Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Microsoft Widens Edge Browser Bug Hunt For Bounty Hunters (theregister.co.uk) 8

Microsoft said today it is expanding its program for rewarding those who find and report bugs in Edge, its latest web browser, enabling bounty hunters to claim their prize for a broader range of vulnerabilities. The Register adds: The snappily titled "Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Programme" was launched in August, and enabled anyone to report vulnerabilities they discover in Microsoft Edge in exchange for flippin' great wodges of cash. Now, the firm has expanded the programme, with a focus on vulnerabilities that lead to "violation of W3C standards that compromise privacy and integrity of important user data," or which enable remote code execution by a particular threat vector. Specifically, the bounty programme now covers the following: Same Origin Policy bypass vulnerabilities (such as universal cross-site scripting), Referrer Spoofing vulnerabilities, Remote Code Execution vulnerabilities in Microsoft Edge on Windows Insider Preview, and Vulnerabilities in open source sections of Chakra.

Submission + - Researcher find D-Link DWR-932 router is "chock full of holes"

JustAnotherOldGuy writes: Security researcher Pierre Kim has unearthed a bucketload of vulnerabilities in the LTE router/portable wireless hotspot D-Link DWR-932. Kim found the latest available firmware has these vulnerabilities:

- Two backdoor accounts with easy-to-guess passwords that can be used to bypass the HTTP authentication used to manage the router
- A default, hardcoded Wi-Fi Protected Setup (WPS) PIN, as well as a weak WPS PIN generation algorithm
- Multiple vulnerabilities in the HTTP daemon
- Hardcoded remote Firmware Over The Air credentials
- Lowered security in Universal Plug and Play, and more.

“At best, the vulnerabilites are due to incompetence; at worst, it is a deliberate act of security sabotage from the vendor,” says Kim, and advises users to stop using the device until adequate fixes are provided.

Submission + - The Psychological Reasons Behind Risky Password Practices (helpnetsecurity.com)

Orome1 writes: Despite high-profile, large-scale data breaches dominating the news cycle – and repeated recommendations from experts to use strong passwords – consumers have yet to adjust their own behavior when it comes to password reuse. A global Lab42 survey highlights the psychology around why consumers develop poor password habits despite understanding the obvious risk, and suggests that there is a level of cognitive dissonance around our online habits. When it comes to online security, personality type does not inform behavior, but it does reveal how consumers rationalize poor password habits.
Software

The UK's Largest Sperm Bank Is Now An App (technologyreview.com) 63

Sperm bank? There's an app for that. The largest sperm bank in the United Kingdom -- the London Sperm Bank -- has released an official app that aims to "modernize the process of hooking prospective parents up with the biological material they need to make it happen," according to MIT Technology Review: The app is essentially just a mobile version of the filtered search function the London Sperm Bank offers on its website. But in doing something as simple as bringing its desktop services to mobile devices, the bank is making a play to further normalize reproductive technologies. The London Sperm Bank boasts that users will receive push notifications as soon as new donors are available, which could help speed things up for hopeful parents looking for a match. The road to conception can take years for people using reproductive technologies, so expediting any part of the process would be a welcome time-saver. But the bank has over 10,000 vials of sperm, so searching, even using filters, could still be a lengthy process. To combat this, the app also offers a wish list function that lets more focused users predetermine what they're looking for in a donor, and receive a notification when their criteria are met. The way the service works on mobile has been compared to Tinder, but there's actually no swiping involved. Its wish list function means it's more akin to apps like Anthology, which job seekers use to find their next career move. The report notes that, while there are other mobile sperm bank apps out there, the London Sperm Bank is the only one with several medical associations and the U.K. government's Human Fertilization and Embryology Authority on board. Also, the app is free to download, but the cost of ordering sperm is about $1,200 per order, which is the same as if you order through the London Sperm Bank catalogue.
Communications

Commodore C64 Survives Over 25 Years Balancing Drive Shafts In Auto Repair Shop (hothardware.com) 253

MojoKid writes: One common gripe in the twenty-first century is that nothing is built to last anymore. Even complex, expensive computers seem to have a relatively short shelf-life nowadays. However, one computer in a small auto repair shop in Gdansk, Poland has survived for the last twenty-five years against all odds. The computer in question here is a Commodore C64 that has been balancing driveshafts non-stop for a quarter of a century. The C64C looks like it would fit right in with a scene from Fallout 4 and has even survived a nasty flood. This Commodore 64 contains a few homemade aspects, however. The old computer uses a sinusoidal waveform generator and piezo vibration sensor in order to measure changes in pressure, acceleration, temperature, strain or force by converting them to an electrical charge. The C64C interprets these signals to help balance the driveshafts in vehicles. The Commodore 64 (also known as the C64, C-64, C= 64) was released in January 1982 and still holds the title for being the best-selling computer of all time.

