Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - researchers develop artificial leaf that turns CO2 into fuel (chicagotribune.com)

managerialslime writes: University of Illinois at Chicago researchers have developed a way to mimic plants’ ability to convert carbon dioxide into fuel, a way to decrease the amounts of harmful gas in the atmosphere and produce clean energy. The artificial leaf essentially recycles carbon dioxide. And it’s powered entirely by the sun, mimicking the real photosynthesis process.

Submission + - More Than 1 Million Android Devices Rooted by Gooligan Malware

Trailrunner7 writes: A new version of an existing piece of malware has emerged in some third-party Android app stores and researchers say it has infected more than a million devices around the world, giving the attackers full access to victims’ Google accounts in the process.

The malware campaign is known as Gooligan, and it’s a variant of older malware called Ghost Push that has been found in many malicious apps. Researchers at Check Point recently discovered several dozen apps, mainly in third-party app stores, that contain the malware, which is designed to download and install other apps and generate income for the attackers through click fraud. The malware uses phantom clicks on ads to generate revenue for the attackers through pay-per-install schemes, but that’s not the main concern for victims.

The Gooligan malware also employs exploits that take advantage of several known vulnerabilities in older versions of Android, including Kit Kat and Lollipop to install a rootlet that is capable of stealing users’ Google credentials.Although the malware has full remote access to infected devices, it doesn’t appear to be stealing user data, but rather is content to go the click-fraud route. Most users are being infected through the installation of apps that appear to be legitimate but contain the Gooligan code, a familiar infection routine for mobile devices.

Submission + - Which is the best-managed U.S. bank?

Futurepower(R) writes: I see plenty of evidence that banks don't manage their web sites well.

When I check my balance at Ally Bank, the NoScript and Ghostery Firefox add-ons tell me that 11 other sites* would be contacted if I didn't have protection. See the sites below.

The Barclays U.S. Bank web site terms of use say that Barclays U.S. Bank has no legal responsibility or liability for anything it says on its web site. Quoting: "... THE BANK DOES NOT WARRANT THAT: (i) THE SITE OR THE SITE CONTENT IS CORRECT, ACCURATE, RELIABLE OR COMPLETE..." If you can't depend on what the web site says, how can you feel comfortable that you know enough about the bank to want to be a customer?

I talked with a representative at CapitalOne 360 Bank when I discovered that now there is no way to send a secure message to the bank. (My wife has an account.) The secure messaging only allows receiving messages from the bank. If you have a question, you have to call and talk with someone, and you have no way of proving what you were told. The CapitalOne 360 Bank representative said that there were too many incoming messages for the staff to answer, so incoming messages were recently deactivated. Customers are not allowed to keep the incoming messages from the bank; they are deleted after 90 days.

I have plenty of other stories like that. In my experience, top managers often have little knowledge of technology, and often seem not to want any knowledge.

So, which is the best-managed U.S. bank? What are your stories about banks?

*Here are the web sites linked when I check my balance at Ally Bank. Advertising: Adobe Audience Manager, Advertising.com, DoubleClick Floodlight, DoubleClick Spotlight, Google Dynamic Remarketing, MediaMath, and RUN. Site Analytics: Omniture (Adobe Analytics) and Qualtrics. Other web sites: Demdex.net and Omtrdc.net. When I tried to visit the Omtrdc.net web site, I got a Firefox message: "Your connection is not secure. The owner of omtrdc.net has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."

Submission + - New Netflix UI Forgets Where You Were In a Video Intentionally (thestack.com)

An anonymous reader writes: Netflix opts all customers into its UI beta-testing program by default (though you can opt out at any time). One iteration the company is experimenting with at the moment features a number of innovations, including a revised and more informative playback environment, a 10-second 'wind-back' feature similar to functionality in Amazon Prime — and an intentional inability to remember where you paused playback, with one operative explaining ‘[This] UI makes you go back to the start of the show so this way in case you missed any part of the movie/show you can watch it again with no troubles.’

