Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Google has demonstrated a successful practical attack against SHA-1 (googleblog.com)

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Submission + - World's only sample of 'holy grail' metallic hydrogen lost in laboratory mishap (ibtimes.co.uk)

drunkdrone writes: A piece of rare meta poised to revolutionise modern technology and take humans into deep space has been lost in a laboratory mishap. The first and only sample of metallic hydrogen ever created on earth was the rarest material on the planet when it was developed by Harvard scientists in January this year, and had been dubbed "the holy grail of high pressure physics".

The metal was created by subjecting liquid hydrogen to pressures greater that those at the centre of the Earth. At this point, the molecular hydrogen breaks down and becomes an atomic solid.

Scientists theorised that metallic hydrogen – when used as a superconductor – could have a transformative effect on modern electronics and revolutionise medicine, energy and transportation, as well as herald in a new age of consumer gadgets.

Sadly, an attempt to study the properties of metallic hydrogen appears to have ended in catastrophe after one of the two diamonds being used like a vice to hold the tiny sample was obliterated.

Submission + - Judge Rules Against Forced Fingerprinting

An anonymous reader writes: A federal judge in Chicago has ruled against a government request which would require forced fingerprinting of private citizens in order to open a secure, personal phone or tablet. In the ruling, the judge stated that while fingerprints in and of themselves are not protected, the government’s method of obtaining the fingerprints would violate the Fourth and Fifth amendments. The government’s request was given as part of a search warrant related to a child pornography ring. The court ruled that the government could seize devices, but that it could not compel people physically present at the time of seizure to provide their fingerprints ‘onto the Touch ID sensor of any Apple iPhone, iPad, or other Apple brand device in order to gain access to the contents of any such device.’

Submission + - Google: 99.95% of Recent 'Trusted' DMCA Notices Were Bogus (torrentfreak.com)

AmiMoJo writes: In comments submitted to a U.S. Copyright Office consultation, Google has given the DMCA a vote of support, despite widespread abuse. Noting that the law allows for innovation and agreements with content creators, Google says that 99.95% of URLs it was asked to take down last month didn't even exist in its search indexes. “For example, in January 2017, the most prolific submitter submitted notices that Google honored for 16,457,433 URLs. But on further inspection, 16,450,129 (99.97%) of those URLs were not in our search index in the first place.”

Submission + - Republican National Committee Security Foiled Russian Hackers (wsj.com)

OverTheGeicoE writes: The Wall Street Journal is reporting that, according to U.S. officials who have been briefed on the attempted intrusion, Russian hackers unsuccessfully tried to penetrate the computer networks of the Republican National Committee using the same techniques that allowed them to infiltrate its Democratic counterpart. (Warning: article may be paywalled.) According to the article, "electronic filters" at RNC blocked phishing e-mails from being delivered to their intended RNC recipient, a former employee. Similar attacks against the Democratic National Committee helped reveal a treasure trove of damaging e-mails.

The article states that the attacks against the RNC were "less aggressive and much less persistent". Why? Was this disparity of effort evidence of Russian bias against the Democrats, or were Republicans simply better protected by superior information security practices?

Submission + - SPAM: US Defense official: Chinese warship stole US underwater drone

schwit1 writes: (CNN)A US oceanographic vessel Thursday had its underwater drone stolen by a Chinese warship literally right in front of the eyes of the American crew, a US defense official told CNN Friday.

In the latest encounter in international waters in the South China Sea region, the USNS Bowditch was sailing about 100 miles off the port at Subic Bay when the incident occurred, according to the official.

Bowditch had stopped in the water to pick up two underwater drones. At that point a Chinese naval ship that had been shadowing the Bowditch put a small boat into the water. That small boat came up alongside and the Chinese crew took one of the drones.

Link to Original Source
Android

Verizon Says It Will Not Push Samsung's Update That Disables Galaxy Note7 Because Of User Inconvenience (verizon.com) 192

Samsung confirmed on Friday that it will indeed release an update to Galaxy Note7 smartphones in the United States to "prevent US Galaxy Note7 devices from charging and will eliminate their ability to work as mobile devices." In a new wrinkle to this whole situation, Verizon said today it will not be releasing Samsung's software update to Galaxy Note7 users on Verizon network. In a blog post, Verizon said: "Verizon will not be taking part in this update because of the added risk this could pose to Galaxy Note 7 users that do not have another device to switch to. We will not push a software upgrade that will eliminate the ability for the Note 7 to work as a mobile device in the heart of the holiday travel season. We do not want to make it impossible to contact family, first responders or medical professionals in an emergency situation." To recall, the Galaxy Note7 remains banned on airlines by the FAA and has also been prohibited from being used on many other public transit services in the United States. Elsewhere in the world, similar bans have been imposed on the phone.

Submission + - Trump to Attack Visas That "Undercut the American Worker" (cio.com.au)

OverTheGeicoE writes: On Monday, US President-elect Donald Trump released a video message outlining his policy plans for his first 100 days in office. At 1 minute, 56 seconds into the message, he states that he will direct the Department of Labor to investigate "all abuses of the visa programs that undercut the American worker." During his presidential campaign, Trump was critical of the H-1B visa program that has been widely criticized for displacing US high-technology workers. "Companies are importing low-wage workers on H-1B visas to take jobs from young college-trained Americans," said Trump at an Ohio rally. At other rallies, Trump invited former IT workers from Disney who had been forced to train their H-1B replacements to speak. According to TFA, the Monday Trump video is "the strongest signal yet that the H-1B visa program is going get real scrutiny once he takes office."

