Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - UAC Bypass Attack On Windows 10 Allows Malicious DLL Loading (helpnetsecurity.com)

Orome1 writes: Security researchers Matt Graeber and Matt Nelson have discovered a way to run a malicious DLL on Windows 10 without the User Account Control (UAC) springing into action and alerting users of the potential danger. By modifying a default scheduled task (“SilentCleanup”) associated with the Disk Cleanup utility, they were able to trigger the running of a specially crafted DLL file without triggering UAC. That’s because SilentCleanup on Windows 10 is configured “to be launchable by unprivileged users but to run with elevated/high integrity privileges.”

Submission + - Solar Impulse completes solar-powered flight around the world

MikeChino writes: After 558 hours of total flight time, a solar-powered airplane just finished a record-shattering trip around the world. The Solar Impulse landed in Abu Dhabi at 4:05 am this morning, completing the final leg of an adventure spanning 43,041 kilometers. Upon landing and exiting the cockpit, Piccard said: “This is not only a first in the history of aviation; it’s before all a first in the history of energy. I’m sure that within 10 years we’ll see electric airplanes transporting 50 passengers on short to medium haul flights."

Submission + - UK To Let Amazon Test Drone Deliveries (usatoday.com)

An anonymous reader writes: The U.K. Civil Aviation Authority gave Amazon permission to test several key drone delivery parameters. They include sending drones beyond the line of sight of their operator in rural and suburban areas, testing sensor performance to make sure the drones can identify and avoid obstacles and allowing a single operator to manage multiple highly-automated drones. U.S. rules are outlined in a 624-page rulebook from the Federal Aviation Administration. They allow commercial drones weighing up to 55 pounds to fly during daylight hours. The aircraft must remain within sight of the operator or an observer who is in communication with the operator. The operators must be pass an aeronautics test every 24 months for a certificate as well as a background check by the Transportation Security Administration. The rules govern commercial flights, such as for aerial photography or utilities inspection. Amazon’s goal is to use drones to deliver packages up to 5 pound to customers in 30 minutes or less.

Submission + - Feds To Deploy Anti-Drone Software Near Wildfires (thehill.com)

An anonymous reader writes: Federal officials are launching a new “geofencing” program to alert drone pilots when they’re flying too close to wildfire prevention operations. The Department of Interior said Monday it would deploy software warnings to pilots when their drones pose a risk to the aircraft used by emergency responders fighting wildfires. The agency said there have been 15 instances of drones interfering with firefighter operations this year, including several leading to grounded aircraft. Drone-related incidents doubled between 2014 and 2015, the agency said. Officials built the new warning system with the drone industry, and the agency said manufacturers could eventually use it to build drones that automatically steer away from wildfire locations. The program is in its pilot phase, the agency said; officials hope to have a full public release in time for next year’s wildfire season.

Submission + - Vine's Source Code Was Accidentally Made Public For 5 Minutes (theregister.co.uk)

An anonymous reader writes: Vine, the six-second-video-loop app acquired by Twitter in 2012, had its source code made publicly available by a bounty-hunter for everyone to see. The Register reports: "According to this post by @avicoder (Vjex at GitHub), Vine's source code was for a while available on what was supposed to be a private Docker registry. While docker.vineapp.com, hosted at Amazon, wasn't meant to be available, @avicoder found he was able to download images with a simple pull request. After that it's all too easy: the docker pull https://docker.vineapp.com/lib... request loaded the code, and he could then open the Docker image and run it. 'I was able to see the entire source code of Vine, its API keys and third party keys and secrets. Even running the image without any parameter, [it] was letting me host a replica of Vine locally.' The code included 'API keys, third party keys and secrets,' he writes. Twitter's bounty program paid out – US$10,080 – and the problem was fixed in March (within five minutes of him demonstrating the issue)."

Submission + - NIST Prepares to Ban SMS-Based Two-Factor Authentication (softpedia.com)

An anonymous reader writes: The US National Institute for Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban of SMS-based Two-Factor Authentication (2FA).

The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone, and because in the case of VoIP connections, SMS messages may be intercepted and not delivered to the phone.

The guideline recommends the usage of tokens and software cryptographic authenticators instead. Even biometrics authentication is considered safe, under one condition: "Biometrics SHALL be used with another authentication factor (something you know or something you have)," the guideline's draft reads.

Submission + - Chinese State Company Unveils World's Largest Seaplane (theguardian.com)

An anonymous reader writes: China has completed production of the world’s largest amphibious aircraft, state media has said, the latest effort in the country’s program to wean itself off dependence on foreign aviation firms. The state-owned Aviation Industry Corporation of China (AVIC) unveiled the first of the new planes, dubbed the AG600, Saturday in the southern port city of Zhuhai, the official Xinhua news agency reported. The aircraft, which has a maximum range of 4,500 km (2,800 miles), is intended for fighting forest fires and performing marine rescues, it said. At around the size of a Boeing 737, it is far larger than any other plane built for marine take off and landing, Xinhua quoted AVIC’s deputy general manager Geng Ruguang as saying. The AG600 could potentially extend the Asian giant’s ability to conduct a variety of operations in the South China Sea, where it has built a series of artificial islands featuring air strips, among other infrastructure with the potential for either civilian or military use.