Submission + - New study shows marijuana users have low blood flow to the brain (eurekalert.org)

cold fjord writes: State level marijuana legalization efforts across the US have been gaining traction driven by the folk wisdom that marijuana is both a harmless recreational drug and a useful medical treatment for many aliments. However some cracks have appeared in that story with indications that marijuana use is associated with the development of mental disorders and the long term blunting of the brain's reward system of dopamine levels. A new study has found that marijuana appears to have a widespread effect on blood flow in the brain: "Published in the Journal of Alzheimer's Disease, researchers using single photon emission computed tomography (SPECT), a sophisticated imaging study that evaluates blood flow and activity patterns, demonstrated abnormally low blood flow in virtually every area of the brain studies in nearly 1,000 marijuana users compared to healthy controls, including areas known to be affected by Alzheimer's pathology such as the hippocampus. . . . According to Daniel Amen, M.D., ... "Our research demonstrates that marijuana can have significant negative effects on brain function. The media has given the general impression that marijuana is a safe recreational drug, this research directly challenges that notion. In another new study just released, researchers showed that marijuana use tripled the risk of psychosis. Caution is clearly in order.""

Submission + - New Version of Mirai IoT Botnet Targeting Flaw in Millions of Devices (securityledger.com)

chicksdaddy writes: An online attack that took an estimated 900,000 Deutsche Telekom broadband routers offline in Germany was the work of the Mirai botnet, a global network of infected cameras, printers, digital video recorders and other Internet of Things devices. But the attacks go well beyond Germany and the true number of vulnerable devices that could be targeted is much larger – numbering in the millions, according to new analysis by the firm Flashpoint. (https://www.flashpoint-intel.com/new-mirai-variant-involved-latest-deutsche-telekom-outage/)

On Monday, Deutsche Telekom acknowledged (https://www.telekom.com/de/medien/details/13-fragen-zu-angriff-auf-router-445088) that broadband routers it operates were knocked offline by a large scale attack that attempted to infect broadband routers with malicious software. Deutsche Telekom said that around 4 percent of its customers were affected by the attack – around 900,000 routers. But DT customers were not the only target. Flashpoint said it has observed infected devices operating from the United Kingdom, Brazil, Turkey, Iran, Chile, Ireland, Thailand, Australia, Argentina and Italy, as well as Germany.

In contrast to earlier rounds of Mirai infections, which relied on brute force (or “dictionary”) attacks that guessed default administrator usernames and passwords, the latest attacks attempted to exploit a known vulnerability in a remote maintenance interface. Attacks were launched using the TR-064 and TR-069 protocols which are common for managing so-called “customer premises equipment” (or CPE) in wide area network environments, DT said. Deutsche Telekom said it is working with manufacturers on firmware updates to address the vulnerability and is rolling them out to customers as they become available. The TR- protocols are what telecommunications firms and others use to remotely manage broadband routers in homes and businesses, said Zak Wikholm, a security research developer at Flashpoint, The Security Ledger reported. (https://securityledger.com/2016/11/report-millions-and-millions-of-devices-vulnerable-in-latest-mirai-attacks/)

While the exact number of infected devices isn’t known, Flashpoint estimates the global population of infected devices to be “five million” endpoints. The total number of vulnerable devices is much, much larger, though. Some estimates put the total number of devices with port 7547 open at around 41 million, Wikholm told Security Ledger. However, only a fraction of those allow parties other than Internet Service Providers to access those devices. That may be around five million devices globally, he said, though the exact number is unknown.

Even that smaller number could spell disaster. Denial of service attacks in recent months that reached upwards of 700 Gigabits per second of traffic were launched from Mirai botnets with only 100,000 to 200,000 infected hosts. Wikholm said object of the attacks appears to be to build large botnets that can be used “as a commercial service.”

Submission + - Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability (arstechnica.com)

An anonymous reader writes: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident—which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks.

Submission + - Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker (bleepingcomputer.com)

An anonymous reader writes: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds.

The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months.

Submission + - Solar Now (Nearly) Cheaper than Coal (sciencealert.com)

managerialslime writes: In India, "this year, solar energy prices in the country dropped to around parity with coal for the first time ever, hitting 4.34 rupees (about 6 US cents) a kilowatt-hour (kWh), while coal tariffs range usually range in between 3–5 rupees/kWh (about 5–8 US cents)." At this rate, solar should be cheaper than coal within 12 to 18 months.

