Enderxeno - Slashdot User

Submission + - Red Cross Asks for 50 Ham Radio Operators to Fly to Puerto Rico (arrl.org)

Submitted by Bruce Perens on Monday September 25, 2017 @06:50PM

Bruce Perens writes: The red cross has asked for 50 ham radio operators to fly to Puerto Rico and be deployed there for up to three weeks. This is unprecedented in the 75-year cooperation between Red Cross and ARRL, the national organization of ham radio operators for the U.S. The operators will relay health-and-welfare messages and provide communications links where those are missing and are essential to rescue and recovery. With much infrastructure destroyed, short-wave radio is a critical means of communicating from Puerto Rico to the Mainland at this time.

Comment Won't work with a good processor (Score 1) 108

by Enderxeno on Friday September 01, 2017 @09:53AM (#55122165) Attached to: Hacking Retail Gift Cards Remains Scarily Easy

Having worked with Credit, Debit and Gift Card processors they have security in place to make any gift card number void if it is ever had the balance checked before the card is activated. Also the online balance check would require the four digit security code which is random and only known to the processor. This might only work if a retail company was using an in-house card program and didn't implement their own security protections.

Comment Re:Is there any way to tell? (Score 1) 130

by Enderxeno on Tuesday January 24, 2017 @07:21PM (#53731597) Attached to: Firefox 51 Arrives With HTTP Warning, WebGL 2 and FLAC Support

Yes, the Add-On Compatibility Reporter is a Multi-process compatible add-on.

Comment Re:Is there any way to tell? (Score 5, Informative) 130

by Enderxeno on Tuesday January 24, 2017 @05:48PM (#53731125) Attached to: Firefox 51 Arrives With HTTP Warning, WebGL 2 and FLAC Support

Yes, You can download the Add-on Compatibility Reporter, it is a Mozilla created add-on, it then shows on the extensions screen if each add-on is compatible with multi-process.

Submission + - New Startup Addresses 4 Billion People With Three Words

Submitted by HughPickens.com on Friday December 04, 2015 @01:24PM

HughPickens.com writes: 75% of the earth population, i.e. four billion people, “don’t exist” because they have no physical address. The “unaddressed” can’t open a bank account, can’t deal properly with an hospital or an administration, let alone get a delivery. Now Frédéric Filloux writes at Monday Note that What3Words, a London startup, is seeking to solve this problem by providing a combination of three words, in any language, that specify every 3 meters by 3 meters square in the world. Each square has a 3 word address that can be communicated quickly, easily and with no ambiguity. Altogether, 40,000 words combined in triplets label 57 trillion squares. Thus far, the system has been built in 10 langages: English, Spanish, French, German, Italian, Swahili, Portuguese, Swedish, Turkish and, starting next month, Arabic All together, this lingua franca requires only 5 megabytes of data, small enough to reside in any smartphone and work offline. Each square has its identity in its own language that is not a translation of another.

Messy addressing systems have measurable consequences. UPS, the world’s largest parcel delivery provider, calculated that if its trucks merely drove one mile less per day, the company would save $50m a year. In United Kingdom, bad addressing costs the Royal Mail £775m per year. "One might say latitude and longitude can solve this. Sure thing. Except that GPS coordinates require 16 digits, 2 characters (+/-/N/S/E/W), 2 decimal points, space and comma, to specify a location of the size of a housing block," writes Filloux. "Not helpful for a densely populated African village, or a Mumbai slum." The system is already being used to deliver packages in the favelas in Brasil with Cartero Amigo, solar lights to the Slums in India with Pollinate-Energy and mosquito traps in Tanzania with in2care. For What3Words, the decisive boost will come from its integration in major mapping suppliers such as Google Maps or Waze.

Submission + - Mozilla Has 'No Plans' To Offer Firefox Without Pocket

Submitted by Anonymous Coward on Friday November 13, 2015 @11:58AM

An anonymous reader writes: In June, Mozilla integrated Pocket into Firefox, garnering a mixed response from the browser’s community. This week, we stumbled upon a Bugzilla ticket (bug 1215694) to “move Pocket to a built-in add-on” and immediately reached out to the company. “There are currently no plans to offer a version of Firefox that doesn’t include Pocket,” Dave Camp, Firefox’s director of engineering, told VentureBeat.

Submission + - ThinkGeek Opens First Physical Store in Orlando (orlandosentinel.com)

Submitted by Enderxeno on Friday September 04, 2015 @07:59AM

Enderxeno writes: Online collectibles dealer ThinkGeek is opening a brick-and-mortar concept store at Florida Mall with the help of video game giant GameStop. On the cusp of a huge merchandising push with the new Star Wars movie coming out in December, Think Geek will open the store focused entirely on collectibles on Sept. 25, with pop culture brands such as Game of Thrones, Marvel and Minecraft. The store will also sell apparel.

Submission + - Firefox's Silent Requests

Submitted by Anonymous Coward on Friday August 14, 2015 @01:00PM

An anonymous reader writes: Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link. No CSS, no JavaScript, no prefetch required. Try it for yourself. Disable CSS and JavaScript and fire up iftop or Windows Resource Monitor, hover over some links and watch the fun begin. There once was a time when you hovered over a link to check the 'real link' before you clicked on it. Well no more. Just looking at it makes a 'silent request'.

This behavior is the result of the Mozilla speculative connect API . Here is a bug referencing the API when hovering over a thumbnail on the new tab page. And another bug requesting there be an option to turn it off. Strangely enough the latter bug is still labeled WONTFIX even though the solution is in the comments (setting network.http.speculative-parallel-limit to 0).