Submission + - Tesla Model 3 Deliveries Delayed Until 2018 (supercars-news.co.uk)

polishgranite writes: Unless of course you have been living in the cage within the last year, it is possible acquainted with the Tesla model 3 — a vehicle that made headlines and broke records through getting around 500, 000 orders within times of getting announced.

Initially first deliveries were scheduled for 2017 however, it emerged today they have been delayed until mid-2018 or later.

Submission + - Bruce Schneier: 'The internet era of fun and games is over' (dailydot.com)

campuscodi writes: Internet pioneer Bruce Schneier issued a dire proclamation in front of the House of Representatives’ Energy & Commerce Committee Wednesday: “It might be that the internet era of fun and games is over, because the internet is now dangerous.”

The meeting, which focused on the security vulnerabilities created by smart devices, came in the wake of the Oct. 21 cyberattack on Dyn that knocked Amazon, Netflix, Spotify, and other major web services offline.

Schneier’s opening statement provided one of the clearest distillations of the dangers posed by connected devices I’ve seen. It should be required viewing. He starts around the 1:10:30 mark in the livestream below, but we’ve also transcribed most of his remarks.

Security

Submission + - Airport Manager Won't Let TSA Replace Body Scanner With Magnetometer (spokesman.com)

OverTheGeicoE writes: TSA recently announced that it would remove all of Rapiscan's X-ray body scanners from airports by June. As part of this effort, it is trying to move a millimeter-wave body scanner from the Helena, Montana airport to replace an X-ray unit at a busier airport. Strangely enough, they have encountered resistance from the Helena's Airport Manager, Ron Mercer. Last Thursday, workers came to remove the machine, but were prevented from doing so by airport officials. Why? Perhaps Mercer agrees with Cindi Martin, airport director at Montana's Glacier Park International Airport airport, who called the scheduled removal of her airport's scanner 'a great disservice to the flying public' in part because it 'removed the need for the enhanced pat-down.'
Security

Submission + - Taking Sense Away: Confessions of a Former TSA Screener (wordpress.com)

OverTheGeicoE writes: TSA gets discussed on Slashdot from time to time, usually negatively. Have you ever wondered about the TSA screeners' perspective? Taking Sense Away is a blog, allegedly written by a former TSA screener, offering insider perspectives on TSA topics. For example, there's the Insider's TSA Dictionary, whose entries are frequently about the code screeners use to discuss attractive female passengers (like 'Code Red,' 'Fanny Pack,' and 'Hotel Bravo'). Another posting explains what goes on in private screening rooms, which the author claims is nothing compared to screener conduct in backscatter image operator rooms. Apparently what happens in the IO room stays in the IO room. Today's posting covers how TSA employees feel about working for 'a despised agency'. For many the answer is that they hate working for 'the laughing stock of America’s security apparatus,' try to hide that they work for TSA, and want to transfer almost anywhere else ASAP.
Security

Submission + - House Subcommittee Holds Hearing on TSA's 'Scanner Shuffle' (house.gov)

OverTheGeicoE writes: The Homeland Security Subcommittee on Transportation Security held a hearing on TSA's recent decision to move X-ray body scanners from major airports to smaller ones, which the subcommitte refers to as a 'Scanner Shuffle.' John Sanders, TSA's assistant administrator for security capabilities, testified that 91 scanners recently removed from major airports were now in storage due to 'privacy concerns.' Although TSA originally planned to relocate the scanners to smaller airports, those plans have been shelved because smaller airports don't have room for them. The subcommittee is also investigating allegations that the machines' manufacturer, Rapiscan, 'may have falsified tests of software intended to stop the machines from recording graphic images of travelers' (VIDEO). Coincidentally, shares of Rapiscan's parent company, OSI Systems Inc., dropped in value almost 25% today, its biggest intraday decline in about 12 years. If wrongdoing is proven, Rapiscan could face fines, prison terms and a ban on government contracting, according to a former head of federal procurement.
Encryption

Submission + - Ask Slashdot: Is TSA's PreCheck System Easy to Game? (wordpress.com)

OverTheGeicoE writes: TSA has had a preferred traveler program, PreCheck, for a while now. Frequent fliers and other individuals with prior approval from DHS can avoid some minor annoyances of airport security, like removing shoes and light jackets, but not all of the time. TSA likes to be random and unpredictable, so PreCheck participants don't always get the full benefits of PreCheck. Apparently the decision about PreCheck is made when the boarding pass is printed, and a traveler's PreCheck authorization is encoded, unencrypted, on the boarding pass barcode. In theory, one could use a barcode-reading Web site (like this one, perhaps) to translate a barcode into text to determine your screening level before a flight. One might even be able to modify the boarding pass using PhotoShop or the GIMP to, for example, get the screening level of your choice. I haven't been able to verify this information, but I bet Slashdot can. Is TSA's PreCheck system really that easy to game? If you have an old boarding pass lying around, can you read the barcode and verify that the information in TFA is correct?

Slashdot Top Deals

Promising costs nothing, it's the delivering that kills you.

Working...