Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

A New Attack Allows Intercepting Or Blocking Of Every LTE Phone Call And Text ( 20

All LTE networks and devices are vulnerable to a new attack demonstrated at the Ruxon security conference in Melbourne. mask.of.sanity shared this article from The Register: It exploits LTE fall-back mechanisms designed to ensure continuity of phone services in the event of emergency situations that trigger base station overloads... The attacks work through a series of messages sent between malicious base stations spun up by attackers and targeted phones. It results in attackers gaining a man-in-the-middle position from where they can listen to calls or read SMS, or force phones back to 2G GSM networks where only voice and basic data services are available...

[Researcher Wanqiao] Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity. "You can create a denial of service attack against cellphones by forcing phones into fake networks with no services," Zhang told the conference. "You can make malicious calls and SMS and...eavesdrop on all voice and data traffic."

Open Source

Fedora 25 Beta Linux Distro Now Available For Raspberry Pi ( 20

Slashdot reader BrianFagioli writes: Fedora 25 Beta Workstation is now available for both the Raspberry Pi 2 and Raspberry Pi 3. In addition to the Workstation image, Fedora 25 Beta Server is available too. Owners of ARMv6-powered Pi models, such as the Pi Zero, are out of luck, as the operating system will not be made available for them.
Peter Robinson (from the Fedora release engineering team) writes, "The most asked question Iâ(TM)ve had for a number of years is around support of the Raspberry Pi. Itâ(TM)s also something Iâ(TM)ve been working towards for a very long time on my own time... The kernel supports all the drivers youâ(TM)d expect, like various USB WiFi dongles, etc. You can run whichever desktop you like or Docker/Kubernetes/Ceph/Gluster as a group of devices -- albeit it slowly over a single shared USB bus!"

US Police Consider Flying Drones Armed With Stun Guns ( 61

Slashdot reader Presto Vivace tipped us off to news reports that U.S. police officials are considering the use of flying drones to taser their suspects. From Digital Trends: Talks have recently taken place between police officials and Taser International, a company that makes stun guns and body cameras for use by law enforcement, the Wall Street Journal reported on Thursday. While no decision has yet been made on whether to strap stun guns to remotely controlled quadcopters, Taser spokesman Steve Tuttle said his team were discussing the idea with officials as part of broader talks about "various future concepts."

Tuttle told the Journal that such technology could be deployed in "high-risk scenarios such as terrorist barricades" to incapacitate the suspect rather than kill them outright... However, critics are likely to fear that such a plan would ultimately lead to the police loading up drones with guns and other weapons. Portland police department's Pete Simpson told the Journal that while a Taser drone could be useful in some circumstances, getting the public "to accept an unmanned vehicle that's got some sort of weapon on it might be a hurdle to overcome."

The article points out that there's already a police force in India with flying drones equipped with pepper spray.
The Media

More NFL Players Attack Microsoft's $400M Surface Deal With The NFL ( 95

An anonymous reader writes; "These tablets always malfunction," complained one NFL offensive lineman in January, foreshadowing a growing backlash to Microsoft's $400 million deal with the NFL to use Surface tablets. Friday the coach of the San Francisco 49ers and their controversial quarterback Colin Kaepernick both complained they've also experienced problems, with Kaepernick saying the screen freezes "every once in a while and they have to reboot it."

Friday Microsoft called their tablet "the center of the debate on the role of technology in the NFL," saying they deeply respect NFL teams "and the IT pro's who work tirelessly behind the scenes to help them succeed." It included quotes from NFL quarterbacks -- for example, "Every second counts and having Microsoft Surface technology on sidelines allows players and coaches to analyze what our opponents are trying to do in almost real time." But Yahoo Finance wrote that "The quotes read like they were written by the Microsoft public relations team," arguing that Microsoft's NFL deal "has been a disaster... The tablets failed to work during a crucial AFC Championship game last January -- again for the New England Patriots... sports media interpreted that the malfunction benefited the Broncos on the field, giving the team an unfair advantage -- the very last thing Microsoft's tablets, meant to aid coaches in their play calling, should be doing."

