Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - 6 seconds: How hackers only need moments to guess card number and security code (telegraph.co.uk) 1

schwit1 writes: Criminals can work out the card number, expiry date and security code for a Visa debit or credit card in as little as six seconds using guesswork, researchers have found.

Fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud, and this may have been the method used in the recent Tesco Bank hack.

According to a study published in the academic journal IEEE Security & Privacy, that meant fraudsters could use computers to systematically fire different variations of security data at hundreds of websites simultaneously.

Within seconds, by a process of elimination, the criminals could verify the correct card number, expiry date and the three-digit security number on the back of the card.

Mohammed Ali, a PhD student at the university's School of Computing Science, said: "This sort of attack exploits two weaknesses that on their own are not too severe but, when used together, present a serious risk to the whole payment system.

Submission + - Wikileaks Reveals how NSA Analysts Earned "XKS Skilz points" by Spying (wikileaks.org)

Xenographic writes: Wikileaks has recently released 90 gigabytes of information relating to the German parliamentary inquiry into the surveillance activities of Germany's foreign intelligence agency Bundesnachrichtendienst (BND) and its cooperation with the United States' National Security Agency (NSA). One of these is related to the gamification of XKeyscore (XKS), which is the NSA's program for searching and analyzing global Internet data. According to this PDF document, analysts could earn "XKS Skilz points" for spying:

"Combine these exciting finds with the introduction of XKS Skilz points, and you can see why McDonald's teamed up with Monopoly years ago: people buy more and even super size their orders just to get game pieces. With the brainchild of Skilz, where analysts can earn points and unlock achievements for performing tasks in XKS, people are willing to try new things within the tool. Analysts think to themselves, "Using the Pivot Data feature will earn 30 points... I'm going to try it and see what happens." Discovery! Points! We have been lured by our geeky desire to unlock achievements and earn points, and bragging rights are everything."

Submission + - Not one, not two, but three undersea cables cut in Jersey (cloudflare.com)

An anonymous reader writes: Sometime before midnight Monday (UK local time) a ship dropped its anchor and broke, not one, not two, but three undersea cables serving the island of Jersey in the English Channel. Jersey is part of the Channel Islands along with Guernsey and some smaller islands. These things happen and that’s not a good thing. The cut was reported on the venerable BBC news website. For the telecom operators in Jersey (JT Global) this wasn’t good news. However looking at the traffic from Cloudflare’s point of view; we can see that while the cable cut removed the direct path from London to Jersey, it was replaced by the backup path from Paris to Jersey. The move was 100% under the control of the BGP routing protocol. It's a relief that there's a fallback for when these unpredictable events happen.

Submission + - The Problem is Agendas In The Mainstream Media, Not 'Fake News" (thehill.com)

An anonymous reader writes: The 2016 election win by Donald Trump has resulted in many theories about how Trump won, and how the media missed his support. A prominent theory making the rounds in the media is that 'fake news' from fringe news sites, blogs, foreign government propaganda units, and other sources, is what helped push Trump over the top to win. Cathy Young, writing in The Hill, states that isn't the real problem. The real main problem is when the mainstream media reports the news filtered through an agenda, distorting some facts, ignoring others, and highlighting what supports their agenda. A recent example is the reporting that suggests Trump plans to create a "Muslim registry," implying that all Muslims in the US would have to register with the US government. But that isn't Trump's plan at all:

Trump may revive a program that was in place from 2001 to 2011; according to The Washington Post, that system “required people from countries deemed ‘higher risk’ to undergo interrogations and fingerprinting upon arrival” and, in some cases, “to follow a parole-like system by periodically checking in with local authorities.” Most of the countries identified as high-risk were majority-Muslim, and civil rights groups charged that the program targeted Muslims. But to call such a program a “Muslim registry” creates an essentially false impression — which is what many people were undoubtedly left with if they did not read the story carefully, or only saw the buzz about it in the social media.


Submission + - The "You Wouldn't Steal A Car" DVD Anti-Piracy Ads Used Stolen Music (abc.net.au) 1

dryriver writes: According to ABC, back in 2006, Buma/Stemra (Dutch Music Royalties Collection Agency) approached a Dutch musician, Melchior Reitveldt, to write some music for an anti-piracy ad, with the strict proviso that this music would be played only and exclusively at a local film festival. Mr. Reitveldt wrote the music, it was played, he got paid and all was well. But then, in 2007, he bought a Harry Potter DVD and to his surprise, there was his music in the anti-piracy ad at the beginning. His composition had been taken and used without his permission. In fact, it had been illegally used on dozens of movie DVDs, both in Holland and overseas. So Mr. Reitveldt went to the Buma/Stemra music royalty collection agency to clear up this misunderstanding, and ran into a brick wall. Nothing happened for a long time, and then pathetically small refunds were offered, and then they weren't paid in full, and the delaying tactics went on and on.The breakthrough came in 2011, 5 years later, when he secretly recorded a Buma director cynically telling him that "things could be sped up" if he let them "buy the music" for 1 Million Euros. The director had to resign in disgrace. In June 2012, a court ordered Buma/Stemra to repay the money.

