Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Wall Street IT Engineer Hacks Employer to See If He'll Be Fired (bleepingcomputer.com)

An anonymous reader writes: A Wall Street engineer was arrested for planting credentials-logging malware on his company's servers. According to an FBI affidavit, the engineer used these credentials to log into fellow employees' accounts. The engineer claims he did so only because he heard rumors of an acquisition and wanted to make sure he wouldn't be let go.

In reality, the employer did look at archived email inboxes, but he also stole encryption keys needed to access the protected source code of his employer's trading platform and trading algorithms. Using his access to the company's Unix network (which he gained after a promotion last year), the employee then rerouted traffic through backup servers in order to avoid the company's traffic monitoring solution and steal the company's source code.

The employee was caught after he kept intruding and disconnecting another employee's RDP session. The employee understood someone hacked his account and logged the attacker's unique identifier. Showing his total lack of understanding for how technology, logging and legal investigations work, the employee admitted via email to a fellow employee that he installed malware on the servers and hacked other employees.

Submission + - Britain Set For First Coal-Free Day Since Industrial Revolution (theguardian.com)

An anonymous reader writes: The UK is set to have its first ever working day without coal power generation since the Industrial Revolution, according to the National Grid. The control room tweeted the predicted milestone on Friday, adding that it is also set to be the first 24-hour coal-free period in Britain. The UK has had shorter coal-free periods in 2016, as gas and renewables such as wind and solar play an increasing role in the power mix. The longest continuous period until now was 19 hours – first achieved on a weekend last May, and matched on Thursday. Hannah Martin, head of energy at Greenpeace UK, said: “The first day without coal in Britain since the Industrial Revolution marks a watershed in the energy transition. A decade ago, a day without coal would have been unimaginable, and in 10 years’ time our energy system will have radically transformed again." Britain became the first country to use coal for electricity when Thomas Edison opened the Holborn Viaduct power station in London in 1882. It was reported in the Observer at the time that “a hundred weight of coal properly used will yield 50 horse power for an hour.” And that each horse power “will supply at least a light equivalent to 150 candles”.

Submission + - Developer of BrickerBot Malware Claims He Destroyed Over 2 Million Devices (bleepingcomputer.com)

An anonymous reader writes: In an interview today, the author of BrickerBot, a malware that bricks IoT and networking devices, claimed he destroyed over 2 million devices, but he never intended to do so in the first place.

His intentions were to fight the rising number of IoT botnets that were used to launch DDoS attacks last year, such as Gafgyt and Mirai. He says he created BrickerBot with 84 routines that try to secure devices so they can't be taken over by Mirai and other malware. Nevertheless, he realized that some devices are so badly designed that he could never protect them. He says that for these, he created a "Plan B," which meant deleting the device's storage, effectively bricking the device.

His identity was revealed after reporter received an anonymous tip about a HackForum users claiming he was destroying IoT devices since last November, just after BrickerBot appeared. When contacted, BrickerBot's author revealed that the malware is a personal project which he calls "Internet Chemotherapy" and he's "the doctor" who will kill all the cancerous unsecured IoT devices.

Submission + - Red Hat Suffers Massive Data Center Network Outage

An anonymous reader writes: According to multiple reports on Twitter, the Fedora Infrastructure Status page, and the #fedora-admin Freenode IRC channel, Red Hat is suffering a massive network outage at their primary data center. Details are sketchy at this point, but it looks to be impacting the Red Hat Customer Portal; as well as all their repositories (including Fedora, EPEL, Copr); their public build system, Koji; and a whole host of other popular services. There is no ETA for restoration of services at this point.

Submission + - Ambient Light Sensors Can Be Used to Steal Browser Data (bleepingcomputer.com)

An anonymous reader writes: Over the past decade, ambient light sensors have become quite common in smartphones, tablets, and laptops, where they are used to detect the level of surrounding light and automatically adjust a screen's intensity to optimize battery consumption... and other stuff. The sensors have become so prevalent, that the World Wide Web Consortium (W3C) has developed a special API that allows websites (through a browser) to interact with a device's ambient light sensors. Browsers such as Chrome and Firefox have already shipped versions of this API with their products.

According to two privacy and security experts, malicious web pages can launch attacks using this new API and collect data on users, such as URLs they visited in the past and extract QR codes displayed on the screen. This is possible because the light coming from the screen is picked up by these sensors. Mitigating such attacks is quite easy, as it only requires browser makers and the W3C to adjust the default frequency at which the sensors report their readings. Furthermore, the researcher also recommends that browser makers quantize the result by limiting the precision of the sensor output to only a few values in a preset range. The two researchers filed bug reports with both Chrome and Firefox in the hopes their recommendations will be followed.

Submission + - Mastercard Replaces PINs With Fingerprint Sensor on New Cards 3

Trailrunner7 writes: Mastercard is rolling out a new payment card that includes a fingerprint sensor built right onto the card, a feature that is meant to eliminate the need for a PIN during in-person transactions.

The new card also has a chip embedded in it and it can be used at all of the existing chip-and-PIN terminals. During a transaction, the user would insert the card into the terminal and hold his thumb on the embedded biometric sensor while the terminal reads the chip. Rather than entering a PIN, the user’s print serves as a second factor of authentication. The user’s print is stored on the card and it is compared against the one used during each transaction.

Mastercard already has tested the new card in a pair of trials in South Africa, one with a large supermarket chain and another with a bank. The company plans wider trials this year and is aiming for a full rollout by the end of 2017.

Submission + - Anbox: Android runs natively on Linux via LXC (anbox.io)

downwa writes: Canonical engineer Simon Fels has publicly released an Alpha version of Anbox. Similar to the method employed for Android apps on ChromeOS, Anbox runs an entire Android system (7.1.1 at present) in an LXC container. Developed over the last year and a half, the software promises to seamlessly bring performant Android apps to the Linux desktop.

