Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - 36000 SAP Systems Exposed Online, Most Open To Attacks (helpnetsecurity.com)

dinscott writes: ERPScan released the first comprehensive SAP Cybersecurity Threat Report, covering product security, implementation security, and security awareness.

Among the interesting findings is that of the 36,000 services found online, 69 percent should not be exposed directly to the Internet as they are designed for internal use only, have critical vulnerabilities or require additional network filtration. Also, that countries where the highest number of SAP security presentations were delivered are characterized by more secure SAP system installations than countries where researchers did not present their studies — a win for those who preach SAP security.

Submission + - DNC Email Hack Strengthens Case For Paper Ballots (usatoday.com)

YIAAL writes: In USA Today, a writer argues that the DNC hack raises questions about the security of voting machines, as well as computers used to tabulate votes, record voter registries, etc.:

Are paper ballots really a superior technology to voting machines? Absolutely. When you vote electronically, the only data recorded is the vote itself. Compare that to a paper ballot where you mark an "X" next to the candidate’s name. When you cast a paper ballot, all sorts of other information is captured along with your vote: The color of ink you used, individual variations in handwriting, even the condition of the paper you’re writing on. Changing that across large numbers of ballots without being obvious is hard, and requires physical access to the ballots; doing it on a computer is a matter of a few keystrokes, and can be done from Minsk or Shanghai.

What do Slashdot readers think? Is paper a more secure technology than computerized voting?

Submission + - Razormind's DeOS crowdsale raises $1.9m of Bitcoin in first week (ibtimes.co.uk)

An anonymous reader writes: IBTimes just reported that Razormind is cashing in on the war between hardforked Ethereum and old chain Ethereum Classic.

Originally expected to die within hours — Ethereum Classic has instead gained mainstream adoption among exchanges such as Poloniex, Kraken, and Bitfinex to name but a few and is now traded under ETC.

Just the Friday before the hardfork, Razormind started a crowdsale for DeOS their direct rival to Ethereum, meant to be a publically owned and run global blockchain. They envision it being used to register and verify ownership of property, identity, and to run smart contracts for financial transactions.

The anxiety over the hardfork originates in the downfall of the DAO project. The flagship project of the Ethereum Foundation which recapitalized them after their own crowdfunding ran out; the DAO failed spectacularly when $70 million dollars were lost due to a hack. One industry experts agree was easily preventable by DAO authors Slock.it whose CEO is Stephan Tual — a close personal friend and business partner of Vitalik Buterin.

Accompanying the hack was rather a terse letter from 'the attacker' claiming their action was legal and they would sue if a hardfork occurred. This threat has not materialised to date. This letter was shortly followed by an announcement by Stephan Tual of Slock.it that "

over 70% of the DAO funds are now directly under the control of Slock.it and Ethereum Foundation"

to reassure the community. This had the additional effect of raising the question of how a decentralized, unhackable, secure DAO could suddenly have all it's funds centralized to so few people so quickly.

While Ethereum was vulnerable, and shortly before the much opposed hard fork and throughout it Vitalik Buterin and Consensys were meeting in London with r3cev to perform yet another hard fork of Ethereum to sell a permissioned version strictly for the banks. Approaching the banks could be interpreted as trying to 'cash out' before the situation worsens and before the hard work begins of moving to Proof of Stake within six months for both chains to prevent them becoming obsolete.

Amidst all this Razormind put forward DeOS with very little fuss and almost no publicity. They have let known they are opening offices in London, have vetted at least one exchange to start trading DEOS immediately, are known to be in talks with banks in Canada, and recently announced a 5 million EURO investment into two blockchain banks in Europe.

Submission + - SPAM: Class of Large but Very Dim Galaxies Discovered

schwit1 writes: Astronomers have now detected and measured a new class of large but very dim galaxy that previously was not expected to exist.

‘Ultradiffuse’ galaxies came to attention only last year, after Pieter van Dokkum of Yale University in New Haven, Connecticut, and Roberto Abraham of the University of Toronto in Canada built an array of sensitive telephoto lenses named Dragonfly. The astronomers and their colleagues observed the Coma galaxy cluster 101 megaparsecs (330 million light years) away and detected 47 faint smudges.

“They can’t be real,” van Dokkum recalls thinking when he first saw the galaxies on his laptop computer. But their distribution in space matched that of the cluster’s other galaxies, indicating that they were true members. Since then, hundreds more of these galaxies have turned up in the Coma cluster and elsewhere.

Ultradiffuse galaxies are large like the Milky Way — which is much bigger than most — but they glow as dimly as mere dwarf galaxies. It’s as though a city as big as London emitted as little light as Kalamazoo, Michigan.

More significantly, they have now found that these dim galaxies can be as big and as massive as the biggest bright galaxies, suggesting that there are a lot more stars and mass hidden out there and unseen than anyone had previously predicted.

Submission + - Analog Devices will acquire Linear Technology (linear.com)

edesio writes: NORWOOD, MA and MILPITAS, CA, July 26, 2016 — Analog Devices, Inc. (NASDAQ:
ADI) (“Analog Devices”) and Linear Technology Corporation (NASDAQ: LLTC) (“Linear
Technology”) today announced that they have entered into a definitive agreement
under which Analog Devices will acquire Linear Technology in a cash and stock
transaction that values the combined enterprise at approximately $30 billion(1)
Upon completion of the acquisition, Analog Devices will be the premier global
analog technology company with approximately $5 billion in anticipated annual

Submission + - NIST Will Ban SMS for Two-Factor Authentication

Trailrunner7 writes: The move toward two-factor authentication and two-step verification for high-value services has been a positive one for user security, but many of those services use SMS as the channel for the second step in the authentication process, a method that the United States government is preparing to recommend against using.

The National Institute of Standards and Technology has published draft guidance that recommends against companies and government agencies using SMS as the channel for out-of-band verification. Many services that have deployed 2FA or 2SV as part of the authentication process use SMS to deliver short codes that users then enter into an app or site. However, text messaging isn’t considered a secure channel and NIST is now saying that the use of SMS as a channel for out-of-band verification won’t be permitted in future versions of its Digital Authentication Guideline.

Submission + - Bacteria-Inspired Robots To Perform Medical Procedures Inside Human Body (thestack.com)

An anonymous reader writes: Researchers in Switzerland are collaborating to develop a range of micro-robots which can be introduced into the human body to treat a variety of conditions, delivering drugs and performing minor operations. The scientists hope that the small bots could help reduce the number of operations currently required for certain procedures, such as clearing clogged arteries. The bots are flexible and soft, with no motor, and made using a biocompatible hydrogel and magnetic nanoparticles. An electromagnetic field is applied to orientate the nanoparticles, then a polymerisation process is used to solidify the hydrogel. The scientists were inspired by the bacterium which causes African trypanosomiasis, otherwise known as sleeping sickness. This matter uses a thread-like material called a flagellum to push itself around the body, and hides it away on entering the bloodstream as part of its survival mechanism.

Submission + - Crashing Browsers Remotely via Insecure Search Suggestions (nightwatchcybersecurity.com)

An anonymous reader writes: Intercepting insecure search suggestion requests from browsers, and returning very large responses leads to browser crashes (but not RCE). Affected browsers are FireFox on the desktop and Android, and Chrome on desktop and Android – other Chromium and FireFox derived browsers maybe affected. Internet Explorer and Safari are not affected. The issue is exploitable remotely, albeit not easily.

Slashdot Top Deals