Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Australia

Australia Passes Mandatory Data Retention Law 62

Posted by timothy
from the what's-in-the-box dept.
Bismillah writes Opposition from the Green Party and independent members of parliament wasn't enough to stop the ruling conservative Liberal-National coalition from passing Australia's new law that will force telcos and ISPs to store customer metadata for at least two years. Journalists' metadata is not exempted from the retention law, but requires a warrant to access. The metadata of everyone else can be accessed by unspecified government agencies without a warrant however.
Data Storage

Micron and Intel Announce 3D NAND Flash Co-Development To Push SSDs Past 10TB 44

Posted by timothy
from the 10TB-can-hold-quite-a-few-home-movies dept.
MojoKid writes Both Micron and Intel noted in a release today that traditional planar NAND flash memory is reaching a dead-end, and as such, have been working together on 3D memory technology that could open the floodgates for high densities and faster speeds. Not all 3D memory is alike, however. This joint development effort resulted in a "floating gate cell" being used, something not uncommon for standard flash, but a first for 3D. Ultimately, this 3D NAND is composed of flash cells stacked 32 high, resulting in 256Gb MLC and 384Gb TLC die that fit inside of a standard package. That gives us 48GB per die, and up to 750GB in a single package. Other benefits include faster performance, reduced cost, and technologies that help extend the life of the memory.
Encryption

Generate Memorizable Passphrases That Even the NSA Can't Guess 172

Posted by timothy
from the exercise-for-the-reader dept.
HughPickens.com writes Micah Lee writes at The Intercept that coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you'll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion. But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You'll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You'll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like "cap liz donna demon self", "bang vivo thread duct knob train", and "brig alert rope welsh foss rang orb". If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second.

After you've generated your passphrase, the next step is to commit it to memory.You should write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn't take more than two or three days before you no longer need the paper, at which point you should destroy it. "Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It's a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training."

Google News Sci Tech: Facebook's Aquila Drone Will Beam Down Internet Access With Lasers - TechCrunch->

From feed by feedfeeder

TechCrunch

Facebook's Aquila Drone Will Beam Down Internet Access With Lasers
TechCrunch
As the second day of its F8 conference began here at Fort Mason in San Francisco, Facebook announced the first hardware it plans to use to beam the Internet down to billions of people around the world. Codenamed Aquila, the drone has a wingspan...
Facebook developing solar drones to deliver global web accessEngadget
Facebook's huge solar drone takes the web to the skiesSlashGear
Facebook's drone prototype has wingspan greater than a Boeing 737Mashable
ABC News-Fortune-Livemint
all 36 news articles

Link to Original Source
Bug

'Bar Mitzvah Attack' Plagues SSL/TLS Encryption 9

Posted by timothy
from the process-not-product dept.
ancientribe writes Once again, SSL/TLS encryption is getting dogged by outdated and weak options that make it less secure. This time, it's the weak keys in the older RC4 crypto algorithm, which can be abused such that an attacker can sniff credentials or other data in an SSL session, according to a researcher who revealed the hack today at Black Hat Asia in Singapore. A slice: Bar Mitzvah exploits the weak keys used by RC4 and allows an attacker to recover plain text from the encrypted information, potentially exposing account credentials, credit card data, or other sensitive information. And unlike previous SSL hacks, this one doesn't require an active man-in-the-middle session, just passive sniffing or eavesdropping on SSL/TLS-encrypted connections, [researcher Itsik] Mantin says. But MITM could be used as well, though, for hijacking a session, he says.

+ - Micron And Intel Announce 3D NAND Flash Co-Development To Push SSDs Past 10TB->

Submitted by MojoKid
MojoKid (1002251) writes "Both Micron and Intel noted in a release today that traditional planar NAND flash memory is reaching a dead-end, and as such, have been working together on 3D memory technology that could open the floodgates for high densities and faster speeds. Not all 3D memory is alike, however. This joint development effort resulted in a "floating gate cell" being used, something not uncommon for standard flash, but a first for 3D. Ultimately, this 3D NAND is composed of flash cells stacked 32 high, resulting in 256Gb MLC and 384Gb TLC die that fit inside of a standard package. That gives us 48GB per die, and up to 750GB in a single package. Other benefits include faster performance, reduced cost, and technologies that help extend the life of the memory."
Link to Original Source

+ - Big Vulnerability in Hotel Wi-Fi Router Puts Guests at Risk->

Submitted by Anonymous Coward
An anonymous reader writes "Guests at hundreds of hotels around the world are susceptible to serious hacks because of routers that many hotel chains depend on for their Wi-Fi networks. Researchers have discovered a vulnerability in the systems, which would allow an attacker to distribute malware to guests, monitor and record data sent over the network, and even possibly gain access to the hotel’s reservation and keycard systems.

The vulnerability, which was discovered by Justin W. Clarke of the security firm Cylance, gives attackers read-write access to the root file system of the ANTlabs devices.

The discovery of the vulnerable systems was particularly interesting to them in light of an active hotel hacking campaign uncovered last year by researchers at Kaspersky Lab. In that campaign, which Kaspersky dubbed DarkHotel"

Link to Original Source
Security

RSA Conference Bans "Booth Babes" 232

Posted by timothy
from the can-I-ask-you-some-technical-questions dept.
netbuzz writes In what may be a first for the technology industry, RSA Conference 2015 next month apparently will be bereft of a long-controversial trade-show attraction: "booth babes." New language in its exhibitor contract, while not using the term 'booth babe," leaves no doubt as to what type of salesmanship RSA wants left out of its event. Says a conference spokeswoman: "We thought this was an important step towards making all security professionals feel comfortable and equally respected during the show." Easier at a venue like RSA; the annual Consumer Electronics Show, not so much.

