Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Chinese Researchers Hijack Tesla Cars From Afar (helpnetsecurity.com)

Submitted by Anonymous Coward
An anonymous reader writes: Tesla car owners are urged to update their car’s firmware to the latest version available, as it fixes security vulnerabilities that can be exploited remotely to take control of the car’s brakes and other, less critical components. The vulnerabilities were discovered by researchers from Tencent’s Keen Security Lab, who managed to remotely open various Tesla cars’ sunroof, turn on the blinkers, move the car seat, and open doors, all while the cars were in parking mode. But they have also managed to control windshield wipers, fold the side rearview mirrors, open the trunk, and manipulate the brakes from 12 miles away.

Submission + - 880,000 Users Exposed In MoDaCo Data Breach (helpnetsecurity.com)

Submitted by Anonymous Coward
An anonymous reader writes: Subscribers of UK-based MoDaCo, a forum specialising in smartphone news and reviews, have been unpleasantly surprised by notifications that the site and their account have been compromised. But not all subscribers have been notified, and that’s because the alert didn’t come from the site admins, but from the Have I Been Pwnd? service. The service allows users to submit their email address, and notifies them when it’s found in data batches stolen in breaches. According to the notification, MoDaCo suffered a data breach in January 2016, and the attacker made off with email and IP addresses, and usernames and passwords (stored as salted MD5 hashes) of nearly 880,000 subscribers.

Submission + - Vine's Source Code Was Accidentally Made Public For 5 Minutes (theregister.co.uk)

Submitted by Anonymous Coward
An anonymous reader writes: Vine, the six-second-video-loop app acquired by Twitter in 2012, had its source code made publicly available by a bounty-hunter for everyone to see. The Register reports: "According to this post by @avicoder (Vjex at GitHub), Vine's source code was for a while available on what was supposed to be a private Docker registry. While docker.vineapp.com, hosted at Amazon, wasn't meant to be available, @avicoder found he was able to download images with a simple pull request. After that it's all too easy: the docker pull https://docker.vineapp.com/lib... request loaded the code, and he could then open the Docker image and run it. 'I was able to see the entire source code of Vine, its API keys and third party keys and secrets. Even running the image without any parameter, [it] was letting me host a replica of Vine locally.' The code included 'API keys, third party keys and secrets,' he writes. Twitter's bounty program paid out – US$10,080 – and the problem was fixed in March (within five minutes of him demonstrating the issue)."

Submission + - NIST Prepares to Ban SMS-Based Two-Factor Authentication (softpedia.com)

Submitted by Anonymous Coward
An anonymous reader writes: The US National Institute for Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban of SMS-based Two-Factor Authentication (2FA).

The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone, and because in the case of VoIP connections, SMS messages may be intercepted and not delivered to the phone.

The guideline recommends the usage of tokens and software cryptographic authenticators instead. Even biometrics authentication is considered safe, under one condition: "Biometrics SHALL be used with another authentication factor (something you know or something you have)," the guideline's draft reads.

Submission + - Chinese State Company Unveils World's Largest Seaplane (theguardian.com)

Submitted by Anonymous Coward
An anonymous reader writes: China has completed production of the world’s largest amphibious aircraft, state media has said, the latest effort in the country’s program to wean itself off dependence on foreign aviation firms. The state-owned Aviation Industry Corporation of China (AVIC) unveiled the first of the new planes, dubbed the AG600, Saturday in the southern port city of Zhuhai, the official Xinhua news agency reported. The aircraft, which has a maximum range of 4,500 km (2,800 miles), is intended for fighting forest fires and performing marine rescues, it said. At around the size of a Boeing 737, it is far larger than any other plane built for marine take off and landing, Xinhua quoted AVIC’s deputy general manager Geng Ruguang as saying. The AG600 could potentially extend the Asian giant’s ability to conduct a variety of operations in the South China Sea, where it has built a series of artificial islands featuring air strips, among other infrastructure with the potential for either civilian or military use.

