Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Apple deprecating Quicktime for Windows, says Trend Micro (trendmicro.com)

harryjohnston writes: Usually when a vendor deprecates a software product and stops releasing security updates, they provide some sort of advance notice that they're intending to do so. The least we would expect is for them to announce an unexpected end-of-life themselves. However, Trend Micro released a security advisory today describing two zero-day vulnerabilities for Quicktime for Windows, and according to them, Apple told Trend Micro — but apparently nobody else — that they have deprecated Quicktime for Windows and will not be releasing a patch.

The Register has an article on the announcement. Apple did not respond to their request for comment.

Submission + - Solar panel developed that can generate electricty from rain. (sciencenewsjournal.com) 1

Socguy writes: Scientists in China have developed a prototype solar panel with a single atom thick layer of graphene on the surface. This layer allows the panel to generate electricity, not just from the sun but also from any rain that falls on it. This development promises to further boost the output of solar panels during times of less than optimal conditions.

Submission + - Sophisticated Bribe Scheme Helped Crooks Whitelist Malware on Chinese Antivirus

An anonymous reader writes: Malware operators have bribed employees of a gaming company to bundle malware with their mobile apps, which they've sent to Chinese antivirus maker to get whitelisted inside their product, based on a good faith agreement between the two. With their trojan whitelisted on Qihoo's products, the crooks bought goods on TaoBao (eBay clone), and later asked store owners for refunds by sending them a picture of the product. The picture was laced with the malware, which the antivirus failed to detect, and later started a keylogger that recorded the store owners' AliPay credentials and sent them to the crooks.

Submission + - Over 135 million routers vulnerable to denial-of-service flaw

schwit1 writes: The problem lies with how a widely-used router, the ArrisSurfBoard SB6141, handles authentication and cross-site requests.

Arris (formerly Motorola) said that it has sold more than 135 million of the SurfBoard SB6141 routers. That means the millions of Comcast, Time Warner Cable, or Charter customers who are shipped one of these routers when they subscribe are vulnerable.

The flaw is so easy to exploit that anyone on an affected network can be tricked into clicking on a specially crafted web page or email.

Security researcher David Longenecker, who found the flaws and posted the write-up on the Full Disclosure list earlier this week, released the "exploit" link after Arris stopped responding to emails he sent as part of the responsible disclosure process.

There's no practical fix for the flaw, according to Longenecker.

"The simplest solution would be a firmware update such that the web [user interface] requires a username and password before allowing disruptive actions such as rebooting or resetting the modem, and that validates that a request originated from the application and not from an external source," he said.

But even if Arris released a fix, he said that the cable modems are not upgradable by their owners, meaning the internet provider would have to roll out the fix.

Submission + - Every Voter in Philippines Exposed in Mega Hack (infosecurity-magazine.com)

schwit1 writes: The database of the Philippine Commission on Elections (COMELEC) has been breached and the personal information of 55 million voters potentially exposed in what could rank as the worst ever government data breach anywhere.

The website of COMELEC was compromised on 27 March by Anonymous, before LulzSec Pilipinas stuck the database online days later.

It’s believed Anonymous’ motivation was to persuade the commission to switch on security features in the vote counting machines ahead of national elections on 9 May.

“Our[trend Micro] research showed that massive records of PII, including fingerprints data were leaked. Included in the data COMELEC deemed public was a list of COMELEC officials that have admin accounts,” the firm said in a blog post.

Submission + - ubuntuBSD Is Looking to Become an Official Ubuntu Flavor

prisoninmate writes: ubuntuBSD maintainer and lead developer Jon Boden is now looking for a way for his operating system to contribute to the Ubuntu community and, eventually, become an official Ubuntu flavor. Just two weeks ago, we introduced you guys to the ubuntuBSD project, whose main design goal is to bring users an operating system powered by the FreeBSD kernel while offering them the familiarity of the Ubuntu Linux OS. Right now, ubuntuBSD is in heavy development, with a fourth Beta build out the door, and it looks like the developer already seeks official status and wants to contribute all of his work the main Ubuntu channels. We're now waiting for Canonical's response.

Submission + - OpenBazaar is Open for Business (openbazaar.org)

llamalad writes: OpenBazaar is now released on the mainnet and is ready for real transactions. You can download the program on the OpenBazaar website.