Firefox's own How to stop Firefox from making automatic connections also mentions setting network.http.speculative-parallel-limit to 0 to to stop predictive connections when a user "hovers their mouse over thumbnails on the New Tab Page or the user starts to search in the Search Bar" but no mention regarding hovering over a normal link. Good thing setting network.http.speculative-parallel-limit to 0 does appear to disable speculative connect on normal links too.

One can expect Firefox to make requests in the background to its own servers for things such as checking for updates to plugins etc. But silently making requests to random links on a page (and connecting to those servers) simply by hovering over them is something very different.

Submission + - CIA tried to crack security of Apple devices (theguardian.com)

Submitted by Anonymous Coward on Tuesday March 10, 2015 @07:47AM

An anonymous reader writes: The CIA led sophisticated intelligence agency efforts to undermine the encryption used in Apple phones, as well as insert secret surveillance back doors into apps, top-secret documents published by the Intercept online news site have revealed.

The newly disclosed documents from the National Security Agency's internal systems show surveillance methods were presented at its secret annual conference, known as the "jamboree".

Submission + - When FISA Court Rejects A Surveillance Request, The FBI Issues A NSL instead (techdirt.com)

Submitted by Anonymous Coward on Wednesday December 31, 2014 @04:45PM

An anonymous reader writes: At the same time, we've also been talking plenty about Section 215 of the PATRIOT Act, which allows the DOJ/FBI (often working for the NSA) to go to the FISA Court and get rubberstamped court orders demanding certain "business records." As Ed Snowden revealed, these records requests can be as broad as basically "all details on all calls." But, since the FISA Court reviewed it, people insist it's legal. And, of course, the FISA Court has the reputation as a rubberstamp for a reason — it almost never turns down a request.

However, in the rare instances where it does, apparently, the DOJ doesn't really care, knowing that it can just issue an NSL instead and get the same information. At least that appears to be what the DOJ quietly admitted to doing in a now declassified Inspector General's report from 2008. EFF lawyer Nate Cardozo was going through and spotted this troubling bit:

Submission + - America's New Particle Collider Is One Foot Long

Submitted by Jason Koebler on Wednesday November 05, 2014 @06:37PM

Jason Koebler writes: The CERN particle collider is 17 miles long. China just announced a supercollider that is supposed to be roughly 49 miles long. The United States' new particle collider is just under 12 inches long.
What the SLAC National Accelerator Laboratory's new collider lacks in size, it makes up for by using plasma to accelerate particles more than 500 times faster than traditional methods. In a recent test published in Nature, Michael Litos and his team were able to accelerate bunches of electrons to near the speed of light within the tiny chamber.

Submission + - UK Ham Radio Reg Plans to Drop 15min Callsign Interval And Allow Encryption (ofcom.org.uk)

Submitted by product_bucket on Thursday September 11, 2014 @10:32AM

product_bucket writes: A consultation [ofcom.org.uk] published by the UK Radio Regulator Ofcom seeks views on its plan to remove the mandatory 15 minute callsign identifier interval for amateur radio licensees. The regulator also intends to permit the use of encryption by a single volunteer emergency communications organisation.
The consultation is open until 20th October, and views are sought by interested parties.

Submission + - Ford replacing Microsoft Windows with Blackberry's QNX in new vehicles (financialpost.com) 1

Submitted by innocent_white_lamb on Monday February 24, 2014 @05:10PM

innocent_white_lamb writes: Ford has announced that their in-vehicle technology called Sync will be based on Blackberry's QNX operating system and will no longer use Microsoft Windows.
My own 2013 Ford Escape has the Windows-based Sync system. I wonder if they will issue an update to change it to QNX.

Comment Re:Could someone explain EMV chips? (Score 5, Informative) 146

by Enderxeno on Thursday January 02, 2014 @05:01PM (#45849941) Attached to: How to Avoid a Target-Style Credit Card Security Breach (Video)

The reason EMV is better is because the chip allows you to sign the transaction datagram before it is sent to the bank. The chip stores the specific cards signing cert and it can't be accessed, every time there is a transaction, the pin pad sends the transaction info to the card which encodes and signs it then it is sent to the processor. NFC and other tap transactions are just as safe because even if you intercept the info you can capture the signing cert and can't duplicate the transaction.

Submission + - The Mysterious Malware that Jumps Airgaps

Submitted by Hugh Pickens DOT Com on Thursday October 31, 2013 @11:48AM

Hugh Pickens DOT Com writes: Dan Goodwin writes at Ars Technica about a rootkit that seems straight out of a science-fiction thriller. According to security consultant Dragos Ruiu one day his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused and he also found that the machine could delete data and undo configuration changes with no prompting. Next a computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting and further investigation showed that multiple variants of Windows and Linux were also affected. But the story gets stranger still. Ruiu began observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped. With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on. It's too early to say with confidence that what Ruiu has been observing is a USB-transmitted rootkit that can burrow into a computer's lowest levels and use it as a jumping off point to infect a variety of operating systems with malware that can't be detected. It's even harder to know for sure that infected systems are using high-frequency sounds to communicate with isolated machines. But after almost two weeks of online discussion, no one has been able to rule out these troubling scenarios, either. "It looks like the state of the art in intrusion stuff is a lot more advanced than we assumed it was," says Ruiu. "The take-away from this is a lot of our forensic procedures are weak when faced with challenges like this. A lot of companies have to take a lot more care when they use forensic data if they're faced with sophisticated attackers."

Slashdot Top Deals