (7k), and Perl (4k). Even when controlling for the number of repositories, C wins the ugly-hack-athon by a landslide, Johnson found.
Link to Original Source

+ - 3-D Printed Gun Lawsuit Starts the War Between Arms Control and Free Speech->

Submitted by SonicSpike
SonicSpike writes: This week marks the two-year anniversary since Cody Wilson, the inventor of the world’s first 3-D printable gun, received a letter from the State Department demanding that he remove the blueprints for his plastic-printed firearm from the internet. The alternative: face possible prosecution for violating regulations that forbid the international export of unapproved arms.

Now Wilson is challenging that letter. And in doing so, he’s picking a fight that could pit proponents of gun control and defenders of free speech against each other in an age when the line between a lethal weapon and a collection of bits is blurrier than ever before.

Wilson’s gun manufacturing advocacy group Defense Distributed, along with the gun rights group the Second Amendment Foundation, on Wednesday filed a lawsuit against the State Department and several of its officials, including Secretary of State John Kerry. In their complaint, they claim that a State Department agency called the Directorate of Defense Trade Controls (DDTC) violated their first amendment right to free speech by telling Defense Distributed that it couldn’t publish a 3-D printable file for its one-shot plastic pistol known as the Liberator, along with a collection of other printable gun parts, on its website.

Link to Original Source

+ - Researcher: drug Infusion Pump is the 'least secure IP device' he's ever seen->

Submitted by chicksdaddy
chicksdaddy writes: This is a bad month for the medical equipment maker Hospira. First, security researcher Billy Rios finds a raft of serious and remotely exploitable holes in the company's MedNet software, prompting a vulnerability alert from ICS CERT. Now, one month later, ICS CERT is again warning of a "10 out of 10" critical vulnerability, this time in Hospira's LifeCare PCA drug infusion pump.(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3459)

The problem? According to this report by Security Ledger (https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/) the main problem was an almost total lack of security controls on the device. According to independent researcher Jeremy Williams, the PCA pump listens on Telnet port 23. Connecting to the device via Telnet, he was brought immediately to a root shell account that gave him total, administrator level access to the pump without authentication. “The only thing I needed to get in was an interest in the pump,” he said.

Richards found other examples of loose security on the PCA 3: a FTP server that could be accessed without authentication and an embedded web server that runs Common Gateway Interface (CGI). That could allow an attacker to tamper with the pump’s operation using fairly simple scripts.

Also: The PCA pump stores wireless keys used to connect to the local (medical device) wireless network in plain text on the device. That means anyone with physical access to the Pump (which has an ethernet port) could gain access to the local medical device network and other devices on it.
The problems prompted Richards to call the PCA 3 pump “the least secure IP enabled device” he has ever worked with. (http://hextechsecurity.com/?p=123)

Hospira did not responded to requests for comment prior to publication.

Link to Original Source

+ - MacKeeper May Have To Pay Millions In Class-Action Suit->

Submitted by jfruh
jfruh writes: If you use a Mac, you probably recognize MacKeeper from the omnipresent popup ads designed to look vaguely like system warnings urging you to download the product and use it to keep your computer safe. Now the Ukranian company behind the software and the ads may have to pay millions in a class action suit that accuses them of exaggerating security problems in order to convince customers to download the software.
Link to Original Source

+ - Capitol Hill's Uber caucus->

Submitted by Anonymous Coward
An anonymous reader writes: In all, some 275 federal politicians and political committees together spent more than $278,000 on at least 7,625 Uber rides during the 2013-2014 election cycle, a Center for Public Integrity analysis of campaign spending records indicates.

That’s a roughly 18-fold spending increase from the previous election cycle, when federal committees together spent about $15,000 on Uber services. It represents a veritable monopoly, too: Almost no political committee used Uber’s direct competitors, Lyft and Sidecar, according to the analysis, and traditional taxi use declined precipitously.