Google News Sci Tech: Facebook's drone prototype has wingspan greater than a Boeing 737 - Mashable->

From feed by feedfeeder

Mashable

Facebook's drone prototype has wingspan greater than a Boeing 737
Mashable
Facebook revealed new details on Thursday about its plan to bring web connectivity to the 4 billion people worldwide without Internet — and it's banking big on drones. During a keynote at its annual F8 Developer Conference in San Francisco, the company...
Facebook Reveals Plan for Unmanned Internet AirplanesABC News
Zuckerberg says Facebook's giant Internet drones are already flyingFortune
Facebook developing solar drones to deliver global web accessEngadget
American Register-News Every day-Business Standard
all 28 news articles

Link to Original Source
Transportation

German Auto Firms Face Roadblock In Testing Driverless Car Software 129

Posted by timothy
from the and-what-if-that-man-was-your-mother?! dept.
An anonymous reader writes As nations compete to build the first operational autonomous car, German auto-manufacturers fear that current domestic laws limit their efforts to test the appropriate software for self-driving vehicles on public roads. German carmakers are concerned that these roadblocks are allowing U.S. competitors, such as Google, to race ahead in their development of software designed to react effectively when placed in real-life traffic scenarios. Car software developers are particularly struggling to deal with the ethical challenges often raised on the road. For example when faced with the decision to crash into a pedestrian or another vehicle carrying a family, it would be a challenge for a self-driving car to follow the same moral reasoning a human would in the situation. 'Technologically we can do fully automated self-driving, but the ethical framework is missing,' said Volkswagen CEO Martin Winterkorn.

+ - MIT Debuts Integer Overflow Debugger->

Submitted by msm1267
msm1267 (2804139) writes "Students from M.I.T. have devised a new and more efficient way to scour raw code for integer overflows, the troublesome programming bugs that serve as a popular exploit vector for attackers and often lead to the crashing of systems.

Researchers from the school’s Computer Science and Artificial Intelligence Laboratory (CSAIL) last week debuted the platform dubbed DIODE, short for Directed Integer Overflow Detection.

As part of an experiment, the researchers tested DIODE on code from five different open source applications. While the system was able to generate inputs that triggered three integer overflows that were previously known, the system also found 11 new errors. Four of the 11 overflows the team found are apparently still lingering in the wild, but the developers of those apps have been informed and CSAIL is awaiting confirmation of fixes."

Link to Original Source
Medicine

Is the Apple Watch a Useful Medical Device? (Video) 45

Posted by Roblimo
from the all-we-want-is-for-you-to-be-happy-happy-happy dept.
Let's kill the suspense right away by answering the title question, 'Probably not.' For one thing, according to interviewee Alfred Poor, the Apple Watch is in no way linked to the Apple Research Kit. Dr. Poor is editor of the Health Tech Insider website, so he follows this kind of thing more carefully than most people. And the Apple watch is not the only device mentioned in this video (or transcript, if you prefer reading to listening). If you want to ruminate about the possibility of direct mind control, for instance, you need to know about the Thync, whose vendor calls it 'A groundbreaking wearable device that enables you to shift your state of mind in minutes.' They say it 'induces on-demand shifts in energy, calm, or focus.' It even has a 'pleasure' setting. Crank that to 11 and you might happily spend your days prone, being fed by a drip and emptied by a catheter, moving only when an attendant turns you over to keep bedsores from developing -- not that you'll care if they do -- as you spend the rest of your life in an artificially-induced joyful stupor.

+ - RSA Conference Bans 'Booth Babes"->

Submitted by netbuzz
netbuzz (955038) writes "In what may be a first for the technology industry, RSA Conference 2015 next month apparently will be bereft of a long-controversial trade-show attraction: “booth babes.” New language in its exhibitor contract, while not using the term 'booth babe," leaves no doubt as to what type of salesmanship RSA wants left out of its event. Says a conference spokeswoman: “We thought this was an important step towards making all security professionals feel comfortable and equally respected during the show.”"
Link to Original Source
Education

NJ School District Hit With Ransomware-For-Bitcoins Scheme 151

Posted by timothy
from the so-is-there-a-downside? dept.
An anonymous reader sends news that unidentified hackers are demanding 500 bitcoins, currently worth about $128,000, from administrators of a New Jersey school district. Four elementary schools in Swedesboro-Woolwich School District, which enroll more than 1,700 students, are now locked out of certain tasks: "Without working computers, teachers cannot take attendance, access phone numbers or records, and students cannot purchase food in cafeterias. Also, [district superintendent Dr. Terry C. Van Zoeren] explained, parents cannot receive emails with students grades and other information." According to this blog post from security company BatBlue, the district has been forced to postpone the Common Core-mandated PARCC state exams, too. Small comfort: "Fortunately the Superintendent told CBS 3’s Walt Hunter the hackers, using a program called Ransomware, did not access any personal information about students, families or teachers." Perhaps the administrators can take heart: Ransomware makers are, apparently, starting to focus more on product support; payment plans are probably on the way.

The major difference between bonds and bond traders is that the bonds will eventually mature.

Working...