If you're not familiar with OpenBazaar, it's a decentralized peer-to-peer network for trade that uses Bitcoin. That trade happens directly between buyers and sellers with no one in the middle — and no fees or restrictions on trade.

Submission + - Google pulls Taliban's smartphone app from online store

Frosty Piss writes: Google has removed a Taliban-developed online application for Android smartphones aimed at increasing the militant group's visibility worldwide. The Pashto language app includes content such as official statements and videos from the Taliban, which has waged a jihad in Afghanistan for more than 14 years since it was ousted in 2001 with help from the U.S. The app was part of the Taliban's digital campaign to attract a bigger audience worldwide. The movement has an updated website run in five languages including English and Arabic, as well as Twitter and Facebook accounts providing daily updates on its insurgency. A Google spokeswoman confirmed Sunday the app is no longer available from the company’s Play Store.

Submission + - CloudFlare aims to block fewer legitimate Tor users (pcworld.com)

SpacemanukBEJY.53u writes: CloudFlare said it is working on ways to stop Tor users from seeing so many CAPTCHAs when browsing the Web. CloudFlare's popular content delivery network is used by many websites to stop abusive behavior such as denial-of-service attacks and spam. But since Tor exit nodes are often associated with bad behavior, the effect is many legitimate Tor users face a terrible browsing experience and are constantly presented with CAPTCHAs. CloudFlare has a few ideas for how to make it better, some of which would require cooperation from The Tor Project.

Submission + - ESA is asking to mine data from Mars Express telemetry to prolong its life (esa.int)

Dario Izzo writes: The Mars Express spacecraft from ESA has been orbiting the Red Planet for 12 years. While its controllers know the spacecraft inside out, additional insights are hidden within the mounds of telemetry the mission generates – inspiring the first of ESA’s new data mining competitions: the Mars Express Power Challenge. The goal is to use machine learning techniques to predict Mars Express’s thermal power consumption during the martian year ahead, based on its past telemetry. ESA is targeting the international data mining and machine learning community – including students, research groups or companies”. The website Kelvins is hosting the competition.

Submission + - Regis McKenna's 1976 notes on his new client, Apple Computer (fastcompany.com)

harrymcc writes: Apple, which was established as a partnership on April 1, 1976, officially turns 40 today. Over at Fast Company, I wrote about its original marketing guru, Regis McKenna, and the notes he took when he was formulating a marketing plan for the company that year. They're an amazing snapshot of where the tiny startup was and where it hoped to go.

Submission + - Reddit has deleted its 'warrant canary' (reuters.com)

Arthur Dent '99 writes: Today Reddit deleted wording in its transparency report that would normally indicate that they had not received any "national security letters" or "other classified requests for user information". Such "national security letters" contain penalties for telling anyone about the request, as the government wishes to keep the request secret. However, because Reddit had placed pre-existing wording in their transparency report in the event of such a letter, they were able to simply delete the existing wording to passively inform others that a request had been received, without actually saying anything at all. This usage of pre-existing wording is known as a "warrant canary" to indicate danger, much as real canaries were used in the past to indicate the presence of deadly gases in coal mines.

Submission + - Hybrid Airships Order - part airship, aircraft, helicopter and hovercraft (ibtimes.co.uk)

boley1 writes: This is a pretty big deal. Lockheed Martin's Hybrid Enterprises is finalizing their first order for their (based on the P-791) fly-by-wire tri-hull airship. The airship hauls cargo (21tons) and people (19) at speeds more like a fast boat than airplane. No water, roads, or airstrips required. Deliveries expected next year.
"Straightline Aviation has signed a deal with Lockheed Martin's Hybrid Enterprises to purchase the hybrid airships. At a deal value of $480m (£333.93m, €425m), the British company is set to buy 12 of Lockheed's airships which are part-airship, part-aircraft, part-helicopter and part-hovercraft."

Comment Re: More Microsoft PR Here Today? (Score 1, Flamebait) 143

I am bitching about the ratio of MS PR stories to Firehose submissions having been massively skewed in the last couple of days. I identified that the dev conference is the basic cause, so we agree on that point. THAT's my issue. It is annoying to me, so I bitch about it. I get modded down, I get up again.

Slashdot Top Deals

The possession of a book becomes a substitute for reading it. -- Anthony Burgess

Working...