Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - NASA eyes $10 Quintillion asteroid (usatoday.com)

kugo2006 writes: NASA announced a plan to research 16 Psyche, an asteroid potentially as large as Mars and primarily composed of Iron and Nickel. The rock is unique in that it has an exposed core, likely a result of a series of collisions, according to Lindy Elkins-Tanton, Psyche's principal investigator. The mission's spacecraft would launch in 2023 and arrive in 2030.

Submission + - Atomic clocks on 9 of 72 European GPS satellites have failed (yahoo.com)

schwit1 writes: The atomic clocks on 9 of the 72 European Galileo GPS satellites, designed to compete with the American, Russian, and Chinese GPS satellites, have failed.

No satellite has been declared “out” as a result of the glitch. “However, we are not blind If this failure has some systematic reason we have to be careful” not to place more flawed clocks in space, [ESA director general Jan Woerner] said.

Each Galileo satellite has four ultra-accurate atomic timekeepers — two that use rubidium and two hydrogen maser. Three rubidium and six hydrogen maser clocks are not working, with one satellite sporting two failed timekeepers. Each orbiter needs just one working clock for the satnav to work — the rest are spares.

The question now, Woerner said, is “should we postpone the next launch until we find the root cause?”

That they are even considering further launches with so many failures of the same units seems absurd. They have a systemic problem, and should fix it before risking further launches.

Submission + - Drudge Report DDOSed for second time in a week (dailymail.co.uk)

alternative_right writes: The popular Drudge Report website was hit last night in an apparent Distributed Denial of Service attack (DDoS) for the second time in a week, knocking it temporarily off the internet.

Readers were unable to log onto the site last night amid fears it had been targeted by cyber criminals.

Submission + - Tinder and Grindr dating apps linked to more than 500 UK crimes (mirror.co.uk)

schwit1 writes: Data compiled by almost three-quarters of police forces across England and Wales listed 523 crimes from the past five years where official logs included the words Tinder or Grindr.

It comes after serial killer Stephen Port was jailed last month for the murders of four young men, including Daniel Whitworth, he met on gay websites and apps including Grindr. Lib Dem leader Tim Farron warned: “I worry that these shocking figures could just be the tip of the iceberg.”

Submission + - The caves that prove Neanderthals were cannibals (phys.org)

schwit1 writes: Deep in the caves of Goyet in Belgium researchers have found the grisly evidence that the Neanderthals did not just feast on horses or reindeer, but also on each other.

Human bones from a newborn, a child and four adults or teenagers who lived around 40,000 years ago show clear signs of cutting and of fractures to extract the marrow within, they say.

"It is irrefutable, cannibalism was practised here," says Belgian archaeologist Christian Casseyas as he looks inside a cave halfway up a valley in this site in the Ardennes forest.

The bones in Goyet date from when Neanderthals were nearing the end of their time on earth before being replaced by Homo sapiens, with whom they also interbred.

Once regarded as primitive cavemen driven to extinction by smarter modern humans, studies have found that Neanderthals were actually sophisticated beings who took care of the bodies of the deceased and held burial rituals.

Submission + - Chinese traders charged with insider trading on hacked information (usatoday.com)

schwit1 writes: The suspects in the alleged criminal marriage of cyber-hacking and securities fraud targeted at least seven law firms and other entities that handle the sensitive and often lucrative legal work of advising companies pursuing mergers and acquisitions, according to a 13-count superseding indictment unsealed in New York.

Operating from April 2014 through late 2015, the alleged scheme ultimately gained access to secret information from two law firms about pending corporate deals, prosecutors charged.

The suspects allegedly prized, targeted and gained access to the emails of attorneys directly involved in the deals. Prosecutors charged they exchanged a list of partners who performed such work at one of the firms before hacking into that firm’s computer system.

Using that information, the suspects allegedly bought stocks in the companies involved in the deals, and ultimately sold the investments at a profit when the mergers or acquisitions were announced.

Preet Bharara, the U.S. Attorney for the Southern District of New York, in a formal statement said the allegations spotlight the vulnerability of highly-sensitive law firm records to the efforts of determined cyber criminals.

Submission + - Libreoffice will have new "MUFFIN" UI (documentfoundation.org) 1

iampiti writes: The Document Foundation has announced a new user interface concept for LibreOffice. Users will be able to choose from several toolbar configurations including the "Notebook bar" which is similar to Microsoft Office's ribbon.
According to TDF "The MUFFIN (My User Friendly & Flexible INterface) represents a new approach to UI design, based on the respect of user needs rather than on the imposition of a single UI to all users"

Submission + - sxc: generate C with Common Lisp macros (github.com)

kruhft writes: sxc is an S-Expression based language transpiler that has the feel of C wrapped in parenthesized expressions that compiles to standard C code. This structure allows for the creation of code generation macros using the full power of the host Common Lisp environment, a language designed for operating on S-Expressions, also known as Lists. It is unknown exactly what power might come about from this combination of low level processing with high level code generation. Can you think of any possible uses?

