Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - How Secure Are Mobile Banking Apps? (helpnetsecurity.com)

Orome1 writes: Do banking institutions have a good handle on the things they need to remediate and new control layers they need to adopt to keep users secure? To answer those questions, Accenture and NowSecure have performed vulnerability assessments of customer-facing mobile banking apps of 15 banking institutions in the North American market. They have tested the iOS and Android app versions of each of these banks, and found that every app they tested had at least one security issue. Of the 465 tests completed for banking apps running on Android, 44 or nine percent had low security issues; 48 or 10 percent had medium security issues; and 10 or two percent had high level security issues. For banking apps running on iOS, a total of 315 tests indicated 24 or eight percent low level security issues; 13 or four percent with medium level issues; and none with high level issues.

Submission + - Lure10: Exploiting Wi-Fi Sense To MITM Wireless Windows Devices (helpnetsecurity.com)

Orome1 writes: Wi-Fi Sense, enabled by default on Windows 10 and Windows Phone 8.1, is a feature that automatically connects users to crowdsourced open wireless networks it knows about. Lure10 – a new attack that, by taking advantage of Wi-Fi Sense, tricks wireless devices running Windows into automatically associating with a rogue access point.

Submission + - SPAM: InterContinental Confirms Card Data Breach At Over 1,000 Locations

Orome1 writes: InterContinental Hotels Group (IHG) has reported that a huge number of their hotels in the US and Puerto Rico have been compromised with payment card information-slurping malware. The list of the affected locations is still not complete, but the company has provided a tool that customers can use to check whether the property that they stayed at has been compromised, and during which period. Unfortunately, some of the IHG-branded franchise properties did not participate in the investigation, even though IHG hired a cyber security firm and offered its services free of charge to the franchisees, and so the compromise of their front-desk payment systems might never be publicly revealed.
Link to Original Source
China

Baidu Announces New Open Platform To Help Speed Up Development of Self-Driving Cars (theverge.com) 27

Chinese tech giant Baidu has announced a new autonomous vehicle platform called Project Apollo, which aims to help speed up the development of self-driving cars. "Baidu says the platform encompasses both hardware and software, providing partners with the tech and open-source code needed to help their own vehicles perceive obstacles, plan their routes, and otherwise move around our world," reports The Verge. From the report: Baidu says it will first open up Project Apollo for cars operating in restricted environments in July, before offering it to vehicles driving in simple urban road conditions later this year. That's ahead of a gradual rollout of self-driving features that should see cars operating fully autonomously on highways and regular roads by 2020. The release comes as Baidu moves to position itself at the forefront of the autonomous vehicle industry. The Chinese company has aimed for the ambitious goal of getting a self-driving car to market by 2018, and is challenging rivals such as Google on its home turf, building a team of engineers based in Silicon Valley and scoring relevant permits so it can test vehicles in California.

Submission + - SPAM: Hajime IoT Worm Infects Devices To Head Off Mirai

Orome1 writes: Mirai is the name of the worm that has taken control of many IoT devices around the world and used them to mount DDoS attacks. Hajime is a piece of malware that works much like Mirai: it spreads via unsecured devices that have open Telnet ports and use default passwords. In fact, Hajime uses the exact same username and password combinations that Mirai is programmed to use, plus two more. But unlike Mirai, it also secures the target devices by blocking access to ports 23, 7547, 5555, and 5358, i.e. ports hosting exploitable services on many IoT devices.
Link to Original Source

Submission + - SPAM: CLDAP Reflection Attacks Generate Up To 24 Gbps Of Traffic

Orome1 writes: Akamai researchers Jose Arteaga and Wilber Majia have identified a new Connection-less Lightweight Directory Access Protocol (CLDAP) reflection and amplification method. Unlike other reflection-based vectors, where compromised hosts may number in the millions, the observed CLDAP amplification factor has been able to produce significant attack bandwidth with significantly fewer hosts. Since October 2016, Akamai has detected and mitigated a total of 50 CLDAP reflection attacks, 33 of which were single vector attacks using CLDAP reflection exclusively. A 24 Gbps attack mitigated by Akamai on January 7, 2017 is currently the largest DDoS attack using CLDAP reflection as the sole vector observed by the SIRT. The average bandwidth for these attacks has been 3 Gbps.
Link to Original Source
The Internet

