Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - Cybersecurity Talent Crisis Continues, Technical Skills In High Demand (helpnetsecurity.com)

Orome1 writes: In 2015, 209,000 cybersecurity jobs went unfilled in the United States alone. Despite 1 in 4 respondents to a new Intel Security survey confirming their organizations have lost proprietary data as a result of their cybersecurity skills gap, there are no signs of this workforce shortage abating in the near-term. An average of 15 percent of cybersecurity positions in companies will go unfilled by 2020. The demand for cybersecurity professionals is outpacing the supply of qualified workers, with highly technical skills the most in need across all countries surveyed. In fact, skills such as intrusion detection, secure software development and attack mitigation were found to be far more valued than softer skills including collaboration, leadership and effective communication.

Submission + - Getty Sued For $1 Billion For Selling Publicly Donated Photos

An anonymous reader writes: Online stock media library Getty Images is facing a $1 billion lawsuit from an American photographer for illegally selling copyright for thousands of photos. The Seattle-based company has been sued by documentary photographer Carol Highsmith for ‘gross misuse’, after it sold more than 18,000 of her photos despite having already donated them for public use. Highsmith’s photos which were sold via Getty Images had been available for free via the Library of Congress. Getty has now been accused of selling unauthorised licenses of the images, not crediting the author, and for also sending threatening warnings and fines to those who had used the pictures without paying for the falsely imposed copyright.

Submission + - Obama Defines How The US Government Will Respond To Cyber Incidents (helpnetsecurity.com)

Orome1 writes: US president Barack Obama approved on Tuesday the Presidential Policy Directive on United States Cyber Incident Coordination (PPD-41). The PPD-41 is especially geared towards defining the Federal government’s response to “significant” cyber incidents, i.e. incidents that can “result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.”

Submission + - LastPass Zero-Day Can Lead To Account Compromise (helpnetsecurity.com)

Orome1 writes: A zero-day flaw in the popular password manager LastPass can be triggered by users visiting a malicious site, allowing attackers to compromise the users’s account and all the sensitive information in it. The discovery was made by Google Project Zero researcher Tavis Ormandy who, after probing a slew of AV solutions and finding serious security holes in them, has apparently set his sights on widely used password management solutions. Aside from that flaw, he also found “a bunch of obvious critical problems,” but responsibly chose not share publicly any more details about any of the flaws until the developers have a chance to fix them.
Security

Pop Star Tells Fans To Send Their Twitter Passwords, But It Might Be Illegal (arstechnica.com) 114

Cyrus Farivar, reporting for Ars Technica: As a new way to connect with his fans, Jack Johnson -- one half of the pop-rap duo Jack & Jack, not to be confused with the laid back Hawaiian singer-songwriter of the same name -- has spent the last month soliciting social media passwords. Using the hashtag #HackedByJohnson, the performer has tweeted at his fans to send him their passwords. (Why he didn't go for the shorter and catchier #JackHack, we'll never know.) Then, Johnson posts under his fans' Twitter accounts, leaving a short personalized message, as them. While Johnson and his fans likely find this password sharing silly and innocuous, legal experts say that Jack Johnson, 20, may be opening himself up to civil or criminal liability under the Computer Fraud and Abuse Act, a notorious anti-hacking statute that dates back to the 1980s. "While the entertainer in question likely considers this password collection to be a harmless personalized promotional activity, there may indeed be legal implication of both the fans' and the entertainer's conduct," Andrea Matwyshyn, a law professor at Northeastern University, told Ars.
Earth