The NFL issued a statement calling Microsoft "an integral, strategic partner of the NFL," adding "Within our complex environment, many factors can affect the performance of a particular technology either related to or outside of our partner's solutions."

Who Should We Blame For Friday's DDOS Attack? ( 97

"Wondering which IoT device types are part of the Mirai botnet causing trouble today? Brian Krebs has the list, tweeted Trend Micro's Eric Skinner Friday, sharing an early October link which identifies Panasonic, Samsung and Xerox printers, and lesser known makers of routers and cameras. An anonymous reader quotes Fortune: Part of the responsibility should also lie with lawmakers and regulators, who have failed to create a safety system to account for the Internet-of-Things era we are now living in. Finally, it's time for consumers to acknowledge they have a role in the attack too. By failing to secure the internet-connected devices, they are endangering not just themselves but the rest of the Internet as well.
If you're worried, Motherboard is pointing people to an online scanning tool from BullGuard (a U.K. anti-virus firm) which checks whether devices on your home network are listed in the Shodan search engine for unsecured IoT devices. But earlier this month, Brian Krebs pointed out the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks..."

Photographer Glimpses Larry Page's Flying Car Hovering In California (Maybe) ( 49

From Hollister, California -- population 40,000 -- comes a good update from the Mercury News on Larry Page's efforts to fund a flying car: Even from a few hundred yards away, the aircraft made a noise strikingly different from the roar of a typical plane. "It sounded like an electric motor running, just a high-pitched whine," said Steve Eggleston, assistant manager at an airplane-parts company with offices bordering the Hollister Municipal Airport tarmac. But it wasn't only the sound that caught the attention of Eggleston and his co-workers at DK Turbines. It was what the aircraft was doing. "What the heck's that?" saleswoman Brittany Rodriguez thought to herself. It's just hovering."

That, apparently, was a flying car, or perhaps a prototype of another sort of aircraft under development by a mysterious startup called of two reportedly funded by Google co-founder Larry Page to develop revolutionary forms of transportation... A Zee.Aero spokeswoman said the firm is "currently not discussing (its) plans publicly." However, a Zee.Aero patent issued in 2013 describes in some detail an aircraft capable of the hovering seen by people working at the airport. And the drawings showcase a vision of the future in which flying cars park in lots just like their terrestrial, less-evolved cousins.

Page has invested $100 million in Zee.Aero, which appears to have hired more than 100 aerospace engineers. But the article reports that apparently, in the small town where it's headquartered, "the first rule about Zee.Aero is you don't talk about Zee.Aero."

'Picat' Programming Language Creators Surprised With A $10,000 Prize ( 39

An anonymous reader writes: "I didn't even know they gave out prizes," said a Brooklyn College CS professor, remembering how he'd learned that a demo of the Picat programming language won a $10,000 grand prize last month at the NYC Media Lab Summit. Professor Neng-Fa Zhou created Picat with programmer Jonathan Fruhman, and along with graduate student Jie Mei they'd created a demo titled "The Picat Language and its Application to Games and AI Problems" to showcase the language's ability to solve combinatorial search problems, "including a common interface with CP, SAT, and MIP solvers."

Mie tells the Brooklyn College newspaper that Picat "is a multi-paradigm programming language aimed for general-purpose applications, which means theoretically it can be used for everything in life," and Zhou says he wants to continue making the language more useful in a variety of settings. "I want this to be successful, but not only academically... When you build something, you want people to use it. And this language has become a sensation in our community; other people have started using it."