Bipartisan love of Uber abounds, with politicos of all stripes composing a de facto Uber caucus, voting with their money for a wildly popular but controversial company.

Link to Original Source

+ - The extreme lengths console gamers go to mod Pro Evo->

Submitted by Anonymous Coward
An anonymous reader writes: Konami's Pro Evolution Soccer has always been the losing side in the match against EA Sports' FIFA for football league and team licensing, but that hasn't stopped dedicated modders. While PES' editing tools make uploading accurate team data and player appearances on PC relatively trivial, as a new feature reveals, there's just as much demand for the real thing from console PES gamers — but doing the same on restricted hardware is much more taxing.

"Microsoft's DRM management policies cause problems (on Xbox 360) because it means they have never enabled the console to copy music, film, or PGN images onto the hard drive like you could with the PS3. If I edited on the PS3 it would take 20-seconds to import a kit design I created in Photoshop into PES. To make the same design on Xbox would take me hours to hand draw the same thing," says Damien Winter, who has been creating console option files for Pro since 2008. Unfortunately, things are even tougher on Xbox One and PS4. "They both adopted Microsoft's Xbox 360 policies and they won't allow anyone to import images into the console memory," he says. "This, combined with no in game pixel editor, means the team kits have no logos. They can only have the correct kit colours and patterns. On top of that, both Sony and Microsoft have blocked the ability for anyone to share their work."

Link to Original Source

+ - No Justice for Victims of Identity Theft->

Submitted by chicksdaddy
chicksdaddy writes: The Christian Science Monitor's Passcode features a harrowing account of one individual's experience of identity theft.(http://passcode.csmonitor.com/identity-stolen) CSM reporter Sara Sorcher recounts the story of "Jonathan Franklin" (not his real name) a New Jersey business executive who woke up to find thieves had stolen his identity and racked up $30,000 in a shopping spree at luxury stores including Versace and the Apple Store. The thieves even went so far as to use personal info stolen from Franklin to have the phone company redirect calls to his home number, which meant that calls from the credit card company about the unusual spending went unanswered.

Despite the heinousness of the crime and the financial cost, Sorcher notes that credit card companies and merchants both look on this kind of theft as a "victimless crime" and are more interested in getting reimbursed for their losses than trying to pursue the thieves. Police departments, also, are unable to investigate these crimes, lacking both the technical expertise and resources to do so. Franklin notes that he wasn't even required to file a police report to get reimbursed for the crime.
“As long as their loss is covered they move on to [handling] tomorrow’s fraud,” Franklin observes. And that makes it harder for victims like Franklin to move on, “In some way, I’m seeking some sense of justice,” Franklin said. “But it’s likely not going to happen.”

Link to Original Source

+ - Hostage Saves Herself Via Pizza Hut App->

Submitted by jones_supa
jones_supa writes: A Florida woman had been arguing most of the day with her boyfriend, who carried "a large knife". When she attempted to leave the residence to pick up the children from school, the boyfriend grabbed her and took her cell phone. He then accompanied her to pick up the children. Upon returning home, the boyfriend held the rest of the family as hostages. She eventually convinced him to let her use the cell phone to order a pizza which is when she sent the message to Pizza Hut. Being clever, she exploited the comment feature of the app to alert the authorities that she was in trouble. Officers were dispatched both to the Pizza Hut location and to the woman's home, where she and her children were quickly released, unharmed, and the kidnapper was arrested.
Link to Original Source

+ - Visualizations of Rebel Alliances in the UK Government->

Submitted by Anonymous Coward
An anonymous reader writes: I just published this article and thought it might be of interest to Slashdot readers.

It's about a collection visualizations I created based on public voting data from The Public Whip project, which collects and normalizes voting data from the UK House of Commons. The visualizations show relationships between MPs, with a focus on agreement rates, and more interestingly — rebellion.

