Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - SPAM: Exploit Revealed For Remote Root Access Vulnerability Affecting Many Routers

Orome1 writes: Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco Linksys (now Belkin) routers. The flaw was actually found in Broadcom’s UPnP implementation used in popular routers, and ultimately the researchers extended the list of vulnerable routers to encompass devices manufactured by the likes of ASUS, D-Link, Zyxel, US Robotics, TP-Link, Netgear, and others. Since there were millions of vulnerable devices out there, the researchers refrained from publishing the exploit they created for the flaw, but now, four years later, they’ve released their full research again, and this time they’ve also revealed the exploit.
Link to Original Source

Submission + - FTC Has Serious Concerns About IoT Security and Privacy

Trailrunner7 writes: The Federal Trade Commission has sent comments to the Department of Commerce, outlining a list of concerns about the security and privacy of connected and embedded devices, saying that while many IoT devices have tangible benefits for consumers, “these devices also create new opportunities for unauthorized persons to exploit vulnerabilities”.

One of the key security problems that researchers have cited with IoT devices is the impracticality of updating them when vulnerabilities are discovered. Installing new firmware on light bulbs or refrigerators is not something most consumers are used to, and many manufacturers haven’t contemplated those processes either. The FTC said the lack of available updates is a serious problem for consumers and businesses alike.

“Although similar risks exist with traditional computers and computer networks, they may be heightened in the IoT, in part because many IoT chips are inexpensive and disposable, and many IoT devices are quickly replaceable with newer versions. As a result, businesses may not have an incentive to support software updates for the full useful life of these devices, potentially leaving consumers with vulnerable devices. Moreover, it may be difficult or impossible to apply updates to certain devices,” the FTC comments say.

Submission + - Increased marrying, and mating, by education level not affecting genetic make-up (

chasm22 writes: While the latter half of the 20th century showed a widening gap between the more and less educated with respect to marriage and fertility, this trend has not significantly altered the genetic makeup of subsequent generations, a team of researchers has found.

"Undoubtedly, spouses are increasingly sorting themselves with an eye toward the education they've received—among other traits," observes Conley. "But while the existence of education-association genes has been well-documented, choosing partners with education levels similar to our own has not resulted in children who have meaningfully altered the genetic makeup of the U.S. population."

Submission + - Computing a secret, unbreakable key ( 3

chasm22 writes: Researchers at the Institute for Quantum Computing (IQC) at the University of Waterloo developed the first available software to evaluate the security of any protocol for Quantum Key Distribution (QKD).

QKD allows two parties, Alice and Bob, to establish a shared secret key by exchanging photons. Photons behave according to the laws of quantum mechanics, and the laws state that you cannot measure a quantum object without disturbing it. So if an eavesdropper, Eve, intercepts and measures the photons, she will cause a disturbance that is detectable by Alice and Bob. On the other hand, if there is no disturbance, Alice and Bob can guarantee the security of their shared key

Comment Nice to know that this is based on an agreement (Score 1) 220

Further to the point, the March 1, 2010 Registered Apple Developer Agreement is available publicly online and indexed by Google. Most of the points the EFF took issue with were removed due to public outcry years ago. Why is the EFF still referring to an earlier agreement that is no longer applicable?

Comment Nice to know that this is based on an agreement (Score 1) 220

Thank you, I wondered if anyone else would have caught that.

5 years later, Jobs has been dead for over two years, Tim Cook is at the helm, there are open-source apps, and the developer agreement has changed a lot. The "imminent launch of the iPad" has been replaced by "Tablet Sales Growth Plummets In 2014" and we still don't see an EFF app.

I haven't been too worried about it though.

Comment What's wrong with Windows Server? (Score 5, Informative) 613

My experiences with systemd have been good and I can see how it can eliminate some of the kludges I've relied on in the past. Rather than have an /etc/init.d/myservice restart all related services to ensure a "clean" environment, I can list dependencies and triggers and rely on the system to do what is appropriate. It doesn't eliminate the ability to create or use System V init scripts, it just provides administrators with an alternative. Given the distribution creators have put a lot of effort into converting their scripts we have a lot of examples to work from. I've been working with UNIX since the 80's and rather than adopt a "get off my lawn" mentality I'm looking forward to embracing solutions to modern problems and see this as a positive step forward.

Slashdot Top Deals

The number of computer scientists in a room is inversely proportional to the number of bugs in their code.