Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Password Recovery Scam Hitting Gmail, Outlook, Yahoo Mail Users

An anonymous reader writes: A simple yet ingenious scam is being used by scammers to compromise accounts of Gmail, Outlook and Yahoo Mail users, Symantec researcher Slawomir Grzonkowski warns. "To pull off the attack, the bad guys need to know the target’s email address and mobile number; however, these can be obtained without much effort," he explains. The attackers make use of the password recovery feature offered by many email providers, which helps users who have forgotten their passwords gain access to their accounts by, among other options, having a verification code sent to their mobile phone. Once the verification code is sent to the legitimate user's mobile phone, it's followed by a message by the scammer, saying something like: "Google has detected unusual activity on your account. Please respond with the code sent to your mobile device to stop unauthorized activity."

Comment Re:Ah the myth of amazing software tech (Score 1) 237

winning the day. Didn't work our so well for Corel did it? Or Novel? Or Sun?

I assume you meant Novell.

Yeah, you're few good programmers will make better code, but my 100 code monkeys will make more of it.

Novell isn't really a good example. Starting in the late 90's, they began laying off employees in the states and replacing them with cheap labor in Bangalore. That didn't work out so well.

Especially telling was a blog post by then-CTO Jeff Jaffe sometime around 2008, where he talked about the superior quality of Novell's software. Only problem was that quality had been steadily declining for the past ten or so years. The comments section was full of Novell customers telling the CTO that he was full of shit.

Jaffe was fired (er, resigned) a year or so later, so that blog post is long-gone. Fortunately, the wayback machine has a copy.


Submission + - Stolen Certificates Found in Malware Possibly Targeting Tibetan Groups (

Trailrunner7 writes: The recent trend of attackers using stolen digital certificates to make their malicious executables look legitimate is continuing unabated, with researchers now having come across a series of variants of the Etchfro Trojan that are using certificates taken from several companies and issued by VeriSign, Thawte and other certificate authorities.

After looking at recent examples of malware signed with stolen certificates, researchers at Norman ASA, a security firm in Norway, noticed that there was an odd string in one specific optional field included in the stolen certificates. The field, named moreInfo, often is used to enter a URL for users to find more information on a company. But in the examples that Norman looked at, that field instead included the following string: “identifierBegin:shiqiang:identifierEnd“.

It's not clear what, if any, purpose the string serves, but Norman researchers started digging through the company's malware database, looking for other samples with the same string. Lo and behold, there were more than 20 samples with the same odd string, and each of them included a stolen digital certificate. Many of the certificates are still valid right now. All of the malware samples, save one, was some version of the Etchfro Trojan. The other one is a version of the infamous Gh0st RAT tool.

The targets of the malware used in this attack are interesting. As has been the case with similar attacks that have employed stolen certificates, many of the malicious documents used in these attacks indicate that the attackers are going after organizations and individuals who are opposed to the Chinese government's policies. Researchers have uncovered several other examples of attackers, whether they be government-sponsored or private, going after human rights activists, Tibetan nationalists and others who oppose the Chinese government.


Submission + - Google+ is a ghost town, study says (

zacharye writes: Google’s emerging social network Google+ may boast big user numbers, but a new study suggests that social activity and user engagement are anything but impressive. Intended to give Google a stronger grip on the massive amount of data shared by users on social networks, Google’s answer to Facebook opened its doors to the public last September. After using some user acquisition methods that seemed a bit desperate, Google revealed in December that Google+ was then home to 62 million users. Google+ boasted an impressive 100 million users as of early April, but according to eCommerce analytics firm RJ Metrics, the social network is not the waterfall of data Google hoped it would be...

Hubble To Use the Moon To View Transit of Venus 37

astroengine writes "As we recently discussed, on June 5 or 6 this year — the exact time and date depends on where you are in the world — Venus will be visible as a small black circle crossing the disk of the sun. Usually, the Hubble Space Telescope would have no business observing this event — the sun is too close for its optics. But plans are afoot for Hubble to observe the reflected sunlight bouncing off the lunar surface during the transit. As the sunlight will pass through the Venusian atmosphere, the transit will provide invaluable spectroscopic data about Venus' atmospheric composition. This, in turn, will help astronomers in characterizing the atmospheres of planets orbiting other stars."

Submission + - Running Apps from the Dashboard: A Good Idea? (

An anonymous reader writes: I guess is was inevitable, now that BMW is letting you view and make tweets from behind the wheel, but is it really a good idea to let people run smartphone apps from their dashboard monitor? I guess for navigation you could run your favorite map-app there, but there is nothing to stop people from running other apps on their dashbaord too. It might be better than texting from the handset, but I'm not sure I want people playing Angry Birds while they drive.

Submission + - Symantec: More Malware on Religious Sites Than Porn Sites ( 1

kongshem writes: "According to Symantec's annual Internet Security Threat Report, religious and ideological websites have far more security threats per infected site than adult/pornographic sites. Why is that? Symantec's theory: "We hypothesize that this is because pornographic Web site owners already make money from the Internet and, as a result, have a vested interested in keeping their sites malware-free — it's not good for repeat business,""
Desktops (Apple)

Submission + - Kaspersky:Apple's Walled Garden Is More Secure - For Now (

judgecorp writes: "Apple's walled garden is more secure than the open approach of Windows or Android Kaspersky CEO Eugene Kaspersky says. However, he thinks the approach is storing up trouble. Apple's security is where Microsoft's was 12 years ago, he says, and he expects Apple to suffer the same issues Microsoft has had to face. One problen: if Apple opens up enough to allow AV on iOS devices, that very act would open it up to malware."

Submission + - A 4000mph Train From D.C. To Beijing In 2 Hrs (

kkleiner writes: "Evacuated Tube Transport, or ETT, combines the efficiency of maglev trains, already in use in Europe and Asia, with the efficiency of moving through an airless environment. Not only does ETT lack an engine – and a need for fossil fuel propulsion – but because it can glide along almost indefinitely through the vacuum it takes full advantage of Newton’s age-old “an object in motion stays in motion.” If ETT does see the light of day it is estimated to travel at a top speed of 4,000 mph, fast enough to go from Washington DC to Beijing in just two hours."

Submission + - 7 Programming Myths ( 1

snydeq writes: "InfoWorld's Neil McAllister offers up seven myths of modern programming practices, noting that while programming tools have gotten sharper, software development remains rife with misconceptions on productivity, code efficiency, offshoring, and more. 'Even among people as logical and rational as software developers, you should never underestimate the power of myth. Some programmers will believe what they choose to believe against all better judgment,' McAllister wrties. 'The real shame is that, in many cases, our elders pointed out our errors years ago, if only we would pay attention. Here are just a few examples of modern-day programming myths, many of which are actually new takes on age-old fallacies.'"

Submission + - Brain Scan Can Predict Math Mistakes (

itwbennett writes: "Computer Science Ph.D. candidate Federico Cirett says that he can predict with 80 percent accuracy when someone is about to make a mistake on a math question. Using an EEG machine, Cirett can identify the patterns in a volunteer's thinking that are likely to result in an error 20 seconds or so before it's made. 'If we can detect when they are going to fail, maybe we can change the text or switch the question to give them another one at a different level of difficulty, but also to keep them engaged,' Cirett said. 'Brain wave data is the nearest thing we have to really know when the students are having problems.' He will present a paper on his findings at the User Modeling, Adaptation and Personalization conference in July."

Slashdot Top Deals

Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail Installation Guide"