54C Recorded In Kuwait Likely Hottest On Record In Asia (foxnews.com) 351

An anonymous reader writes from an Associated Press report: The UN weather agency said it suspects that the 54C temperature recorded in Kuwait has set a record for the eastern hemisphere. The World Meteorological Organisation (WMO) said Tuesday it is setting up a committee to look into whether the temperature recorded last Thursday in Mitrabah, Kuwait, was a new high for the eastern hemisphere and in Asia. WMO's Omar Baddour said it is "likely" to be an eastern hemisphere record. Last week, swathes of the Middle East and North Africa and were hit by heatwaves that have become more frequent over the last half-century, and Earth is fresh off the hottest six months on record. WMO says the world record high of 56.7C was recorded at Furnace Creek in Death Valley, California, in 1913. In the UAE, highs of 49C are expected inland on Wednesday. Last year, the mercury rose above 50C in Sweiham, near Al Ain.An article on Citylab, citing NOAA's latest analysis notes that it was the warmest June in the modern history and also the 14th consecutive month of unprecedented hotness.
Movies

Slashdot Asks: What's Next For Netflix? (500ish.com) 192

What does the future hold for Netflix? The company first earned a name for itself over a decade ago renting DVDs via mails in an era when Blockbuster used to laugh at the mere idea of DVDs-by-mail. It then moved to offering online streaming service way before most of the companies. As VC and former journalist MG Siegler writes, Netflix was always ahead of the curve. But the market -- and the demand from the market is changing, again. To address that, the on-demand streaming service has over the past three-four years started to invest heavily in getting exclusive rights for movies and TV shows, as well as make its own original content. But this time, Netflix is facing immense competition from its rivals -- and its moves aren't that unpredictable. It's also worth pointing out just recently, the company's decision to hike prices led its stocks to tank. Siegler writes: The streaming content game is now hyper competitive. And even the streaming original content game has gotten extremely competitive. And this means it has gotten extremely expensive. The result has been great for us, the users, as we do seem to be in a golden age of television-like content, even if it's being delivered via streaming "channels" like Netflix. With 54 Emmy nominations this year, second to only HBO, Netflix is seemingly closing in on what they set out to do once again. They've become HBO faster than HBO has been able to become Netflix. Of course, HBO still has the warm blanket of cable operator fees to keep them cozy; Netflix's model has them a bit out in the cold in that regard. So, again, what's next? Is it VR? Something else? Don't tell me it's 4k. Worldwide expansion is huge, but that's really just growing into the last business. What's the next business pivot?What you, Slashdot readers, think Netflix's next move will be? Or do you think the company will soon become just another name in its respective category?

Submission + - Low-Cost Wireless Keyboards Open To Keystroke Sniffing And Injection Attacks (helpnetsecurity.com)

Orome1 writes: Bastille Networks researcher Marc Newlin has discovered a set of security vulnerabilities in low-cost wireless keyboards that could be exploited to collect all passwords, security questions, sensitive personal, bank account and payment card info users input through them. The problem with the vulnerable keyboards is that they don’t encrypt the keystroke data before they transmit it wirelessly to the USB dongle, and that’s because their manufacturers opted to use unencrypted radio communication protocols. The transceivers used in the vulnerable keyboards do not support firmware updates, so they will remain vulnerable forever.
AMD

AMD Unveils Radeon Pro WX and Pro SSG Professional Graphics Cards (hothardware.com) 53