Submission + - Bitcoin Not Money, Rules Miami Judge In Dismissing Laundering Charges (miamiherald.com)

An anonymous reader writes: Bitcoin does not actually qualify as money, a Miami-Dade judge ruled Monday in throwing out criminal charges against a Miami Beach man charged with illegally selling the virtual currency. The defendant, Michell Espinoza, was charged with illegally selling and laundering $1,500 worth of Bitcoins to undercover detectives who told him they wanted to use the money to buy stolen credit-card numbers. But Miami-Dade Circuit Judge Teresa Mary Pooler ruled that Bitcoin was not backed by any government or bank, and was not “tangible wealth” and “cannot be hidden under a mattress like cash and gold bars.” “The court is not an expert in economics, however, it is very clear, even to someone with limited knowledge in the area, the Bitcoin has a long way to go before it the equivalent of money,” Pooler wrote in an eight-page order. The judge also wrote that Florida law – which says someone can be charged with money laundering if they engage in a financial transaction that will “promote” illegal activity – is way too vague to apply to Bitcoin. “This court is unwilling to punish a man for selling his property to another, when his actions fall under a statute that is so vaguely written that even legal professionals have difficulty finding a singular meaning,” she wrote.

Submission + - Hackers Create Safe Skies TSA Master Key, Release Designs (csoonline.com)

itwbennett writes: 'On Saturday evening, during the Eleventh HOPE conference in New York City, three hackers released the final master key used by the Transportation Security Administration (TSA), which opens Safe Skies luggage locks,' writes CSO's Steve Ragan. The hackers also released a 3D-printable model of the key. The issue, the hackers say, isn't that some creep can riffle through your delicates using one of these keys, but that government key escrow is inherently dangerous. Even the TSA admits that the Safe Skies locks have little to do with safety. 'These consumer products are convenience products that have nothing to do with TSA's aviation security regime,' an agency spokesperson said.

Submission + - NSIS 3.0 Final Released (sourceforge.net)

An anonymous reader writes: Ever since v2.46 came out in 2009, the development on Nullsoft Scriptable Install System (NSIS), a scripting language to create Windows installers, seemed to be dormant. Several new versions in the 2.x branch came out throughout the year, paving the way to NSIS 3.0 final, which was released today!

Submission + - New Zealand to eradicate all non-native predators (theguardian.com) 2

The Real Dr John writes: New Zealand has embarked on the first ever attempt to eradicate all human-introduced predators by 2050. Humans have spread unwanted species including rats to every corner of the globe, and in places that were previously rat free, this has come at a great price in terms of lost native species. The flightless kiwi bird population in New Zealand is under extensive pressure from rats and other introduced species, and New Zealand is embarking on a nationwide effort to eliminate the pests, which will be particularly difficult in cities. A major anticipated difficulty will be to get the public on board with the mass extermination of introduced pest species.

Submission + - China Imposes Internet News Reporting Ban On Major Online Companies

An anonymous reader writes: The Cyberspace Administration of China has ordered major online media outlets including Tencent Holdings and Sina Corp to stop publishing original news reports, claiming that their output represents 'serious violations' of the country's increasingly restrictive regulations on news dissemination. The news was attributed to an unnamed official at CAC, and reported in the Beijing News Sunday edition. In February China banned all foreign online news outlets from publishing without a state licence, and in April likewise banned all discussion of the Panama papers scandal, after President Xi Jinping's brother-in-law was among several Chinese elite cited in them. dating verification.

Submission + - Law Enforcement And IT Security Companies Join Forces To Fight Ransomware (helpnetsecurity.com)

Orome1 writes: Today, the Dutch National Police, Europol, Intel Security and Kaspersky Lab launched the No More Ransom initiative, a new step in the cooperation between law enforcement and the private sector to fight ransomware together. Ransomware is a top threat for EU law enforcement: almost two-thirds of EU Member States are conducting investigations into this form of malware attack. The aim of No More Ransom to provides users with tools that may help them recover their data once it has been locked by criminals. In its initial stage, the portal contains four decryption tools for different types of malware, the latest developed in June 2016 for the Shade variant.

Submission + - Business ideas sought to launch ISS marketplace (gizmag.com)

Big Hairy Ian writes: Since launching in 1998, the International Space Station has played host to countless government-backed experiments aimed at furthering our understanding of the micro-gravity environment. But NASA has been signalling intentions to welcome more commercial partners aboard for a little while, and is now canvassing the private sector for ideas to increase business activity on the orbiting laboratory.

The International Space Station (ISS) has served as an hugely valuable tool when it comes to learning about the effects of micro-gravity on humans. This was most recently demonstrated by hosting astronaut Scott Kelly through his record-breaking yearlong stay in orbit, a mission researchers are continuing to pick apart for evidence of changes in human physiology.

But lately NASA has made a public effort to ween the ISS off the teat of government-funded research and court commercial partners who may benefit from directing funds into micro-gravity research, or by offering services to its inhabitants like SpaceX's Dragon resupply missions.

Shooting politicians into the sun sounds like the ideal option to me

Submission + - Verizon to buy Yahoo's search and advertising operations for $5bn

Bearhouse writes: BBC reports that Verizon will buy part of Yahoo and is expected to
merge it with AOL, which it bought last year. Yahoo chief executive Marissa Mayer has made little progress in returning the company to profit since she took the job in 2012. Yahoo reported a $440m loss in the second quarter, but said the board had made "great progress on strategic alternatives".
http://www.bbc.com/news/busine...

Slashdot Top Deals

The trouble with being poor is that it takes up all your time.

Working...