Researchers Predict Next-Gen Batteries Will Last 10 Times Longer ( 111

Lithium-metal electrodes could increase the storage capacity of batteries 10-fold, predict researchers at the University of Michigan, allowing electric cars to drive from New York to Denver without recharging. Using a $100 piece of technology, the team is now peeking inside charging batteries to study the formation of "dendrites," which consume liquid electrolytes and reduce capacity. Slashdot reader Eloking quotes New Atlas: Battery cells are normally tested through cycles of charge and discharge, testing the capacity and flow potential of the cells before being dissected. Dasgupta and his team...added a window to a lithium cell so that they could film the dendrites forming and deforming during charge and discharge cycles.
In a video interview they're reporting that dendrites can actually help a battery if they form a small, even "carpet" inside of the battery which "can keep more lithium in play." According to the article, "The future of lithium-ion batteries is limited, says University of Michigan researcher Neil Dasgupta, because the chemistry cannot be pushed much further than it already has. Next-generation lithium cells will likely use lithium air and lithium sulfur chemistries."

AT&T Buys Time Warner For $85B. Is The Mass Media Consolidating? ( 105

Though regulators may not agree, "Time Warner and AT&T reps claim this is necessary just to compete," warns Mr D from 63. Reuters reports: The tie-up of AT&T Inc and Time Warner Inc, bringing together one of the country's largest wireless and pay TV providers and cable networks like HBO, CNN and TBS, could kick off a new round of industry consolidation amid massive changes in how people watch TV... Media content companies are having an increasingly difficult time as standalone entities, creating an opportunity for telecom, satellite and cable providers to make acquisitions, analysts say. Media firms face pressure to access distribution as more younger viewers cut their cable cords and watch their favorite shows on mobile devices. Distribution companies, meanwhile, see acquiring content as a way to diversify revenue.
The deal reflects "big changes in consumption of video particularly among millennials," according to one former FCC commissioner, and the article also reports that the deal "will face serious opposition." Massachusetts Democrat Edward Markey warned "we need more competition, not more consolidation... Less competition has historically resulted in fewer choices and higher prices for consumers..." And in a Saturday speech, Donald Trump called it " an example of the power structure I'm fighting...too much concentration of power in the hands of too few."

"Splat" of Schiaparelli Mars Lander Likely Found ( 64

Long-time Slashdot reader Tablizer quotes Space Flight Now: Views from NASA's Mars Reconnaissance Orbiter released Friday show the crash site where Europe's experimental Schiaparelli lander fell to the red planet's surface from a height of several miles, leaving a distinct dark patch on the Martian landscape...The image from MRO's context camera shows two new features attributed to the Schiaparelli spacecraft, including a large dark scar spanning an estimated 50 feet (15 meters) by 130 feet (40 meters). Schiaparelli's ground team believes it is from the high-speed impact of the lander's main body... A little more than a half-mile (1 kilometer) to the south, a bright spot appears in the image, likely the 39-foot-diameter (12-meter) supersonic parachute and part of Schiaparelli's heat shield, which released from the lander just before ESA lost contact."

A British Supercomputer Can Predict Winter Weather a Year In Advance ( 119

The national weather service of the U.K. claims it can now predict the weather up to a year in advance. An anonymous reader quotes The Stack: The development has been made possible thanks to supercomputer technology granted by the UK Government in 2014. The £97 million high-performance computing facility has allowed researchers to increase the resolution of climate models and to test the retrospective skill of forecasts over a 35-year period starting from 1980... The forecasters claim that new supercomputer-powered techniques have helped them develop a system to accurately predict North Atlantic Oscillation -- the climatic phenomenon which heavily impacts winters in the U.K.
The researchers apparently tested their supercomputer on 36 years worth of data, and reported proudly that they could predict winter weather a year in advance -- with 62% accuracy.

Amazon May Handle 30% Of All US Retail Sales ( 59

An anonymous reader quotes USA Today: Amazon's yearly sales account for about 15% of total U.S. consumer online sales, according to the company's statements and the Department of Commerce. But the Seattle e-commerce company may actually be handling double that amount -- 20% to 30% of all U.S. retail goods sold online -- thanks to the volume of sales it transacts for third parties on its website and app. Only a portion of those sales add to its revenue.

