Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - SPAM: ORF Democracy Survey

An anonymous reader writes: To mark India’s 70th year of Independence, Observer Research Foundation has launched an annual survey that will track the state of the ever maturing Indian democracy. This pan-India survey aims to collate the changing impressions of the country’s citizens toward their own evolving polity and gauge perceptions of the people about the state of politics in the country. The exercise also forms part of a larger effort that we have teamed up with GenronNPO and CSIS from Japan and Indonesia to capture citizen’s feedback about the state of democracy across their countries. With time we hope to add more partners to this effort.
Link to Original Source

Submission + - SolarCity To Develop Roofs Made of Solar Cells (computerworld.com)

An anonymous reader writes: SolarCity, the American provider of energy services recently purchased by Tesla Motors for $2.6 billion, is planning to produce a new "solar roof" product next year. Computerworld reports: "Five million roofs are replaced each year in the U.S., so instead of simply swapping out old shingles with new ones, why not turn the whole roof into a solar power generator that's integrated with your home's electrical utility? That is SolarCity's plan for a new product it expects to begin producing next year, according to statements made during the company's second-quarter earnings call last week. During the call, SolarCity Chief Technology Officer Peter Rive alluded to a new product that would be produced at the soon to open Buffalo, N.Y., solar panel manufacturing facility. Then SolarCity co-founder and Chairman Elon Musk interjected and said the product would be a solar roof, 'as opposed to a [solar] module on a roof.' The solar roof also has the advantage that it doesn't 'cannibalize' any existing SolarCity product, such as solar panels installed atop roofs, Musk said.

Submission + - Seagate Reveals 'World's Largest' 60TB SSD (zdnet.com)

An anonymous reader writes: While Samsung has the world's largest commercially available SSD coming in at 15.36TB, Seagate officially has the world's largest SSD for the enterprise. ZDNet reports: "Seagate's 60TB Serial Attached SCSI (SAS) SSD on the other hand opts for the familiar HDD 3.5-inch form factor. The company says that its drive has "twice the density and four times the capacity" of Samsung's PM1633a, and is capable of holding up to 400 million photos or 12,000 movies. Seagate thinks the 3.5-inch form factor will be useful for managing changing storage requirements in data centers since it removes the need to support separate form factors for hot and cold data. The company says it could also scale up capacity to 100TB in the same form factor. Seagate says the 60TB SSD is currently only a 'demonstration technology' though it could release the product commercially as early as next year. It hasn't revealed the price of the unit but says it will offer 'the lowest cost per gigabyte for flash available today.'"

Submission + - Researchers: WPAD Protocol Can Be Used To Steal User Data (csoonline.com)

itwbennett writes: At the DEF CON security conference this week, researchers Alex Chapman and Paul Stone showed how the WPAD protocol, which is enabled by default on Windows and supported by other operating systems, can be used to expose computer users' online accounts, web searches, and other private data. Their advice: disable WPAD now. 'No seriously, turn off WPAD!' one of their presentation slides said. 'If you still need to use PAC files, turn off WPAD and configure an explicit URL for your PAC script; and serve it over HTTPS or from a local file.' Chapman and Stone were not the only researchers to highlight security risks with WPAD. A few days before their presentation, two other researchers named Itzik Kotler and Amit Klein independently showed the same HTTPS URL leak via malicious PACs in a presentation at the Black Hat security conference. A third researcher, Maxim Goncharov, held a separate Black Hat talk about WPAD security risks, entitled BadWPAD.

Submission + - Climate science, nuclear war, and the humanitarian impacts debate (thebulletin.org)

Dan Drollette writes: What would happen to the rest of the planet if "just" 50 to 100 Hiroshima-size weapons were used in a limited nuclear war — like, say, between India and Pakistan? A team of atmospheric and environmental scientists walk us through it, and find that the resulting nuclear winter would be far more disastrous than previously thought.

Submission + - Muslim dating site hacked, 98,8% accounts said to be false

courteaudotbiz writes: A hacker that goes by the name RuBiQ has released a (silent) video of a muslim dating website he hacked. In a blog post, the hacker claims that almost 99% of all accounts are fake women accounts and that the entire site is plagued by SQL injection bugs, while the site claims to be "Fully Secure". The site also declares that "Muslimshadi.co.uk has helped Millions of Muslim singles find their match", but as the hacker said, there are only 2101 accounts in the database while 2075 are false accounts all registered with the same email address.

Submission + - USENIX Security Best Paper: The Million-Key Question aka Origins Of RSA Keys

dc352 writes: Our co-founder got an unexpected surprise today as his paper was selected the best paper of the USENIX Security conference — https://www.usenix.org/confere... .

They were able to efficiently find the source (library or hardware) of RSA public keys that could be used to decrease the anonymity set of users of Tor and other anonymous mailers or operators.

They analysed over 60 million freshly generated key pairs from 22 open- and closed-source libraries and from 16 different smart-cards, and were able to classify a probable crypto library or smart-card with high accuracy based only on the values of public keys.

