Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Your Digital Life Can Be Legally Seized at the Border 3

Toe, The writes: Quincy Larson from freeCodeCamp relates some frightening stories from U.S. citizens entering their own country, and notes that you don't have fourth and fifth amendment rights at the border. People can and have been compelled to give their phone password (or be detained indefinitely) before entering the U.S and other countries. Given what we keep on our phones, he concludes that it is now both easy and legal for customs and border control to access your whole digital life. And he provides some nice insights on how easy it is to access and store the whole thing, how widespread access would be to that data, and how easy it would be for the wrong hands to get on it. His advice: before you travel internationally, wipe your phone or bring/rent/buy a clean one.

Submission + - SPAM: Trump executive order prompts Google to recall staff

AmiMoJo writes: Google has recalled travelling staff members to the US after an executive order from President Donald Trump restricting entry for nationals of seven Muslim-majority countries. Google has told the BBC it is concerned about the order and any measures which could block great talent from the US. There have already been reports of "green card" holders, who are allowed to work in the US, being prevented from getting on flights.
Link to Original Source

Submission + - France to review food whitener additive, titanium dioxide, for health risks (reuters.com)

Eloking writes: The French government has ordered a review of the safety of titanium dioxide as a food additive after a scientific study released on Friday found health effects in animals that consumed the substance.

Titanium dioxide is widely used in industry as a whitener, notably for paint. It is an ingredient in some foods such as sweets and known as additive E171.

France's National Institute for Agricultural Research (INRA) and partners in a study on oral exposure to titanium dioxide had shown for the first time that E171 crosses the intestine wall in animals to reach other parts of the body, INRA said.

Submission + - SPAM: Deepest water found 1000km down, a third of way to Earth's core

schwit1 writes: JULES VERNE’s idea of an ocean deep below the surface in Journey to the Centre of the Earth may not have been too far off. Earth’s mantle may contain many oceans’ worth of water – with the deepest 1000 kilometres down.

“If it wasn’t down there, we would all be submerged,” says Steve Jacobsen at Northwestern University in Evanston, Illinois, whose team made the discovery. “This implies a bigger reservoir of water on the planet than previously thought.”

This water is much deeper than any seen before, at a third of the way to the edge of Earth’s core. Its presence was indicated by a diamond spat out 90 million years ago by a volcano near the São Luíz river in Juina, Brazil.

Link to Original Source

Submission + - French police foil terror attack, arrest 7 (samaa.tv)

An anonymous reader writes: PARIS: Police have broken up a terror ring plotting an attack in France after arresting seven suspects in Strasbourg and Marseille, Interior Minister Bernard Cazeneuve said on Monday. The arrests of seven people — of French, Moroccan, and Afghan origin...

Submission + - Groundbreaking Paper on arXiv derives Gravity from Holographic Principle (arxiv.org)

vikingpower writes: Dutch prodigy and Amsterdam University Professor Erik Verlinde published a paper on arXiv, yesterday November 7, titled "Emergent Gravity and the Dark Universe". In the paper, Verlinde derives gravity from the so-called Holographic Principle, which — simply put — states that gravity emerges from the interplay between and entropy re-arrangement of sub-atomic "strings" that live in a negatively curved space-time. At that level, "...spacetime and gravity are emergent from an underlying microscopic description in which they have no a priori meaning" . Most importantly, Verlinde's paper has as a consequence that Dark Matter, nemesis of many an astronomer, is nothing more than an illusion. Verlinde, who was awarded the Dutch national Spinoza science prize in the recent past, already completed the tour de force of deriving Newtonian gravity from the same principles in a 2010 paper, also on arXiv. We are probably looking at Nobel-prize material here, as Verlinde is acknowledged by his peers to "go one better than Einstein's General Theory of Relativity".

Submission + - SPAM: Japan's Tiny Refugee Community Urges Tokyo To Open Doors Wider

DupontHay69 writes: It's important to say you are sorry in most nations, but in Japan apologizing is a cultural need to that is non-negotiable for Japanese. Though that's the excellent, I've found the wholesome lessons of college lunch differ by teacher and by grade (younger ones have a tendency to get more instruction in this regard). There are a lot of men and women now that really interested in studying a second or even a third language. Monolingual English-speaking linguists have dominated the field for some time, and their view has been skewed by their limited knowledge of language in all its selection. But many survivors of hydrocephaly have perfectly normal language function, due to the fact there is no structure in the brain which is dedicated just before birth to language processing. But, it have to
Link to Original Source

Submission + - SPAM: This high-tech card is being rolled out by French banks to eliminate fraud

schwit1 writes: Your credit card security is pretty broken. It's not your fault, it's just really hard to keep people's money safe, especially online.

Part of the problem is that once your card details are stolen — whether through a phishing attack or by someone copying the digits on the back — fraudsters are free to go on a spending spree until you notice something's up. Normally by the time you get around to actually cancelling your card, it's all too late.

But what if the numbers on your card changed every hour so that, even if a fraudster copied them, they'd quickly be out of date? That's exactly what two French banks are starting to do with their new high-tech ebank cards.

The three digits on the back of this card will change, every hour, for three years and after they change, the previous three digits are essentially worthless, and that's a huge blow for criminals.

