Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re: pointless (Score 4, Funny) 169

Just because you have a "smart" TV doesn't mean you're stuck using the "smart" bits. Plug in an HDMI cable or three to the video source of your choosing, and you never have to touch the smart OS stuff unless you want to.

Just because it has a network connection doesn't mean you have to connect it to a network.

Comment Re:Obsolete (Score 1) 96

Bots creating GoFundMe pages have replaced bums, no need to stand on the street holding a tin cup when you can create a bot to create an online story of distress and have it beg money for you.

That's what this article is about. There are two bots standing on the street corner holding their tin cups, jostling each other for position, and spilling half their money in the process. The AI is converging on a solution using cooperation, where each bot assesses the traffic, and parcels out the begging duty to the robot more likely to succeed with that particular potential donor.

In other words, "two bots one cup".

Submission + - Google has demonstrated a successful practical attack against SHA-1 (googleblog.com)

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Comment Re:These two may have been least at risk (Score 1) 54

There are plenty of people I know who would fall for this, because they simply don't know. They were issued a laptop for work and were told it was secured through a VPN, but don't understand how networks or routing actually works. They think they're secure only because an expert told them that VPNs are secure.

And not all VPNs are secure. Corporate VPN solutions are increasingly looking to split tunnelling to cut costs: internal corporate IP addresses are correctly routed to the VPN tunnel interface, so things like internal email and corporate web sites are all secured, but the external IP addresses (Google, Microsoft, Slashdot, etc.,) are left to route through the local gateway, reducing bandwidth through the corporate network. So if your wireless adapter connects to a WiFi Pineapple using one of those corporate laptops (thinking it's connecting to a conference AP or something), the rogue AP will faithfully route the still-secure VPN traffic to the proper corporate headquarters servers, but it will just as happily MiTM the rest of the regular unsecured traffic, scanning for credentials, cookies, API keys, or whatever other external sites the computer may happen to access. They could expose personal email account credentials, various web apps, DNS requests, discovery packets, or other loud network traffic. And this allows scenarios where the browser gets cache poisoned while browsing the unsecured web, then used to connect to an internal corporate web site where the malicious cached javascript echoes all the booty back to the attacker.

Of course, you expect the tech folks at the RSA conference would know how it all works, but a significant fraction of the attendees are not tech employees. There are no doubt many finance people; executives with expense accounts and instructions to "come back with a security contract"; salespeople; politicians; and the press in attendance.

I just hope the guys with the rogue access points are no worse than gray hats who are posting them on a Wall of Sheep somewhere at the conference, and not actually hacking the attendees.

Comment Re:Let's be clear on what we mean by election hack (Score 1) 251

Thats true but they were also used as a club.... that, along with the collusion with the major media outlets (providing access in return for not covering Bernie, always displaying the electoral count with super delegates to make people feel like voting for him was hopeless and providing Hillary with the questions to a debate ahead of time).

If super delegates didn't exist at least part of that collusion would have been considerably less effective and we might have had a different outcome... and of course that doesn't even get into the question of voter suppression and the mysterious access that each campaign had to each others data due to a system put in place by Hillary's supporters.

Everything about that primary stunk to high heaven but we already knew that.

Slashdot Top Deals

"Text processing has made it possible to right-justify any idea, even one which cannot be justified on any other grounds." -- J. Finnegan, USC.

Working...