Submission + - NVIDIA Unveils Quadro P6000 With 24GB GDDR5X, 3840 Cores, Beefier Than Titan X (hothardware.com)

Submitted by MojoKid
MojoKid writes: NVIDIA Stepped out at Siggraph today and announced yet another monster GPU, this time for the professional graphics market. The Quadro P6000 is even a step beyond the recently announced Titan X, with 3840 CUDA cores and 12 TFLOPs of compute power at its disposal. You won't find next-generation High Bandwidth Memory here (aka HBM2) like the P100, but the professional graphics card does pack in a healthy 24GB of 10GHz GDDR5X memory. The card is also equipped with four DisplayPort 1.4 ports and one DVI connector and can support up to four displays at 4092x2160 @ 120Hz or four displays at 5120x2880 @ 60Hz. In addition to the new 16nm Pascal-based Quadro cards, NVIDIA also announced that it is extending its VRWorks SDK to include the acceleration of 360-degree video stitching. Additional capabilities are coming to NVIDIA's DGX-1 server as well.

Submission + - Putin's Cyberattacks May Be to Aid Trump's Presidential Campaign

Submitted by HughPickens.com
HughPickens.com writes: The NYT reports that the release on Friday of some 20,000 stolen emails from the Democratic National Committee’s computer servers, many of them embarrassing to Democratic leaders, has intensified discussion of the role of Russian intelligence agencies in disrupting the 2016 presidential campaign. The emails, released by WikiLeaks, exposed the degree to which the Democratic apparatus favored Hillary Clinton over her primary rival, Senator Bernie Sanders of Vermont, and triggered the resignation of Debbie Wasserman Schultz, the party chairwoman, on the eve of the convention’s first day.

Proving the source of a cyberattack is difficult but all the forensic evidence points toward Russian intelligence agencies as the perpetrators of the theft of the national committee emails, given the close similarities between this attack and previous Russian cyberoperations. It is less clear who gave the emails to WikiLeaks, but the same agencies are the prime suspects. Whether the leaks were ordered by Mr. Putin, or just designed by apparatchiks who thought it might please him, is anyone’s guess. On Sunday morning, the issue erupted, as Mrs. Clinton’s campaign manager, Robby Mook, argued on ABC’s “This Week” that the emails were leaked “by the Russians for the purpose of helping Donald Trump” citing “experts” but offering no other evidence. So why would Putin want to support Donald Trump for President? Mook suggests that the Russians might have good reason to support Trump because of Trump's views on NATO: The Republican nominee indicated in an interview with The New York Times that he might not back NATO nations if they came under attack from Russia — unless he was first convinced that the counties had made sufficient contributions to the Atlantic alliance.

Submission + - China Releases Footage of Mid-Air Ballistic Missiles Destroying Target (mirror.co.uk)

Submitted by Anonymous Coward
An anonymous reader writes: China has released footage of its first interception test of a mid-air ballistic missile, destroying a target miles above Earth. Footage of the experiment, which took place in 2010, has never been made public until now. According to Chinese news agency CCTV, Xu Chunguang, an expert working at a military base in northwest China, said: "All of our research is meant to solve problems that may crop up in future actual combats." It reportedly took researchers another three years to develop the core technologies to improve the system. A second successful test was reportedly conducted in January 2013. China's decision to finally release the footage could be seen as a warning shot to the US, which was critical of China for not notifying the Pentagon of the tests at the time. In May, China announced it would send submarines armed with nuclear missiles into the Atlantic Ocean, arguing it had little choice if America continued to advance its weapons systems.

