Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Polls on the front page of Slashdot? Is the world coming to an end?! Nope; read more about it. ×

+ - NSA Planned to Hijack Google App Store to Hack Smartphones->

Submitted by Advocatus Diaboli
Advocatus Diaboli writes: "The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals. The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia."

"The newly published document shows how the agencies wanted to “exploit” app store servers – using them to launch so-called “man-in-the-middle” attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones."

Link to Original Source

+ - Ask Slashdot best way to solve a unique networking issue

Submitted by petro-tech
petro-tech writes: I work as a service technician, maintaining and repairing gas pumps and POS equipment.

In my day to day activities, one that consumes a ton of time and is relatively regular is the process of upgrading the software on pumps.
This is done by connecting to the pump via direct ethernet from my laptop, then running a manufacturer provided program that connects to the device and pushes the new software.

Some sites have 8+ pumps with 2 devices in each, and at 20-30 minutes apiece this can be quite time consuming.

Unfortunately the devices are not actually on a network, and as such cannot be updated remotely, also since they are not on a network, they are all configured with the same IP address. Additionally the software doesn't allow you to specify the adapter to use.

I would like to be able to get to a site, connect a cable to each pump, and load them all at the same time.

The only way I can figure to accomplish this with the software we've been provided is to do this:

Get a 16 port powered usb hub, with a usb-ethernet adaptor in each port. Set up 16 VM's with extremely stripped down XP running on each, with only one usb-ethernet adaptor assigned to each VM. Set xp to boot the application for loading software as its shell. and load each device that way at the same time.

Is there a better way to accomplish this?

+ - Linux Dev's Purported 4096 bit RSA Key Factored 1

Submitted by Anonymous Coward
An anonymous reader writes: A PGP subkey for Kernel developer Peter Anvin from a public Sks Keyserver was discovered to be divisible by 3. The weak key was discovered by a web service which calls itself the Phuctor which has since factored two other keys as a chews on an sks keyserver dump. Whether the key was generated weak or if it was strong before becoming corrupted on a keyserver it is extremely troubling that such a weak key representing such an important Linux developer could be served.

+ - MenuetOS, an operating system written entirely in assembly, hits 1.0->

Submitted by angry tapir
angry tapir writes: MenuetOS, a GUI-toting, x86-based operating system written entirely in assembly language that's super-fast and can fit on a floppy disk, has hit version 1.0 — after almost a decade and a half of development. (And yes, it can run Doom). I caught up with its developers to talk about the operating system and what comes next for it.
Link to Original Source

+ - DSLreports new bufferbloat test->

Submitted by mtaht
mtaht writes: While I have long advocated using professional tools like netperf-wrapper's rrul test suite to diagnose and fix your bufferbloat issues, there has long been a need for a simpler web based test for it. Now dslreports has incorporated bufferbloat testing in their speedtest. What sort of bloat do slashdot readers experience? Give the test a shot at http://www.dslreports.com/speedtest

Has anyone here got around to applying fq_codel against their bloat?

Link to Original Source

+ - Something Smells: Cities Use High Tech to Investigate Intrusive Odors 1

Submitted by HughPickens.com
HughPickens.com writes: Kate Murphy reports at the NYT that local governments are beginning to regulate intrusive and unpleasant smells using high tech devices. If you time-traveled back 200 years or so, you’d likely scrunch up your nose because our forebears threw sewage out their windows, and the primary mode of transport — horses — relieved themselves in the streets. These days 'we have so reduced the level of background odor pollution, we are becoming more sensitive to anything we smell,” says Pamela Dalton, an olfactory researcher at Monell Chemical Senses Center, a nonprofit group in Philadelphia that studies smell and taste. In the past offenders were typically livestock operations and wastewater treatment plants, but more recently odor inspectors are getting calls about smells emanating from ethnic restaurants, coffee roasters and candle and bath shops. In an effort to be objective, a growing number of locales have begun using a device called a Nasal Ranger, which looks like a megaphone for the nose and measures the intensity of smells according to a so-called dilution ratio (PDF). An odor is considered intrusive if the average person can smell it when it is diluted with seven parts clean air — a decades-old threshold of stinky.

New York City received more than 10,000 odor complaints last year, many from residents upset about cooking smells wafting into their apartments from restaurants and coffeehouses — smells that might be pleasing when patronizing those same establishments. “A lot of it has to do with tolerance level in neighborhoods that are getting gentrified,” says Ben Siller. “People at lower socioeconomic levels may tolerate something much better than someone who moves into the same area and buys a house, sinks a fortune into remodeling and then goes out in the backyard and smells a pot grower, charbroiler, pet food manufacturer or something stinky like that.”

+ - Is iPhone's Lack of FM Support Increasing Your Chances of Dying in a Disaster?