Submission + - Vendor disables user's software for negative review, demands retraction

Submission + - Republican National Committee Security Foiled Russian Hackers (wsj.com)

OverTheGeicoE writes: The Wall Street Journal is reporting that, according to U.S. officials who have been briefed on the attempted intrusion, Russian hackers unsuccessfully tried to penetrate the computer networks of the Republican National Committee using the same techniques that allowed them to infiltrate its Democratic counterpart. (Warning: article may be paywalled.) According to the article, "electronic filters" at RNC blocked phishing e-mails from being delivered to their intended RNC recipient, a former employee. Similar attacks against the Democratic National Committee helped reveal a treasure trove of damaging e-mails.

The article states that the attacks against the RNC were "less aggressive and much less persistent". Why? Was this disparity of effort evidence of Russian bias against the Democrats, or were Republicans simply better protected by superior information security practices?

Submission + - Walt Disney died 50 years ago today (fastcompany.com)

harrymcc writes: On December 15, 1966, Walt Disney died in a Los Angeles hospital, bringing to an end one of the most remarkable careers not only in entertainment, but in business, period. Over at Fast Company, we asked Floyd Norman, who worked with Walt starting in the 1950s, to share his thoughts on the man and his legacy.

Submission + - 37% of Detroit, Michigan, voting machines report more registered votes then cast

Mashiki writes: 37% of Detroit, MI., voting machines reporting more votes then cast after a recount. Detroit went heavily towards Hillary Clinton in the presidential election. Voting irregularities have spurred plans by Michigan Secretary of State Ruth Johnson’s office Elections Director Chris Thomas to investigate state wide for other voting irregularities following the recount which was stopped. State officials are planning to investigate 20 Detroit precincts where voter boxes opened during the recount showed fewer ballots then counted by optical readers. In total nearly 60% of Detroit precincts had vastly different voter totals, with more votes cast then actual ballots in voter boxes. At this time there is no idea how many votes have been added to totals in Detroit.

Submission + - NETGEAR finds more routers vulnerable, pushes emergency patch (securityledger.com)

chicksdaddy writes: Consumer home networking firm NETGEAR has issued an emergency software patch for a serious vulnerability in its home routers, even as the company doubles the list of affected hardware.

The company said on Tuesday (http://kb.netgear.com/000036386/CVE-2016-582384?cid=wmt_netgear_organic) that it is providing a “beta version” of router firmware that addresses an arbitrary command injection vulnerability that was disclosed in firmware used by a number of wireless routers sold to consumers and small businesses. NETGEAR said the software update is still being tested and will only work on three versions of its routers: the R6400, R7000 and R8000. The company also acknowledged that five more routers are affected by the flaw and remain unpatched: the R7900, R7300, R7100LG, R6700 and R6250.

The company said the new firmware has not been fully tested and “might not work for all users.” The company offered it as a “temporary solution” to address the security hole. “NETGEAR is working on a production firmware version that fixes this command injection vulnerability and will release it as quickly as possible,” the company said in a post to its online knowledgebase early Tuesday.

The move follows publication of a warning from experts at Carnegie Mellon on December 9 detailing a serious “arbitrary command injection” vulnerability in the latest version of firmware used by a number of Netgear wireless routers. (https://www.youtube.com/watch?v=kOZs90BGPFk) The security hole could allow a remote attacker to take control of the router by convincing a user to visit a malicious web site. CMU urged NETGEAR customers to stop using affected routers until a fix can be found. (https://www.kb.cert.org/vuls/id/582384)

The vulnerability was discovered by an individual using the handle Acew0rm (@acew0rm1), who says he contacted NETGEAR about the flaw four months ago, and went public with information on it after the company failed to address the issue on its own.

Submission + - Vulnerability in Netgear Wifi Routers Prompts Warning to Stop Using Them (securityledger.com)

chicksdaddy writes: A serious and easy to exploit security hole in the software that runs certain models of wifi routers made by the firm Netgear prompted experts at Carnegie Mellon to urge customers to stop using them until a fix can be found.

The warning comes in a vulnerability note (VU#582384)(https://www.kb.cert.org/vuls/id/582384) published on Friday by Carnegie Mellon University’s CERT. An “arbitrary command injection” vulnerability in the latest version of firmware used by a number of Netgear wireless routers.

The security hole could allow a remote attacker to take control of the router by convincing a user to visit a malicious web site. A proof of concept exploit for the hole was published online (https://www.exploit-db.com/exploits/40889/) on Wednesday by an individual using the handle Acew0rm (@acew0rm1).

Firmware version 1.0.7.2_1.1.93 (and possibly earlier) for the R7000 and version 1.0.1.6_1.0.4 (and possibly earlier) for the R6400 are known to contain the arbitrary command injection vulnerability. CERT cited “community reports” that indicate the R8000, firmware version 1.0.3.4_1.1.2, is also vulnerable.

The warning comes amid increased concern about the security of home routers, following widespread attacks in recent weeks that have targeted the devices in Germany, the UK and other countries.

In statements on Twitter (https://twitter.com/acew0rm1), AceW0rm said that he informed Netgear of the flaw more than four months ago, but did not hear back from the company since then. He released information on the hole as well as proof of concept exploit code.

A search of the public Internet using the Shodan search engine finds around 8,000 R6450 and R7000 devices that can be reached directly from the Internet and that would be vulnerable to takeover attacks. The vast majority of those are located in the United States.

Slashdot Top Deals

I have a theory that it's impossible to prove anything, but I can't prove it.

Working...