Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Fake Linus Torvalds' Key Found in the Wild

AmiMoJo writes: It was well-known that PGP is vulnerable to short-ID collisions. Real attacks started in June, some developers found their fake keys with same name, email, and even "same" fake signatures by more fake keys in the wild, on the keyservers. All these keys have same short-IDs, created by collision attacks. Fake keys of Linus Torvalds, Greg Kroah-Hartman, and other kernel devs are found in the wild recently.

Submission + - French government removed evidence of emissions cheating by Renault from report (ft.com) 1

An anonymous reader writes: In the past year, there was a steady flow of evidence for various forms of trickery in automobile emissions controls, prompting, among others, the French government to investigate the behaviour of a number of popular cars certified to conform to Euro 5 and Euro 6 emission standards.

While the report concluded that some Renault models emitted many times more nitrogen oxides (NOx) on the road than during the official emissions test, it did not mention that a Renault Captur SUV was observed to perform a cleaning procedure on its lean NOx trap (LNT) five times in a row when the prescribed preparations for emissions testing where made, rendering it much more effective in the test than under normal conditions.

Three members of the enquiry commission told the Financial Times that the French state, which owns a 20% interest in Renault, decided that these findings should remain confidential. A spokesperson of the French environment ministry denies that facts where hidden on purpose. Meanwhile, the anti-fraud agency in France continues its investigations into Renault's emissions practices.

Renault has repeatedly denied any wrongdoing, but it has agreed to voluntarily recall 15,000 cars to perform a software update that should reduce NOx emissions.

Submission + - How do you prepare for and deal with a lost/stolen/destroyed Smartphone? 3

Qbertino writes: A lot of our everyday lives today hinges on having our smartphone and our apps/services/data that are on it working and available.

What are you tactics/standard procedures/techniques/best pratices for preparing for a lost/stolen/destroyed Android Phone and/or iPhone? And have you needed to actually use them?

I'm talking concrete solutions for the worst case scenario: Apps, backup routines (like automating Google Takeaway downloads or something) tracking and disabling routines and methods and perhaps services. If you're using some vendor specific solution that came with your phone and have had positive experience with it, feel free to advocate.

Please include the obvious with some description that you use such as perhaps a solution already build into Android/iOS and also describe any experience you had with these solutions in some unpleasant scenario you might have had yourself. Also perhaps the procedures and pitfalls for recovering previous state to a replacement device.

Please note: I'm talking both Android and iOS.
And thanks for your input — I can imagine that I'm not the only one interested in this.

Submission + - Stealthy malware infects digitally-signed files without altering hashes (theregister.co.uk)

An anonymous reader writes: Black Hat Deep Instinct researcher Tom Nipravsky has undermined the ubiquitous security technique of digitally-signed files by baking malicious code into headers without tripping popular security tools ..

One of three file size checks is not properly conducted by Microsoft's Authenticode allowing VXers to alter expected values so that infected digitally-signed files appear valid ...

Submission + - BBC [UK] gets go-ahead to detect iPlayer packets over encrypted Wi-Fi. (telegraph.co.uk)

product_bucket writes: The BBC has been given permission to use a new technology to detect users of the iPlayer who do not hold a TV licence. Researchers at University College London have apparently developed a method to identify specially crafted packets over an encrypted Wi-Fi link without needing to break the underlying encryption itself. TV Licensing (the fee-collecting arm of the BBC) has said the practice is under regular scrutiny by independent regulators, but declined to elaborate on how the technique works.

Submission + - Driver Signing To Be Enforced In Next Windows 10 (i-programmer.info) 1

mikejuk writes: The control of what software users can run on their machines is becoming ever tighter. Now Microsoft has announced that only signed drivers will work in the next release of Windows 10.
Before you start to panic about backward compatibility with existing drivers the lockdown is only going to be enforced on new installations of Windows 10. If you simply upgrade an existing system then the OS will take over the drivers that are already installed. Only new installations, i.e. installing all drivers from scratch, will enforce the new rules from Windows 10 version 1607.
Be warned, if you need to do a fresh install of Windows 10 in the future you might find that your existing drivers are rejected.
There's an xkcd for that: https://xkcd.com/1144/

Submission + - Google maps receives big update, UX disaster. 1

MrL0G1C writes: Google Maps has been updated, The UX geniuses have decided that roads are not an important feature on maps and have removed road outlines and the roads are now white on an off-white background. Places of interest are obviously not so interesting and they get light pastel colours on a white background.

Submission + - Mozilla to Remove Hello in Firefox 49 (softpedia.com)

An anonymous reader writes: An entry on Mozilla's issue tracker opened on July 17 reveals ongoing efforts from Mozilla engineers to remove the Hello system add-on from default Firefox installations starting with version 49, set for public release on September 13, 2016.

Mozilla added Hello to Firefox in version 34, released on December 1, 2014, and from the beginning, it was part of the browser's core code, but was moved in December 2015 into a separate add-on, one that came pre-installed with Firefox, making Hello its first ever system add-on.

Mozilla plans to remove Hello from the codebases of Firefox Beta 49, Firefox Developer Edition 50, and Firefox Nightly 51. Based on the currently available information, the deadline for the Hello code removal operations is for this Monday, August 1, after which the first Firefox builds with no Hello integration will be available for testing, and will ship out in the fall with the stable release.