Submitted by theodp
theodp writes: "You may not know it," reports NPR's Emma Bowman, "but most of today's smartphones have FM radios inside of them. But the FM chip is not activated on two-thirds of devices. That's because mobile makers have the FM capability switched off. The National Association of Broadcasters has been asking mobile makers to change this. But the mobile industry, which profits from selling data to smartphone users, says that with the consumer's move toward mobile streaming apps, the demand for radio simply isn't there." But FEMA Administrator Craig Fugate says radio-enabled smartphones could sure come in handy during times of emergency. So, is it irresponsible not to activate the FM chips? And should it's-the-app-way-or-the-highway Apple follow Microsoft's lead and make no-static-at-all FM available on iPhones?

+ - Who is Discouraging Women From STEM Careers?->

Submitted by Press2ToContinue
Press2ToContinue writes: Having worked in a STEM field (computer programming) for over a quarter of a century, I have found the idea that girls are discouraged from entering STEM fields to be curious. It certainly didn't line up with my experience in the industry. Schools have been pushing girls into math and science, not discouraging them. In my experience technology companies have been bending over backwards and jumping through hoops to get more women into IT (information technology). From programs aimed at getting high school students involved in technology to hiring decisions, there has always been a blunt, out-in-the-open emphasis on getting more women into IT.

So, if it's not “the patriarchy” pushing women down and denying them a chance to enter technology fields, what does account for women being underrepresented in technology fields? After a little research into personality types and career fields, I think I found the answer.

The Myers-Briggs personality test places people into 16 personality type categories. One researcher surveyed computer programmers to determine what personality types were represented. I compared how common the personality types were among programmers compared to how common they were in the general population, and although there is always room for error, a clear pattern emerged from my analysis placing programmers, men, and women, into a clearer picture for me to understand their under-representation.

Link to Original Source

+ - Columbia University doctors ask for Dr. Mehmet Oz's dismissal from faculty

Submitted by circletimessquare
circletimessquare writes: Dr. Mehmet Oz serves as vice chairman of Columbia University Medical Center's department of surgery. He is a respected cardiothoracic surgeon but his television show has been accused of pushing snake oil. Now other doctors at Columbia University want Dr. Oz kicked off the medical school faculty. Dr. Oz has responded on his Facebook account: 'I bring the public information that will help them on their path to be their best selves. We provide multiple points of view, including mine which is offered without conflict of interest. That doesn't sit well with certain agendas which distort the facts. For example, I do not claim that GMO foods are dangerous, but believe that they should be labeled like they are in most countries around the world.' In their letter, the doctors accuse Dr. Oz of quackery: 'Dr. Oz has repeatedly shown disdain for science and for evidence-based medicine, as well as baseless and relentless opposition to the genetic engineering of food crops. Worst of all, he has manifested an egregious lack of integrity by promoting quack treatments and cures in the interest of personal financial gain.'

+ - An alternative to SoundCloud, MixCloud and similar services->

Submitted by blogologue
blogologue writes: I've been creating music and doing cover songs the last couple of years, but have run into some issues when it comes to sharing the things I've created. Basically I can't find a place where I can share cover songs, adaptations etc. of existing works and still keep control of what I've created (details here). Does anyone have suggestions on what one can do?
Link to Original Source

+ - Drone show to replace Top Gear->

Submitted by garymortimer
garymortimer writes: Airheads, will pit teams of drone constructors against each other in building and flying challenges. Much like Robot Wars, did in the 80s. The program is produced by Graham Nortons SO Television and will take Sunday nights Top Gear slot
Link to Original Source

+ - China overwhelming sites hosting Censored Content->

Submitted by puddingebola
puddingebola writes: The New York times reports that China is using a "new weapon" called the "Great Cannon" to overwhelm sites such as GitHub and GreatFire.org that host censored websites. The story is based on a report from UC Berkley and the University of Toronto, found here https://citizenlab.org/2015/04... From the story, "China’s new Internet weapon, the report says, is similar to one developed and used by the National Security Agency and its British counterpart, GCHQ, a system outlined in classified documents leaked by Edward J. Snowden, the former United States intelligence contractor. "
Link to Original Source

+ - Gemalto Hack Could Compromise Contactless And ID Cards 1

Submitted by dkatana
dkatana writes: A recent article published by The Intercept reports that the U.S. National Security Agency (NSA) and Britain’s Government Communications Headquarters (GCHQ) stole millions of encryption keys used in SIM cards manufactured by Gemalto. While the article focuses on the possibility that those keys could be used by the agencies to monitor communications and possibly hack mobile devices using the SIM cards, it also gives some room to the possibility that other IC security modules based on Gemalto technology could be compromised.

Gemalto not only manufacturers Subscriber Identity Modules (SIM) cards for cellular providers, it is also the world’s largest manufacturer of contactless credit card ICs and a leading provider of identity modules used in government documents such as passports, driving licenses and ID cards.

If builders built buildings the way programmers wrote programs, then the first woodpecker to come along would destroy civilization.

Working...