"The punchline is that Amazon's twice as big as people give them credit for, because there's this iceberg under the surface, but you only see the tip," said Scot Wingo, executive chairman of Channel Advisor, an e-commerce software company that works with thousands of online sellers. When third-party sales are taken into account, Amazon's share of what U.S. shoppers spend online could be as high as $125 billion yearly...

Amazon's share will grow even larger when they can offer two-hour deliveries, warns one analyst, while another puts it more succinctly. "Amazon's just going to slowly grab more and more of your wallet."

VeraCrypt Security Audit Reveals Many Flaws, Some Already Patched ( 56

Orome1 quotes Help Net Security: VeraCrypt, the free, open source disk encryption software based on TrueCrypt, has been audited by experts from cybersecurity company Quarkslab. The researchers found 8 critical, 3 medium, and 15 low-severity vulnerabilities, and some of them have already been addressed in version 1.19 of the software, which was released on the same day as the audit report [which has mitigations for the still-unpatched vulnerabilities].
Anyone want to share their experiences with VeraCrypt? Two Quarkslab engineers spent more than a month on the audit, which was funded (and requested) by the non-profit Open Source Technology Improvement Fund "to evaluate the security of the features brought by VeraCrypt since the publication of the audit results on TrueCrypt 7.1a conducted by the Open Crypto Audit Project." Their report concludes that VeraCrypt's security "is improving which is a good thing for people who want to use a disk encryption software," adding that its main developer "was very positive along the audit, answering all questions, raising issues, discussing findings constructively..."
United States

American 'Vigilante Hacker' Defaces Russian Ministry's Website ( 167

An anonymous Slashdot reader quotes CNN Money: An American vigilante hacker -- who calls himself "The Jester" -- has defaced the website of the Russian Ministry of Foreign Affairs in retaliation for attacks on American targets... "Comrades! We interrupt regular scheduled Russian Foreign Affairs Website programming to bring you the following important message," he wrote. "Knock it off. You may be able to push around nations around you, but this is America. Nobody is impressed."
In early 2015, CNN Money profiled The Jester as "the vigilante who hacks jihadists," noting he's a former U.S. soldier who now "single-handedly taken down dozens of websites that, he deems, support jihadist propaganda and recruitment efforts. He stopped counting at 179." That article argues that "the fact that he hasn't yet been hunted down and arrested says a lot about federal prosecutors and the FBI. Several cybersecurity experts see it as tacit approval."

"In an exclusive interview with CNNMoney this weekend, Jester said he chose to attack Russia out of frustration for the massive DNS cyberattack that knocked out a portion of the internet in the United States on Friday... 'I'm not gonna sit around watching these f----rs laughing at us.'"

Dyn Executive Responds To Friday's DDOS Attack ( 66

"It is said that eternal vigilance is the price of liberty...We must continue to work together to make the internet a more resilient place to work, play and communicate," wrote Dyn's Chief Strategy Officer in a Saturday blog post. An anonymous reader reports: Dyn CSO Kyle York says they're still investigating Friday's attack, "conducting a thorough root cause and forensic analysis" while "carefully monitoring" for any additional attacks. In a section titled "What We Know," he describes "a sophisticated attack across multiple attack vectors and internet source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack." But he warns that "we are unlikely to share all details of the attack and our mitigation efforts to preserve future defenses."

He posted a timeline of the attacks (7:00 EST and 12:00 EST), adding "While there was a third attack attempted, we were able to successfully mitigate it without customer impact... We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these." He predicts Friday's attack will be seen as "historic," and acknowledges his staff's efforts to fight the attack as well as the support received from "the technology community, from the operations teams of the world's top internet companies, to law enforcement and the standards community, to our competition and vendors... On behalf of Dyn, I'd like to extend our sincere thanks and appreciation to the entire internet infrastructure community for their ongoing show of support."

Online businesses may have lost up to $110 million in sales and revenue, according to the CEO of Dynatrace, who tells CNN more than half of the 150 websites they monitor were affected.

Slashdot Top Deals