Tennessee Could Give Taxpayers America's Fastest Internet For Free, But It Gave Comcast and AT&T $45 Million Instead (vice.com) 341

Chattanooga, Tennessee is home to some of the fastest internet speeds in the United States, offering city dwellers Gbps and 10 Gpbs connections. Instead of voting to expand those connections to the rural areas surrounding the city, which have dial up, satellite, or no internet whatsoever, Tennessee's legislature voted to give Comcast and AT&T a $45 million taxpayer handout. Motherboard reports: The situation is slightly convoluted and thoroughly infuriating. EPB -- a power and communications company owned by the Chattanooga government -- offers 100 Mbps, 1 Gbps, and 10 Gpbs internet connections. A Tennessee law that was lobbied for by the telecom industry makes it illegal for EPB to expand out into surrounding areas, which are unserved or underserved by current broadband providers. For the last several years, EPB has been fighting to repeal that state law, and even petitioned the Federal Communications Commission to try to get the law overturned. This year, the Tennessee state legislature was finally considering a bill that would have let EPB expand its coverage (without providing it any special tax breaks or grants; EPB is profitable and doesn't rely on taxpayer money). Rather than pass that bill, Tennessee has just passed the "Broadband Accessibility Act of 2017," which gives private telecom companies -- in this case, probably AT&T and Comcast -- $45 million of taxpayer money over the next three years to build internet infrastructure to rural areas.

Submission + - SPAM: Mobile Payment Card Cloning: Understanding The Risks

Orome1 writes: Mobile contactless payments have grown exponentially and Host Card Emulation (HCE) – the possibility to emulate payment cards on a mobile device, without dependency on special Secure Element hardware – has also boosted the number of applications. During his talk at HITBSecConf2017 in Amsterdam tomorrow, Slawomir Jasek, a Senior IT Security Consultant at SecuRing, will reveal the details of research which demonstrated that it’s possible to copy mobile contactless card data, enrol it to another phone, and use it for payment. Any application that uses HCE (Host Card Emulation) technology is at risk, which means Android and Windows Phone mobile contactless payments applications. iOS uses a hardware element (so called Secure Element) for storing and accessing card data. It works like a tiny HSM, so stealing payment card data is much more difficult.
Link to Original Source

Submission + - Farewell Windows Vista: Microsoft ends support for its unpopular OS today (windowsreport.com)

SmartAboutThings writes: Microsoft has just ended support for Windows Vista. Starting from today, the infamous operating system will no longer receive security patches, non-security updates, or any other kind of support.

"Microsoft has provided support for Windows Vista for the past 10 years, but the time has come for us, along with our hardware and software partners, to invest our resources towards more recent technologies so that we can continue to deliver great new experiences," the company said.

Windows Vista will be remembered as the least popular operating system Microsoft has ever released. Announced as a futuristic operating system back in 2007, Windows Vista quickly stumbled and fell in the shadow of its older and younger brothers.

Submission + - AMD Launches Ryzen 5 Processors, Benchmarks Look Strong Versus Intel Core i5 (hothardware.com)

MojoKid writes: AMD has lifted the review embargo on its midrange Ryzen 5 series of processors today. Unlike the Ryzen 7 series, which consists entirely of 8-core/16-thread processors, AMD's Ryzen 5 family has two tiers consisting of 6-core/12-thread and 4-core/8-thread processors, with varying base, boost, and XFR (extended frequency range) clock speeds. Ryzen 5's features and core architecture remains the same, however. The entry-level part in the line-up is the Ryzen 5 1400, a 4-core/8-thread CPU with base and turbo clocks of 3.2GHz and 3.4GHz, respectively. The Ryzen 5 1500X has the same quad-core configuration, but with base and turbo clocks of 3.5GHz and 3.7GHz with support for an XFR frequency range of up to 3.9GHz. The Ryzen 5 1600 is a 6-core/12-thread processor with 3.2GHz base and 3.6GHz boost clocks and at the top of the stack is the Ryzen 5 1600X. It has a similar 6-core configuration but cranks things up even further to 3.6GHz (base)/4.0GHz (boost). With XFR, the 1600X can also boost all the way up to 4.1GHz. AMD's Ryzen 5 processor line-up will work with the very same AM4 X370 chipset platform as the higher-end Ryzen 7, though AMD expects Ryzen 5 to be paired with the lower-priced B350 chipset platform most often. The two chipsets are very similar but the B350 has a different PCIe configuration and doesn't offer support for multi-GPU setups. Despite its lower price range of $169 to $249, AMD's Ryzen 5 family competes well against Intel's Core i5 series of CPUs, even current generation Kaby Lake chips.
Transportation