Submission + - OpenVZ 7.0 released (openvz.org)

Submitted by ligurio
ligurio writes: Today Virtuozzo company announced the release of OpenVZ 7.0. The new release focuses on merging OpenVZ and Virtuozzo source codebase, replacing Parallels hypervisor with KVM. Key changes in comparison to the last stable OpenVZ release:
  • OpenVZ 7.0 becomes a complete Linux distribution based on the VzLinux
  • The main difference between the Virtuozzo (commercial) and OpenVZ (free) versions are the EULA, packages with paid features, and Anaconda installer
  • The user documentation is publicly available
  • EZ templates can be used instead of tarballs with template caches
  • Additional features (see below)

This OpenVZ 7.0 release provides the following major improvements:

  • RHEL7 (3.10+) kernel.
  • KVM/QEMU hypervisor.
  • Guest tools for virtual machines that currently allow the following: to execute commands in VMs from the host, to set user passwords, to set and obtain network settings, to change SIDs, to enter VMs.
  • Unified management of containers and KVM virtual machines with the prlctl tool and SDK. You get a single universal toolset for all your CT/VM management needs.
  • UUIDs are used to identify both virtual machines and containers. With containers, prlctl treats the former VEID parameter as name.
  • Virtual machine HDD images are stored in the QCOW2 format.
  • Ability to manage containers and VMs with libvirt and virt-manager or virsh via a single driver for containers and virtual machines. Libvirt is an open-source API, daemon, and management tool for managing virtualization platforms. The API is widely used in the orchestration layer of hypervisors for cloud-based solutions. OpenVZ considers libvirt as the standard API for managing both virtual machines and containers. Libvirt provides storage management on the physical host through storage pools and volumes which can be used in OpenVZ containers.
  • Memory guarantees. A memory guarantee is a percentage of container's or virtual machine's RAM that said container or VM is guaranteed to have.
  • Memory hotplugging for containers and VMs that allows both increasing and reducing CT/VM memory size on the fly, without the need to reboot. Your customers can now scale their workloads without any downtime. This feature also enables you to make PAYG offerings, allowing customers to change VM resources depending on workload and potentially pay less.
  • Kernel same-page merging. To optimize memory usage by virtual machines, OpenVZ uses a Linux feature called Kernel Same-Page Merging (KSM). The KSM daemon ksmd periodically scans memory for pages with identical content and merges those into a single page.
  • VCMMD, the fourth-generation unified memory manager, and vcmmd, a single daemon for managing memory of both virtual machines and containers. OpenVZ 7 uses memcg. Balancing and configuring memcg limits enables getting the exact OpenVZ parameters like overcommit, shadow gangs, swap, page cache overuse.
  • Container live migration via CRIU and P.Haul. In the previous versions of OpenVZ, most operations performed during migration were done in the kernel space. As a result, the migration process imposed a lot of restrictions. To improve upon migration, Virtuozzo launched the CRIU project aiming to move most of the migration code to the user space, make the migration process reliable, and remove excessive restrictions.
  • Containers use cgroups and namespaces that limit, account for, and isolate resource usage as isolated namespaces of a collection of processes. The beancounters interface remains in place for backward compatibility and, at the same time, acts as a proxy for actual cgroups and namespaces implementation.
  • SimFS remains in OpenVZ 7.0, however, the support is limited and we don't have plans to improve it in future.

All binary components as well as installation ISO images are freely available at the OpenVZ download server and mirrors. The source code of each component is available in the public repository.

Submission + - NVIDIA Announces World's Fastest GPU At SIGGRAPH 2016: 12TFLOP Quadro P6000

Submitted by Deathspawner
Deathspawner writes: At the ongoing SIGGRAPH 2016 conference, held in Anaheim, California, NVIDIA had a bevy of announcements to make, including a big one: Pascal-based Quadro professional workstation cards are en route. Similar to the latest TITAN X which was announced last week, the new top-end Quadro P6000 is based on the same GP102 architecture, but contains 256 more cores. This makes the P6000 an effective 12 TFLOPs (FP32) graphics card. Also announced was the 8.9 TFLOPs Quadro P5000, as well as updates to the company's Iray render (for VR), its DGX-1 deep-learning machine, and also its mental ray plugin for Autodesk Maya users.