MojoKid writes: AMD took the wraps off its latest pro graphics solutions at SIGGRAPH today, and announced three new professional graphics cards in the new Polaris-based Radeon Pro WX Series. The Radeon Pro WX 4100 is the entry-level model with a half-height design for use in small form-factor workstations. The Radeon Pro WX 5100 is the middle child, while the Radeon Pro WX 7100 is AMD's current top-end WX model. The Radeon Pro WX 7100 has 32 compute units, offers 5 TFLOPs of compute performance, and is backed by 8GB of GDDR4 memory over a 256-bit memory interface. The Radeon Pro WX 5100 offers 28 compute units and 4 TFLOPs of performance along with 8GB memory over the same 256-bit interface, and the Radeon Pro WX 4100 is comprised of 16 compute units at 2 TFLOPs of perf with 4GB memory over a 128-bit memory link. The Radeon Pro WX 4100 has four mini DisplayPort outputs, while the Radeon Pro WX 5100 and 7100 each have four full-size DisplayPort connectors. None of these cards will be giving the new NVIDIA Quadro P6000 a run for its money in terms of performance, but they don't have to. The Quadro card will no doubt cost thousands of dollars, while the Radeon Pro WX 7100 will eek in at just under $1,000. The Radeon Pro WX 5100 and 4100 will slot in somewhat below that mark. AMD also announced the Radeon Solid State Storage Architecture and the Radeon Pro SSG card today. Details are scant, but AMD is essentially outfitting Radeon Pro SSG cards with large amounts of Solid State Flash Memory, which can allow much larger data sets to reside close to the GPU in an extended frame buffer. Whereas the highest-end professional graphics cards today may have up to 24GB of memory, the Radeon Pro SSG will start with 1TB, linked to the GPU via a custom PCI Express interface. Giving the GPU access to a large, local data repository should offer significantly increased performance for demanding workloads like real-time post-production of 8K video, high-resolution rendering, VR content creation and others.

Submission + - What Does Yahoo's Downfall Teach Us? (chrisshort.net)

oaf357 writes: What does Yahoo's downfall teach us? That you must bring together a great team. The assembled players have to push people to build great features (the content will come, as exemplified by Medium, Snapchat, Facebook, etc.). That team must also do its due diligence in an effort to add value to the company. Now we all get to see how Verizon will deal with Yahoo assuming that deal gets approved, of course.

Submission + - UAC Bypass Attack On Windows 10 Allows Malicious DLL Loading (helpnetsecurity.com) 1

Orome1 writes: Security researchers Matt Graeber and Matt Nelson have discovered a way to run a malicious DLL on Windows 10 without the User Account Control (UAC) springing into action and alerting users of the potential danger. By modifying a default scheduled task (“SilentCleanup”) associated with the Disk Cleanup utility, they were able to trigger the running of a specially crafted DLL file without triggering UAC. That’s because SilentCleanup on Windows 10 is configured “to be launchable by unprivileged users but to run with elevated/high integrity privileges.”
Earth

Feds To Deploy Anti-Drone Software Near Wildfires (thehill.com) 170

An anonymous reader quotes a report from The Hill: Federal officials are launching a new "geofencing" program to alert drone pilots when they're flying too close to wildfire prevention operations. The Department of Interior said Monday it would deploy software warnings to pilots when their drones pose a risk to the aircraft used by emergency responders fighting wildfires. The agency said there have been 15 instances of drones interfering with firefighter operations this year, including several leading to grounded aircraft. Drone-related incidents doubled between 2014 and 2015, the agency said. Officials built the new warning system with the drone industry, and the agency said manufacturers could eventually use it to build drones that automatically steer away from wildfire locations. The program is in its pilot phase, the agency said; officials hope to have a full public release in time for next year's wildfire season. "No responsible drone operator wants to endanger the lives of the men and women who work to protect them and we believe this program, which uses the global positioning system to create a virtual barrier, will move us one step closer to eliminating this problem for wildfire managers," Mark Bathrick, the director of the Interior Department's Office of Aviation Service, said in a statement.
Communications

NIST Prepares To Ban SMS-Based Two-Factor Authentication (softpedia.com) 147

An anonymous reader writes: "The U.S. National Institute for Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban of SMS-based Two-Factor Authentication (2FA)," reports Softpedia. The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone number, and because in the case of VoIP connections, SMS messages may be intercepted and not delivered to the phone. The guideline recommends the usage of tokens and software cryptographic authenticators instead. Even biometrics authentication is considered safe, under one condition: "Biometrics SHALL be used with another authentication factor (something you know or something you have)," the guideline's draft reads. The NIST DAG draft reads in part: "If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance."

Slashdot Top Deals

Multics is security spelled sideways.

Working...