Submission + - International Space Station to Trial Aussie-designed Ion Thruster (abc.net.au)

theweatherelectric writes: Barney Porter from the Australian Broadcasting Corporation writes, "An Australian-designed rocket propulsion system is heading to the International Space Station (ISS) for a year-long experiment that ultimately could revolutionise space travel. The technology could be used to power a return trip to Mars without refuelling, and use recycled space junk for the fuel. Former University of Sydney student, Dr Paddy Neumann — now of Neumann Space — and two co-inventor professors from his alma mater have developed an ion thruster that could replace the current chemical-based rocket propulsion technology, which requires huge volumes of fuel to be loaded onto a spacecraft."
Government

US Believes Hackers Are Shielded By Russia To Hide Its Role In Cyberintrusions: WSJ (newsmax.com) 107

According to a report from The Wall Street Journal (Warining: may be paywalled), U.S. officials are all but certain that the hacker Guccifer 2.0, who hacked the Democratic National Committee in June, is connected to a network of individuals and groups who are being shielded by the Russian government to mask its involvement in cyberintrusions. Even though the hacker denies working for the Russian government, the hacker is thought to be working with the hacking groups Fancy Bear and Cozy Bear, which have ties to the Russian government. The Wall Street Journal reports: Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites -- WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 -- have posted batches of stolen data at least 42 times from April to last week. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose "global electronization." "I think I won't have a better opportunity to promote my ideas than this year," Guccifer 2.0 added in a long exchange with a Journal reporter. The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety. "I think u've never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who'd done it," the hacker wrote to the Journal. "but u can't." WikiLeaks officials didn't respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn't responded to them. Last week, U.S. intelligence chielf James Clapper said it "shouldn't come as a big shock to people" that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, "I think it's more dramatic maybe because now they have the cyber tools," he said.
Earth

92% of the World's Population Exposed To Unsafe Levels of Air Pollution: WHO (sciencedaily.com) 111

An anonymous reader quotes a report from Science Daily: A new World Health Organization (WHO) air quality model confirms that 92% of the world's population lives in places where air quality levels exceed WHO limits. "The new WHO model shows countries where the air pollution danger spots are, and provides a baseline for monitoring progress in combatting it," says Dr Flavia Bustreo, Assistant Director General at WHO. It also represents the most detailed outdoor (or ambient) air pollution-related health data, by country, ever reported by WHO. The model is based on data derived from satellite measurements, air transport models and ground station monitors for more than 3000 locations, both rural and urban. It was developed by WHO in collaboration with the University of Bath, United Kingdom. Some 3 million deaths a year are linked to exposure to outdoor air pollution. Indoor air pollution can be just as deadly. In 2012, an estimated 6.5 million deaths (11.6% of all global deaths) were associated with indoor and outdoor air pollution together. Nearly 90% of air-pollution-related deaths occur in low- and middle-income countries, with nearly 2 out of 3 occurring in WHO's South-East Asia and Western Pacific regions. Ninety-four per cent are due to noncommunicable diseases -- notably cardiovascular diseases, stroke, chronic obstructive pulmonary disease and lung cancer. Air pollution also increases the risks for acute respiratory infections. Major sources of air pollution include inefficient modes of transport, household fuel and waste burning, coal-fired power plants, and industrial activities. However, not all air pollution originates from human activity. For example, air quality can also be influenced by dust storms, particularly in regions close to deserts. The model has carefully calibrated data from satellite and ground stations to maximize reliability. National air pollution exposures were analyzed against population and air pollution levels at a grid resolution of about 10 km x 10 km. The interactive maps provide information on population-weighted exposure to particulate matter of an aerodynamic diameter of less than 2.5 micrometers (PM2.5) for all countries. The map also indicates data on monitoring stations for PM10 and PM2.5 values for about 3000 cities and towns. Quartz's report features a table that highlights the countries with the world's worst air pollution. The table "shows all the median levels of particulate matter in each country where the WHO collected data."
AI

Facebook, Amazon, Google, IBM, and Microsoft Come Together To Create Historic Partnership On AI (techcrunch.com) 83