Submission + - Lessig's Equal Citizens: "Why we need technical people to take on corruption" (medium.com)

Funksaw writes: An article in "Equal Citizens," Lawrence Lessig's Medium-based blog dealing with issues of institutional corruption in democratic politics, explains why, specifically, the reform movement needs (more) people with technical minds and technical skills.

FTA: "What we need are more people willing to look at the laws of this country based on their function. And when I use the word “function,” I mean very specifically the same sense that a computer programmer means it. (Because lord knows, government isn’t functioning by any other definition.)...

It’s not just that big money politics is being injected [like a code injection] into the function of democracy. It’s also that the function of democracy can be warped by an injection. Stopping the injection of money into our democratic function still leaves the function vulnerable to the same—or similar—injection attack.... We need people who can solve the problems of politics like a programmer solves problems in computer code, because a democratic system with vulnerabilities is a democratic system that can fail or be made to fail.
"

The article was authored by the technical adviser to the New Hampshire Rebellion and Mayday.US, two of Lessig's major reform projects.

Submission + - Rich and American? Australia wants you

An anonymous reader writes: Following the success of a millionaire visa program to attract wealthy Chinese, Australia has launched an invite-only visa program that promises citizenship to rich American entrepreneurs. To meet the requirements of the Premium Investment Visa plan Americans must first invest around 15 million Australian dollars. Reuters reports: "Investment advisors who have been briefed on the plan by government officials expressed doubts about the wisdom of targeting Americans, with several telling Reuters the more obvious place to start was Australia's Asian neighbors. After all, why would a successful U.S. entrepreneur want to invest a large chunk of cash in Australia — a country very similar to the United States, just further away from everything — in exchange for a passport that carries few additional benefits to their own? 'The U.S. has some problems that Australia doesn't have. It's got a lot more racial crimes, it's got a lot more gun-related crimes, but I don't think that is going to drive a whole bunch of ultra-rich Americans out of their country,' said Bill Fuggle, a partner at law firm Baker & McKenzie who advises wealthy Chinese migrating to Australia."
Databases

Submission + - Google's F1 - Scalable Alternative to MySQL (i-programmer.info)

mikejuk writes: Google has moved its advertising services from MySQL to a new database, created in-house, called F1. The new system combines the best of NoSQL and SQL approaches.
The store is dynamically sharded, supports replication across data centers while keeping transactions consistent, and can deal with data center outages without losing data. The downside of keeping the transactions consistent means F1 has higher write latencies compared to MySQL, so the team restructured the database schemas and redeveloped the applications so the effect of the increased latency is mainly hidden from external users. Because F1 is distributed, Google says it scales easily and can support much higher throughput for batch workloads than a traditional database.

Space

Submission + - Soviet moon lander discovered water on moon in 1976 (tech-stew.com)

techfun89 writes: "Luna-24 was the last Soviet mission to the moon. It returned to Earth with water-rich rock samples from beneath the lunar surface only to be ignored by the West. New research uncovers this story from obscurity.

Arlin Crotts, a professor in the Department of Astronomy of Columbia University in New York City found that the Soviets found evidence of water in the 1970s, in particular the Luna-24 sample-return mission. During this mission the Soviets drilled 2 meters into the lunar surface and extracted 300 grams of rock then returned to Earth. This was an impressive feat for its time. Analysis showed the rock was made up of 0.1 percent water. This result was published in 1978 to the Russian journal Geokhimiia. There was an English version but wasn't widely read in the West."

Google

Submission + - Larry Page: Have a Healthy Disregard for the Impossible (singularityhub.com) 1

kkleiner writes: "In a talk titled “Beyond Today”, Google’s CEO Larry Page infused Zeitgeist 2012 attendees with a healthy dose of optimism and a call to make ambitious bets, be better organized and work harder to accelerate technology and improve people’s lives. Donning a Google Glass prototype, Page highlighted Google’s current efforts and cast a vision for where Google is headed next, guided by a slogan he borrowed from a University of Michigan summer leadership course: with a healthy disregard for the impossible, people can do almost anything."

Slashdot Top Deals

If you're not part of the solution, you're part of the precipitate.

Working...