After installing Anbox (based on Android 7.1.1) and starting Anbox Application Manager, ten apps are available: Calculator, Calendar, Clock, Contacts, Email, Files, Gallery, Music, Settings, and WebView. Apps run in separate resizeable windows. Additional apps (ARM-native binaries are excluded) can be installed via adb.

Installation currently is only supported on a few Linux distributions able to install snaps.

Contributions are welcome on Github.

Submission + - Ask Slashdot: What Are Good Books On Inventing, Innovating And Doing R&D?

dryriver writes: I've signed up to a project that involves inventing new ways to do things and also performing the technology R&D required to make these new ways a reality. So, dear Slashdotters — are there any good books on inventing, innovating or doing R&D? Books that describe different ways to approach inventing/R&D? Books on managing a team effort to invent, innovate and research? Or even good books about the history of past inventions — how they were created, why they were created, how and why the succeeded or failed in the real world? Thanks!

Submission + - When cybercriminals chat, privacy isn't everything (securityledger.com) 1

chicksdaddy writes: Cyber criminals lurk in the dark recesses of the Internet, striking at random and then disappearing into the virtual ether. But when they want to talk shop with their colleagues, they turn to Redmond, Washington-based Microsoft and its Skype communications tools, according to an analysis by the firm Flashpoint.(https://www.flashpoint-intel.com/blog/cybercrime/cybercriminal-communication-strategies/)

Mentions of different platforms were used as a proxy for gauging interest in and use of these messaging services. Flashpoint analysts looked, especially, for invitations to continue conversation outside of cyber criminal marketplaces, like references to ICQ accounts or other platforms. The survey results show that, out of a population of around 80 instant messenger platforms and protocols, a short list of just five platforms accounts for between 80% and 90% of all mentions within the cyber underground. Of those, Microsoft’s Skype was the chat king. It ranked among the top five platforms across all language groups. That, despite the platform’s lack of end-to-end encryption or forward secrecy features and evidence, courtesy of NSA hacker Edward Snowden, that US spies may have snooped on Skype video calls in recent years, The Security Ledger reports. (https://securityledger.com/2017/04/skype-is-still-the-cybercriminal-chat-king/)

The conclusion: while security is a priority amongst thieves, it isn’t the sole concern that cyber criminals and their associates have. In fact, sophisticated hacking communities like those in Russia to continue to rely on legacy platforms like ICQ when provably more secure alternatives exist. The reason? Business.

“These cyber criminals have a lot of different options that they’re juggling and a lot of factors that weigh on their options,” said Leroy Terrelonge III, the Director of Middle East and Africa Research at Flashpoint. “We might suspect that cyber criminals use the most secure means of communication all the time, that’s not what our research showed.”

Submission + - 44% Of Americans Won't Pay Any Federal Income Tax (zerohedge.com)

schwit1 writes: More than four in 10 American households (44.3%) — or upwards of 76 million — didn't pay any income tax to the federal government last year, according to data for 2016 from the Tax Policy Center. This year that number is expected to be roughly the same, at 43.9%.

Most of these people aren't paying income taxes because they either don't have any income that is taxable (many fall below the poverty line), or because they get enough tax breaks and don't owe the government money. Common tax breaks include the child tax credit, the earned income tax credit (EITC), and the exclusion of some or all Social Security income, explains Roberton Williams of the Tax Policy Center.

Submission + - Drupal Contributors Argue Corruption at Heart of Drupal Sex Scandal (drupalconfessions.org)

An anonymous reader writes: On April 16th, and after more than a hundred signatures and worldwide press coverage of DrupalConfessions, Drupal’s Community Working Group (CWG) finally issued a response to our letter. Unfortunately, the response from the CWG raises extremely troubling questions about the intentions and credibility of Drupal governance, and highlights the need to take Dries’ call for improvements to governance very seriously.
Dries issued an impassioned call for feedback, and in light of the CWG’s response to our open letter, that’s exactly what we would like to provide in this response. (linking directly to the post)

Submission + - Ubuntu to use Wayland by default

An anonymous reader writes: From the school of expected things following its decision to drop Unity, Ubuntu will use Wayland by default for user sessions in Ubuntu 17.10 onwards. Mir had been Canonical’s home-spun alternative to Wayland but was recently put out to pasture.

Submission + - User-Made Patch Lets Owners of Next-Gen CPUs Install Updates on Windows 7 & (bleepingcomputer.com)

An anonymous reader writes: GitHub user Zeffy has created a patch that removes a limitation that Microsoft imposed on users of 7th generation processors, a limit that prevents users from receiving Windows updates if they still use Windows 7 and 8.1. This limitation was delivered through Windows Update KB4012218 (March 2017 Patch Tuesday) and has made many owners of Intel Kaby Lake and AMD Bristol Ridge CPUs very angry last week, as they weren't able to install any Windows updates.

Microsoft's move was controversial, but the company did its due diligence, and warned customers of its intention since January 2016, giving users enough time to update to Windows 10, move to a new OS, or downgrade their CPU, if they needed to remain on Windows 7 or 8.1 for various reasons.

When the April 2017 Patch Tuesday came around last week, GitHub user Zeffy finally had the chance to test four batch scripts he created in March, after the release of KB4012218. His scripts worked as intended by patching Windows DLL files, skipping the CPU version check, and delivering updates to Windows 7 and 8.1 computers running 7th generation CPUs.

Slashdot Top Deals

Intel CPUs are not defective, they just act that way. -- Henry Spencer

Working...