An anonymous reader quotes a report from TechCrunch: In an act of self-governance, Facebook, Amazon, Alphabet, IBM, and Microsoft came together today to announce the launch the new Partnership on AI. The group is tasked with conducting research and promoting best practices. Practically, this means that the group of tech companies will come together frequently to discuss advancements in artificial intelligence. The group also opens up a formal structure for communication across company lines. It's important to remember that on a day to day basis, these teams are in constant competition with each other to develop the best products and services powered by machine intelligence. Financial support will be coming from the initial tech companies who are members of the group, but in the future membership and involvement is expected to increase. User activists, non-profits, ethicists, and other stakeholders will be joining the discussion in the coming weeks. The organizational structure has been designed to allow non-corporate groups to have equal leadership side-by-side with large tech companies. As of today's launch, companies like Apple, Twitter, Intel and Baidu are missing from the group. Though Apple is said to be enthusiastic about the project, their absence is still notable because the company has fallen behind in artificial intelligence when compared to its rivals -- many of whom are part of this new group. The new organization really seems to be about promoting change by example. Rather than preach to the tech world, it wants to use a standard open license to publish research on topics including ethics, inclusivity, and privacy.
Music

Spotify in Talks To Acquire SoundCloud (variety.com) 17

Janko Roettgers, writing for Variety: Spotify is in advanced talks to acquire rival music service SoundCloud, according to a report by the Financial Times. An announcement of the acquisition could be made soon, according to the Times. The acquisition would come just months after SoundCloud launched its own paid streaming service. A Spotify spokesperson declined to comment on the report when contacted by Variety; SoundCloud didn't immediately respond to a request for comment. Spotify is the market leader in the growing paid streaming business, disclosing earlier this month that it now has more than 40 million paying subscribers. Its biggest competitor is Apple Music with 17 million paying subscribers.
IBM

Banks Adopting Blockchain 'Dramatically Faster' Than Expected (reuters.com) 54

Banks and other financial institutions are adopting blockchain technology "dramatically faster" than initially expected, with 15 percent of top global banks intending to roll out full-scale, commercial blockchain products in 2017, IBM said on Wednesday. Reuters reports: The technology company said 65 percent of banks expected to have blockchain projects in production in three years' time, with larger banks -- those with more than 100,000 employees -- leading the charge. IBM, whose findings were based on a survey of 200 banks, said the areas most commonly identified by lenders as ripe for blockchain-based innovation were clearing and settlement, wholesale payments, equity and debt issuance and reference data. Blockchain, which originates from digital currency bitcoin, works as an electronic transaction-processing and record-keeping system that allows all parties to track information through a secure network, with no need for third-party verification.

Submission + - SPAM: Internet of Things: A hacker's dream come true?

Orome1 writes: The Internet of Things is a massive expansion in technology and systems, with little oversight, no real rules, and rolled out in many cases by companies with little or no history is cybersecurity. In the near future, the IoT will consist of billions of devices existing in every nook and cranny of our public, work, and private lives, constantly on, and yet without anything in the way of legislative or industry mandates to keep it safe and secure. Most “things” will likely operate safely and securely without interference, but there will be some portion of the IoT that will attract the attention of the very same people and organizations who build botnets, steal IP, and carry out pay-for-DDOS attacks using the far less extensive internet we see now. If there is an IoT, a “dark IoT” will follow as inevitably as dusk follows dawn.
Link to Original Source
Cloud

Oracle To Buy Cloud-Software Provider NetSuite For $9.3 Billion (bloomberg.com) 32

Oracle announced Thursday that it has agreed to buy NetSuite for $9.3 billion, in a move to bolster its cloud-computing offerings as it races to catch up to rivals. Both companies provide applications for running a business called enterprise-resource-planning software. Bloomberg reports: Oracle, which sells software to big corporations, has been trying to shift more sales to cloud-based products increasingly demanded by its customers. New cloud services made up about 8 percent of the company's total sales during its fiscal fourth-quarter. Buying NetSuite -- whose products include customer relationship management software -- will help Oracle compete against the likes of Salesforce.com Inc. and Microsoft Corp. "Oracle and NetSuite cloud applications are complementary, and will coexist in the marketplace forever," said Oracle co-Chief Executive Officer Mark Hurd in a statement Thursday. "We intend to invest heavily in both products -- engineering and distribution."

Submission + - SPAM: Investigating The Supply On 17 Underground Hacker Markets

Orome1 writes: Did you ever wonder what kind of malicious offerings can be found on dark web “hacker markets,” who sells them and how widely they are available? Three researchers from Arizona State University have wondered as well, and have scraped 17 such markets for six months for information about the tools and services offered, to create a general picture of the supply and demand in this particular industry. A combination of automated (scraping and data clustering) and manual (labeling) labor that concentrated on the product title/name for indication about its capabilities and features has revealed that many items are cross-posted and nearly identical. All in all, they found a total of 16122 products sold by 1332 vendors.
Link to Original Source

Slashdot Top Deals

I THINK MAN INVENTED THE CAR by instinct. -- Jack Handley, The New Mexican, 1988.

Working...