A personal view on the impact of the attack is at: https://www.dancvrcek.com/re-i...

Submission + - New State-Sponsored Spyware Detected Targeting Russia, China (yahoo.com)

hackingbear writes: A previously unknown hacking group variously dubbed "Strider" or "ProjectSauron" has carried out cyber-espionage attacks against select targets in Russia, China, Iran, Sweden, Belgium and Rwanda, security researchers said on Monday. The newly discovered group's targets include four organizations and individuals located in Russia, an airline in China, an organization in Sweden and an embassy in Belgium, Symantec said. "Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation state-level attacker," Symantec said, but it did not speculate about which government might be behind the software. Previously, China and Russia were usually accused as the initiating end of these hacking activities.

Submission + - American Bar Association votes to DRM the law, put it behind a EULA (boingboing.net)

schwit1 writes: Rogue archivist Carl Malamud writes, "I just got back from the big debate on is free law like free beer that has been brewing for months at the American Bar Association over the question of who gets to read public safety codes and on what terms."

In my remarks I made the point that this resolution was perhaps well-intentioned, but bought into a really dangerous idea that somehow DRM-based access to the law from an exclusive private provider is "good enough." I was actually joined by the standards establishment in arguing strenuously that "read only access" simply doesn't exist and DRM is futile. A law is either public or it isn't. (And if a law isn't public, it isn't a law!)


Submission + - There's A Way To Use Encrypted Data Without Knowing What It Holds (helpnetsecurity.com)

An anonymous reader writes: Microsoft researchers have devised a way for third parties to make use the vast amount of encrypted data stored in the cloud by companies and individuals, without them actually having access to it or learning anything about it (except for what can be deduced from the result). The solution involves a protocol for a Secure Data Exchange (SDE) that uses Secure Multi-Party Computation (MPC), and which removes the need of the third party decrypting (and, therefore, being able to peek into) the data before it is used in computations.

Submission + - Windows 10 Anniversary Update Is Infested With Bugs (cio.com)

itwbennett writes: As previously reported on Slashdot, in Tuesday's updates, Microsoft disabled RC4 in its Microsoft Edge and Internet Explorer browsers on Windows 7, Windows 8.1 and Windows 10, after deeming the cipher 'no longer cryptographically secure.' The company also fixed 'a serious security flaw in the Windows PDF Library.' But these aren't the only bugs being reported in the Windows 20 Anniversary Update. CIO.com's Bill Snyder reports that 'there are widespread reports of significant bugs in the update, and they're causing systems to freeze, browsers to misbehave, and peripherals — including Xbox One controllers — to malfunction. Two major antivirus companies also warn that incompatibilities with Windows 10 could open up users to security risks.'

Submission + - Lenovo Fails To Perform Planned Spark SSD Demo

An anonymous reader writes: Lenovo, the Chinese PC giant, planned to unveil its long-anticipated Project Spark solid state drive for data center use. However, it backed out of the demonstration at the last minute, citing a ‘reassessment of the risk’ involved with completing a demonstration of the technology so far from the 2017 mid-year release date. Project Spark represents Lenovo’s initial entry into the highly competitive SSD market. A demonstration was planned at the Flash Memory Summit in California but was cancelled on the same day. The prototype SSD, approximately the size of a memory stick, is believed to have between 6 and 8TB of storage space. Lenovo is currently researching linking multiple Project Spark cards onto a single board, which could provide storage capacity of more than 48TB.

Submission + - How InMobi Abused iOS and Android APIs to Track Mobile Users

Trailrunner7 writes: As Apple and Google add better privacy protections to their mobile platforms, advertising firms have had to get more and more creative with how they display ads to users and track them as they move around the physical world as well as the Internet.

One of the companies that has been at the center of this is InMobi, a major mobile ad company, that offers products to clients that allow them to geo-target users and show them targeted ads. The FTC in June reached a settlement with InMobi over the company’s practices, charging that the company tracked consumers, specifically children, without their consent. InMobi said that it obtains consent from users before geotracking them, but the FTC found that wasn’t true, and the commission has now detailed exactly how the tracking worked.

According to the FTC’s investigation, InMobi was able to circumvent privacy protections on both iOS and Android that prevent apps from using APIs to track users without their permission. The company did this by constructing its own geocoded database.

Submission + - New documents reveal 7 cases in New York DA's iPhone-unlocking push (dailydot.com)

Patrick O'Neill writes: Manhattan District Attorney Cyrus Vance is one of America's most vocal critics of strong encryption. Testifying before congress, he's criticized Apple and other companies that have helped take strong encryption mainstream. He said on multiple occasions that his office has hundreds of locked phones from criminal cases that contains “evidence believed to be critical stored on the devices." New documents reveal seven cases in the DA's push to legally unlock iPhones, all of which resulted in convictions.

Slashdot Top Deals

The price one pays for pursuing any profession, or calling, is an intimate knowledge of its ugly side. -- James Baldwin

Working...