Link to Original Source

Submission + - Man in Japan arrested for jailbreaking iPhones

execthis writes: From a story at nhk.or.jp :

Japanese police have arrested a hacker for illegally removing software restrictions on Apple's iPhones and selling the devices.

Daisuke Ikeda, who is 24 and from Toyama City, is suspected of what's called "jailbreaking" and infringing Apple's intellectual property rights.

This is really unbelievable. I feel sorry for anyone who lives in Japan :-(

Submission + - Microsoft Patents AI To Monitor All Actions In Windows And Feed It To Bing (hothardware.com) 1

MojoKid writes: Microsoft has angered users over the past year for its willingness to push the boundaries of acceptable practice for promoting adoption of its operating system. Also, some feel it crossed that line with respect to user data collection and privacy concerns. However, Microsoft stands to garner a lot more criticism if its recent patent filing comes to life in a production software product. The title of the filing is "Query Formulation Via Task Continuum" and it aims to make it easier for apps to share data in real-time so that the user can perform better searches. Microsoft feels that the current software model in which applications are self-contained within their own silos potentially slows the user down. To combat this disconnect, Microsoft has devised a way to facilitate better communications between apps through the use of what it calls a "mediation component." This is Microsoft's all-seeing-eye that monitors all input within apps to decipher what the user is trying to accomplish. All of this information could be gathered from apps like Word, Skype, or even Notepad by the mediator and processed. So when the user goes to the Edge web browser to further research a topic, those contextual concepts are automatically fed into a search query. Microsoft says that this will provide faster, more relevant searchers to users. The company says the mediator can be introduced as an optional module that can be installed in an operating system or directly built in. If it's the latter, plenty of people will likely be looking for a kill switch.

Submission + - Google Creates New Algorithm for Handling Web Traffic Congestion (softpedia.com)

An anonymous reader writes: A team of six Google engineers has submitted a commit to the Linux networking development group that implements a new computer algorithm for handling TCP traffic congestion control.

According to the team, the new algorithm will improve the efficiency with which Linux-based servers will handle network bottlenecks. The new algorithm has already been tested and used on Google's internal backbone networks, google.com and YouTube.

Google's staff says that implementing BBR only implies changes on the server side, not on the network or the receiving side. Equipment can be gradually upgraded without updating both sides of a connection. This means no patches for browsers, smartphones, or switches, just the servers.

Submission + - U.S. and China Ratify Paris Climate Accord

PvtVoid writes: The BBC reports that the U.S. and China have announced ratification of the Paris Climate Accord, designed to reduce greenhouse gas emissions enough to hold global warming to 2C. The U.S. and China are by far the world's largest producers of the greenhouse gases responsible for climate change.

Submission + - Banks still not sanitizing user input.

BarbaraHudson writes: Recently I tried once again to use my bank's mobile app. I had deleted it a couple of times in the past because I could never get it to work. The bank had all sorts of excuses — "Maybe your card hasn't been activated for online banking", "You need to download the latest version", "We'll need to reset your password", "We'll issue you a new card", etc. New card, password reset both did nothing.

Turns out that entering the card number as shown on the card will never work. The card format is 9999 9999 9999 9999 (spaces between each group of 4 digits). They failed Rule 00; sanitize input.

Entering the number in that format will always fail. In this case they failed to remove spaces before testing whether the card number was valid. The android code to remove the embedded spaces is pretty generic one-liner:

String cardNo = edittext.getText().toString().replace(" ", "");

Looking at the online forums, others have had the same problem for the app's entire existence.

Having figured that out, I was immediately locked out for "too many failures to answer the security question". Of course, it never presented a security question, because the bozo who wrote the program incremented some "bad answer" counter on every login attempt, even if they never got to the point of seeing a security question. It also locks you out of using web banking on the same account..

Locking someone out of their account is now easy as pie, because it also works if the user enters their name instead of their card number. (If you have 5 John Smiths, you'll lock them all out, since access is granted based on both the user name and password matching if the account number isn't entered). Just load up an android app for the bank (I won't disclose which bank until 45 days have passed since notifying them today), enter their name and a bogus password a few times, and every John Smith is locked out. And of course, if the so-called developers are failing to do such basic input sanitation, it makes me pretty sure there are other intern-level programmer bugs are awaiting exploitation elsewhere.

Adding frustration is that they cannot do a password reset over the phone unless you have already signed up for telephone banking. Now why would anyone sign up for telephone banking when an app or the web is supposed to be more convenient? The excuse I was given is that they need it to establish my identity. So why not just text me an sms or email code that I can enter when requesting a password reset?

Lets hope other banks didn't use the same app geniuses.

Submission + - 36000 SAP Systems Exposed Online, Most Open To Attacks (helpnetsecurity.com)

dinscott writes: ERPScan released the first comprehensive SAP Cybersecurity Threat Report, covering product security, implementation security, and security awareness.

Among the interesting findings is that of the 36,000 services found online, 69 percent should not be exposed directly to the Internet as they are designed for internal use only, have critical vulnerabilities or require additional network filtration. Also, that countries where the highest number of SAP security presentations were delivered are characterized by more secure SAP system installations than countries where researchers did not present their studies — a win for those who preach SAP security.

Slashdot Top Deals

If you fail to plan, plan to fail.

Working...