Link to Original Source

+ - The World's Most Wasteful Megacity

Submitted by merbs
merbs writes: The world’s most wasteful megacity is a densely populated, steadily aging, consumerist utopia where we buy, and throw away, a staggering amount of stuff. Where some faucet, toilet, or pipe, is constantly leaking in our apartments. Where an armada of commerce-beckoning lights are always on. Where a fleet of gas-guzzling cars still clog the roadways. I, along with my twenty million or so neighbors, help New York City use more energy, suck down more water, and spew out more solid waste than any other mega-metropolitan area.

+ - Cyberlock lawyers threaten security researcher over vulnerability disclosure

Submitted by qubezz
qubezz writes: Security researcher Phar (Mike Davis/IOActive) gave his 30 days of disclosure notice to Cyberlock (apparently a company that makes electronic lock cylinders) that he would release a public advisory on vulnerabilities he found with the company's security devices. On day 29, their lawyers responded with a request to refrain, feigning ignorance of the previous notice, and invoking mention of the DMCA (this is not actually a DMCA takedown notice, as the law firm is attempting to suppress initial disclosure through legal wrangling). Mike's blog states:


The previous DMCA threats are from a company called Cyberlock, I had planned to do a fun little blog post (cause i .. hate blog posts) on the fun of how I obtained one, extracted the firmware bypassing the code protection and figured out its "encryption" and did various other fun things a lock shouldn't do for what its marketed as.. But before I could write that post I needed to let them know what issues we have deemed weaknesses in their gear.. the below axe grinderery is the results.

What should researchers do when companies make baseless legal threats to maintain their security-through-obscurity?

+ - Google Can't Ignore The Android Update Problem Any Longer->

Submitted by Anonymous Coward
An anonymous reader writes: An editorial at Tom's Hardware makes the case that Google's Android fragmentation problem has gotten too big to ignore any longer. Android 5.0 Lollipop and its successor 5.1 have seen very low adoption rates — 9.0% and 0.7% respectively. Almost 40% of users are still on KitKat. 6% lag far behind on Gingerbread and Froyo. The article points out that even Microsoft is now making efforts to both streamline Windows upgrades and adapt Android (and iOS) apps to run on Windows. If Google doesn't adapt, "it risks having users (slowly but surely) switch to more secure platforms that do give them updates in a timely manner. And if users want those platforms, OEMs will have no choice but to switch to them too, leaving Google with less and less Android adoption." The author also says OEMs and carriers can no longer be trusted to handle operating system updates, because they've proven themselves quite incapable of doing so in a reasonable manner.
Link to Original Source

+ - French parliament approves new surveillance rules->

Submitted by mpicpp
mpicpp writes: The French parliament has approved a controversial law strengthening the intelligence services, with the aim of preventing Islamist attacks.
The law on intelligence-gathering, adopted by 438 votes to 86, was drafted after three days of attacks in Paris in January, in which 17 people died.
The Socialist government says the law is needed to take account of changes in communications technology.
But critics say it is a dangerous extension of mass surveillance.
They argue that it gives too much power to the state and threatens the independence of the digital economy.

Main provisions of the new law:

Define the purposes for which secret intelligence-gathering may be used

Set up a supervisory body, the National Commission for Control of Intelligence Techniques (CNCTR), with wider rules of operation

Authorise new methods, such as the bulk collection of metadata via internet providers

Link to Original Source

+ - But can the IAEA verify the Iran deal?-> 1

Submitted by Lasrick
Lasrick writes: Former International Atomic Energy Agency (IAEA) safeguards analyst Alissa Carrigan looks at an important question that needs an answer: Given the staffing requirements of the verification framework outlined in the Iran deal, can the IAEA actually carry out sufficient verification in Iran? Carrigan breaks down what is required for the IAEA to do its job, and compares the work that will be required in Iran to what the agency did in South Africa and Iraq. Great stuff.
Link to Original Source

Weekend, where are you?

Working...