Submission + - Bitcoin Not Money, Rules Miami Judge In Dismissing Laundering Charges (miamiherald.com)

Submitted by Anonymous Coward
An anonymous reader writes: Bitcoin does not actually qualify as money, a Miami-Dade judge ruled Monday in throwing out criminal charges against a Miami Beach man charged with illegally selling the virtual currency. The defendant, Michell Espinoza, was charged with illegally selling and laundering $1,500 worth of Bitcoins to undercover detectives who told him they wanted to use the money to buy stolen credit-card numbers. But Miami-Dade Circuit Judge Teresa Mary Pooler ruled that Bitcoin was not backed by any government or bank, and was not “tangible wealth” and “cannot be hidden under a mattress like cash and gold bars.” “The court is not an expert in economics, however, it is very clear, even to someone with limited knowledge in the area, the Bitcoin has a long way to go before it the equivalent of money,” Pooler wrote in an eight-page order. The judge also wrote that Florida law – which says someone can be charged with money laundering if they engage in a financial transaction that will “promote” illegal activity – is way too vague to apply to Bitcoin. “This court is unwilling to punish a man for selling his property to another, when his actions fall under a statute that is so vaguely written that even legal professionals have difficulty finding a singular meaning,” she wrote.

Submission + - MIT Made a Movie Screen That Brings Glasses-Free 3D To All Seats (techcrunch.com)

Submitted by Anonymous Coward
An anonymous reader writes: MIT has developed a glasses-less 3D display for movie theaters. The Nintendo 3DS is one of a handful of devices to feature glasses-less 3D, but it is designed for a single users where the user is looking at the display head-on at a relatively specific angle. It's not something made for a movie theater with hundreds of seats, each of which would have a different viewing angle. What's neat about MIT's 3D display is that it doesn't require glasses and it lets anyone see the 3D effect in a movie theater, no matter where they are sitting. The MIT Computers Science and Artificial Intelligence Lab (CSAIL) created the prototype display called 'Cinema 3D' that uses a complex arrangement of lenses and mirrors to create a set number of parallax barriers that can address every viewing angle in the theater based on seat locations. It works in a movie theater because the seats are in fixed locations, and people don't tend to move around, change seats or alter their viewing angle too much. What's also neat about the Cinema 3D is that is preserves resolution, whereas other glasses-less 3D displays carry cots in terms of image resolution. The prototype is about the size of a letter-sized notepad, and it needs 50 sets of mirrors and lenses. It should be ready for market once researchers scale it up to a commercially viable product.

Submission + - Facebook Admits Blocking Wikileaks' DNC Email Links, But Won't Say Why (thenextweb.com)

Submitted by Anonymous Coward
An anonymous reader writes: Facebook has admitted it blocked links to WikiLeaks' DNC email dump, but the company has yet to explain why. WikiLeaks has responded to the censorship via Twitter, writing: "For those facing censorship on Facebook etc when trying to post links directly to WikiLeaks #DNCLeak try using archive.is." When SwiftOnSecurity tweeted, "Facebook has an automated system for detecting spam/malicious links, that sometimes have false positives. /cc," Facebook's Chief Security Officer Alex Stamos replied with, "It's been fixed." As for why there was a problem in the first place, we don't know. Nate Swanner from The Next Web writes, "It’s possible its algorithm incorrectly identified them as malicious, but it’s another negative mark on the company’s record nonetheless. WikiLeaks is a known entity, not some torrent dumping ground. The WikiLeaks link issue has reportedly been fixed, which is great — but also not really the point. The fact links to the archive was blocked at all suggests there’s a very tight reign on what’s allowed on Facebook across the board, and that’s a problem." A Facebook representative provided a statement to Gizmodo: "Like other services, our anti-spam systems briefly flagged links to these documents as unsafe. We quickly corrected this error on Saturday evening."

Slashdot Top Deals

try again

Close