Submission + - NVIDIA GeForce GTX 1080 Ti Allegedly Spotted In Shipping With 10GB Of Memory (hothardware.com)

MojoKid writes: Earlier this week there were rumblings that NVIDIA was rumored to be readying the GeForce GTX 1080 Ti, a follow-on high end GPU targeted at bringing Titan X class performance to gamers and enthusiasts at a price point somewhere between the Titan X and the GeForce GTX 1080. Though rumored for a CES 2017 unveil, we're also now learning more specifics and possibly even a confirmation of the 1080 Ti's actual existence. Initially spotted on a shipping manifest, details in the shipment of a computer graphics card targeting a destination Indian shipping port via Bangalore Air, point to the NVIDIA nomenclature of PG611 for the GPUl, which designates NVIDIA's GP102, the very same NVIDIA graphics processor that powers NVIDIA's Titan X. The description of the product notes a device dubbed PG611 with the SKU 0010 GPU, that has a 384-bit memory bus and 10240MB GDDR, or 10GB of RAM. Definitively, we can't say that this is confirmation of the GeoForce GTX 1080 TI but a shipment is out there that went from China to India on Novmeber 8th, with a product that very much fits what should its description.

Submission + - De Beers Scientists Fight the Growing Threat of Man-Made Diamonds 1

HughPickens.com writes: The WSJ reports that a small team of scientists working for De Beers is scrambling to stave off a looming threat that could tarnish the luster of natural-mined diamonds: high-quality man-made stones. For now, while synthetics make up just a fraction of the market, they have growing appeal to younger buyers — a headache for mine owners, who are under pressure to cut supply and lower prices, because traders, cutters and polishers are struggling to profit amid a credit squeeze and languishing jewelry sales. Synthetic producers can make 250,000 carats to 350,000 carats of rough diamonds annually, according to industry estimates, compared with about 135 million rough carats mined every year. But Martin Roscheisen, chief executive of Diamond Foundry Inc., a San Francisco synthetic-diamond producer with a capacity of 24,000 carats, says he believes nearly all diamonds consumers purchase will be man-made in a few decades. To counter the threat, last year De Beers helped launch a trade association with other producers to market the attraction of natural diamonds. At a plant about 30 miles west of London, De Beers scientists have been working to detect synthetic diamonds for years. The company has its own synthetic-diamond facility, called Element Six, which produces synthetic diamonds for industrial purposes, such as drilling, and helps De Beers keep up with technological developments. It also started marketing a new, cheap detector called PhosView, that uses ultraviolet light to detect lab-grown stones that quickly screens tiny synthetic diamonds. “We’re very focused on detection,” says Simon Lawson, head of Technologies U.K. at De Beers. “It underpins the integrity of natural diamonds and ensures that consumers cannot be duped into buying a synthetic diamond.” Despite the increased competition, De Beers has no intention of selling synthetics. “De Beers’ focus is on natural diamonds,” says Lawson. “We would not do anything that would cannibalize that industry.”

Submission + - The FCC just passed sweeping new rules to protect your online privacy (washingtonpost.com) 1

jriding writes: Federal regulators have approved unprecedented new rules to ensure broadband providers do not abuse their customers' app usage and browsing history, mobile location data and other sensitive personal information generated while using the Internet.

The rules, passed Thursday in a 3-to-2 vote by the Federal Communications Commission, require Internet providers, such as Comcast and Verizon, to obtain their customers' explicit consent before using or sharing that behavioral data with third parties, such as marketing firms.

Submission + - 28,882 Emails From Hillary Clinton's Private Server available online (archive.org)

Okian Warrior writes: [Note: This information is 10 hours old as I type. If Slashdot wants to post this, perhaps with an appropriate warning, they could potentially scoop all of the the MSM and Breitbart/Drudge for this news item.]

The twitter group PunishmentPosse appears to have released 28882 E-mails from Clinton's private server, available from Archive.org as either a torrent or direct link.

The files appear to be 28882 PDF files, each of which appears to be state department E-mails to Hillary from 2012 to 2016. Some E-mail addresses have been redacted, and occasionally an entire page has been blanked out. Everything seems legitimate at first glance and to my untrained eye.