25 Percent of US Driving Could Be Done By Self-Driving Cars By 2030, Study Finds (techcrunch.com) 168

An anonymous reader quotes a report from TechCrunch: Self-driving still seems to be a ways off from active public use on regular roads, but once it arrives, it could ramp very quickly, according to a new study by the Boston Consulting Group. The study found that by 2030, up to a quarter of driving miles in the U.S. could be handled by self-driving electric vehicles operating in shared service fleets in cities, due mostly to considerable cost savings for urban drivers. The big change BCG sees is a result of the rise in interest in autonomous technologies, paired with the increased electrification of vehicles. There's also more pressure on cities to come up with alternate transportation solutions that address increasing congestion. All of that added together could drive reduction in costs by up to 60 percent for drivers who opt into using shared self-driving services vs. owning and operating their own cars.

Submission + - SPAM: Similarities In Partial Fingerprints May Trick Biometric Security Systems

Orome1 writes: No two people are believed to have identical fingerprints, but researchers at the New York University Tandon School of Engineering and Michigan State University College of Engineering have found that partial similarities between prints are common enough that the fingerprint-based security systems used in mobile phones and other electronic devices can be more vulnerable than previously thought. The vulnerability lies in the fact that fingerprint-based authentication systems feature small sensors that do not capture a user’s full fingerprint. Instead, they scan and store partial fingerprints, and many phones allow users to enroll several different fingers in their authentication system.
Link to Original Source

Submission + - SPAM: Exploit Revealed For Remote Root Access Vulnerability Affecting Many Routers

Orome1 writes: Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco Linksys (now Belkin) routers. The flaw was actually found in Broadcom’s UPnP implementation used in popular routers, and ultimately the researchers extended the list of vulnerable routers to encompass devices manufactured by the likes of ASUS, D-Link, Zyxel, US Robotics, TP-Link, Netgear, and others. Since there were millions of vulnerable devices out there, the researchers refrained from publishing the exploit they created for the flaw, but now, four years later, they’ve released their full research again, and this time they’ve also revealed the exploit.
Link to Original Source

Submission + - SPAM: 270,000 Customers Affected In UK Loan Firm Wonga Data Breach

Orome1 writes: Personal and financial data of some 270,000 customers of UK payday loan firm Wonga have likely been pilfered in a data breach. The data that was accessed by the attackers includes the name, e-mail address, home address, and phone number of around 245,000 customers in the UK and 25,000 customers in Poland, as well as the last four digits of their payment card number and/or their bank account number and sort code.
Link to Original Source
DRM

American Farmers Are Still Fighting Tractor Software Locks (npr.org) 316

Manufacturers lock consumers into restrictive "user agreements," and inside "there's things like you won't open the case, you won't repair," complains a U.S. advocacy group called The Repair Association. But now the issue is getting some more attention in the American press. An anonymous reader quotes NPR: Modern tractors, essentially, have two keys to make the engine work. One key starts the engine. But because today's tractors are high-tech machines that can steer themselves by GPS, you also need a software key -- to fix the programs that make a tractor run properly. And farmers don't get that key.

"You're paying for the metal but the electronic parts technically you don't own it. They do," says Kyle Schwarting, who plants and harvests fields in southeast Nebraska... "Maybe a gasket or something you can fix, but everything else is computer controlled and so if it breaks down I'm really in a bad spot," Schwarting says. He has to call the dealer. Only dealerships have the software to make those parts work, and it costs hundreds of dollars just to get a service call. Schwarting worries about being broken down in a field, waiting for a dealer to show up with a software key.

The article points out that equipment dealers are using those expensive repair calls to offset slumping tractor sales. But it also reports that eight U.S. states, including Nebraska, Illinois and New York, are still considering bills requiring manufacturers to sell repair software, adding that after Massachusetts passed a similar lar, "car makers started selling repair software."

Slashdot Top Deals

Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail Installation Guide"

Working...