Submission + - LastPass accounts can be 'completely compromised' when users visit sites (theregister.co.uk)

mask.of.sanity writes: A dangerous zero-day vulnerability has been found in popular cloud password vault LastPass, which can completely compromise user accounts when users visit malicious websites. The flaw is today being reported to LastPass by established Google Project zero hacker Tavis Ormandy who says he has found other "obvious critical problems".

Submission + - Analog Devices Set to Buy Competitor Linear Tech (transactionannouncement.com)

Jfetjunky writes: From Analog Devices' website:

On July 26, Analog Devices, Inc. and Linear Technology Corporation entered into a definitive agreement under which Analog Devices will acquire Linear Technology in a cash and stock transaction that values the combined enterprise at approximately $30 billion. The transaction is expected to close by the end of the first half of calendar year 2017."

This is a big move for Analog Devices, buying up one of the only other major competitors in the market space for precision analog devices and data converters besides Texas Instruments. They are taking on $7.3 billion of additional debt to complete the purchase of Linear Tech for approximately $14.8 billion. They advertise that the deal will finalize in the first half of 2017. According to their presentation, they have hopes this will nearly double their potential market share.

Submission + - SPAM: State Attorneys General Reportedly Pursing Windows 10 Claims

TroII writes: A recent report from the Rockland (NY) County Times suggests that several states' Attorneys General are compiling complaints about deceptive Windows 10 upgrades. In particular, New York State AG Eric Schneiderman is actively soliciting statements from consumers who feel they were deceived or suffered damages. Last month's $10,000 loss in court may have signaled the beginning of more widespread legal challenges to Microsoft's tactics.

Submission + - Avast Acquires AVG For $1.3 Billion To Create Security Software Giant (venturebeat.com)

An anonymous reader writes: Security software giant Avast Software has acquired rival AVG Technologies. Avast will pay $25 in cash for each of AVG’s outstanding ordinary shares, in a deal amounting to around $1.3 billion. Avast said that it’s acquiring AVG to “gain scale, technological depth and geographical breadth” and so it can “take advantage of emerging growth opportunities in internet security as well as organizational efficiencies.” The combined company will have access to “400 million endpoints” — that is, devices that have some form of Avast or AVG application installed. Almost half of those are mobile too, which is key in a world that is increasingly shifting away from the desktop. With access to more devices, this will serve the joint company a bigger pool of data on malware, meaning it should be better positioned to offer better security products.

Submission + - Samsung Unveils World's First UFS Storage Cards, Could Replace MicroSD (pcworld.com)

An anonymous reader writes: Samsung has unveiled the world's first UFS card that could one day replace microSD cards in devices. The UFS card is based on the Universal Flash Storage 1.0 Card Extension standard and will be available in capacities from 32GB to 256GB. With a UFS card, users will be able to read 5GB of data, or a full resolution movie file, in 10 seconds, Samsung claims. For comparison, a UHS-1 microSD card would take 50 seconds to do the same. UFS cards will be able to fit into a wide range of devices like smartphones, tablets, cameras, and drones, but the devices will need a specific UFS card slot, which could take some time. Samsung claims the 256GB UFS card has a sequential read speed of 530MBps. The random read speed is 20 times faster than a microSD card. The sequential write speed is about 170MBps, which Samsung estimates is two times faster than microSD cards. The random write speed is 350 times faster than microSD, Samsung claims. The Universal Falsh Storage 1.0 Card Extension standard is intended to replace the eMMC standard, which is used in low-cost laptops and Chromebooks. Samsung didn't disclose pricing or availability for the UFS storage cards. It's worth noting that Toshiba does also make UFS storage cards, but they have yet to release any based on the UFS 1.0 Card Extension standard.

Submission + - What pranks have you pulled on scam callers? 1

flatulus writes: My wife has been getting calls repeatedly from "the Windows IT department" about our computer. She tells them she's not biting and hangs up.

This morning I had the pleasure of answering the call. It went like this:

"Hello?"
"Hi, this is the Windows IT department calling about your computer."
"A computer? what's that?"
"I'm calling about your computer."
"Computer? I've never heard of this. What is a computer?"
"What is a computer? OK, buddy — get lost" (hangup)

So, what fun stories do you have about pranking scammers?

Submission + - Here's how a hacker is shaking down a medical clinic (bankinfosecurity.com)

SpacemanukBEJY.53u writes: A hacker going by the nickname The Dark Lord is threatening to release nearly 48,000 medical records unless an orthopedic clinic in the U.S. pays $165,000 by July 8. The batch of data is one of three lots he's stolen from health care clinics that are now advertised on The Real Deal underground market. If the data is accurate, this particular clinic has no good options, a dilemma faced by organizations confronted with extortion attempts by cybercriminals. It's an unsettling tale. The hacker sent a highly personal ransom letter to the clinic's director, including the names of his family members and their Social Security Numbers. "I do not feel bad or guilty about any of this," the hacker says.

Slashdot Top Deals

"When people are least sure, they are often most dogmatic." -- John Kenneth Galbraith

Working...