Note that this is not a wikileaks drop, and the data might not be authentic.

KimDotcom has previously hinted that Clinton's E-mails might be released on Hillary's birthday (October 26th). He has not claimed responsibility, but has recently made a few cryptic tweets today.

(Kim Dotcom may have an axe to grind, because Hillary Clinton signed his US extradition order)

Submission + - Clinton Foundation works with Big Pharma to keep the price of US AIDS drugs high (reddit.com)

Okian Warrior writes: A newly released Podesta E-mail explains how the Clinton Health Access Initiative (CHAI) works to keep the price of AIDS medicines high in the US.

CHAI contracted with Big Pharma companies for AIDS drugs to be distributed in developing countries. In return, the group agreed to resist efforts to bring similarly lower cost and generic drugs to the US.

The email is a reaction to "comments President Clinton made on lowering domestic AIDS drugs prices at the World AIDS day event":

We have always told the drug companies that we would not pressure them and create a slippery slope where prices they negotiate with us for poor countries would inevitably lead to similar prices in rich countries.

[...] If we do try to do something in this area, we suggest that we approach the innovator companies that can currently sell products in the US with the idea of making donations to help clear the ADAP lists. For a variety of reasons, the companies will likely favor a donation approach rather than one that erodes prices across the board.

[...] I would guess that they would also likely favor a solution that involved their drugs rather than an approach that allowed generic drugs from India to flood the US market at low prices or one that set a precedent of waiving patent laws on drugs. ... We can go to war with the US drug companies if President Clinton would like to do so, but we would not suggest it.


Submission + - US Republican Senate Committee hacked

pdclarry writes: While all of the recent news has been about hacking the Democratic party, apparently the Republicans have also been hacked, over many months (since March 2016). This was not about politics, however; it was to steal credit card numbers. Brian Krebs reports that; "a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the Web storefront of the National Republican Senatorial Committee (NRSC)." "If you purchased a “Never Hillary” poster or donated funds to the NRSC through its Web site between March 2016 and the first week of this month [October 2016], there’s an excellent chance that your payment card data was siphoned by malware and is now for sale in the cybercrime underground." Krebs says his information comes from Dutch researcher Willem De Groot, co-founder and head of security at Dutch e-commerce site byte.nl. The Republicans were not alone; theirs was just one of 5,900 e-commerce sites hacked by the same Russian actors.

Submission + - The mathematics of the American Justice System (bbc.com)

Bob the Super Hamste writes: The BBC is reporting on the Compas assessment, Correctional Offender Management Profiling for Alternative Sanctions. This tool is used by a number of agencies to assess if someone is likely to commit additional crimes and the resulting score is used in determining bail, sentencing, or determining parole. The article points out that while the questions on the assessment do not include race the resulting score may be correlated with race but this is disputed by the software's creators. The assessment scores someone on a 10 point scale but the algorithm used to determine someone's score is kept secret. Because of this defendants are unable to effectively dispute that the score is incorrect.

Submission + - Feds Demand Everyone's Fingerprints To Open Phones (forbes.com)

ArtemaOne writes: Under the Fourth Amendment, Americans are protected from unreasonable searches and seizures, but according to one group of federal prosecutors, just being in the wrong house at the wrong time is cause enough to make every single person inside provide their fingerprints and unlock their phones.

Back in 2014, a Virginia Circuit Court ruled that while suspects cannot be forced to provide phone passcodes, biometric data like fingerprints doesn’t have the same constitutional protection. Since then, multiple law enforcement agencies have tried to force individual suspects to unlock their phones with their fingers, but none have claimed the sweeping authority found in a Justice Department memorandum recently uncovered by Forbes.

Submission + - Nuclear Fusion World Record: MIT's Alcator C-Mod Tokamak Breaks Its Own Plasma P (ibtimes.com)

mdsolar writes: On Friday, researchers at the Massachusetts Institute of Technology’s Plasma Science and Fusion Center announced that they had achieved a key milestone — one that brings us closer than ever before to viable fusion reactors. The MIT team at the Alcator C-Mod tokamak nuclear fusion reactor set a new world record for plasma pressure at 2.05 atmospheres — 15 percent higher than the previous C-Mod record of 1.77 atmospheres set in 2005.

“This is a remarkable achievement that highlights the highly successful Alcator C-Mod program at MIT,” Dale Meade, former deputy director at the Princeton Plasma Physics Laboratory, who was not directly involved in the experiments, said in a statement. “The record plasma pressure validates the high-magnetic-field approach as an attractive path to practical fusion energy.”

Slashdot Top Deals

"If the code and the comments disagree, then both are probably wrong." -- Norm Schryer

Working...