Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - DoD Launches Code.mil Open Source Initiative

An anonymous reader writes: The Department of Defense (DoD) has announced the launch of Code.mil, an open source initiative to encourage collaboration between federal programmers and the public on code written in support of federal projects, and to offer code to the public for their use. By inviting the public to review and improve ongoing projects, the DoD hopes to access untapped resources of private citizens while at the same time offering the tools created by government for public use. The federal government also intendsto create a “network of peers” in the developer community, to create a collaborative and connected group that will “share knowledge, and make connections in support of DoD programs that ultimately service our national security.” The project is spearheaded by the Defense Digital Service (DDS), the Pentagon’s digital projects oversight group. GitHub will provide the open source platform where interested parties may review and comment on code written by federal employees for use in a variety of projects.

Submission + - Valve release SteamVR for Linux (gamingonlinux.com)

JustNiz writes: Valve have put up SteamVR for Linux officially in Beta form and they are keen to stress that this is a development release.
You will need to run the latest Steam Beta Client for it to work at all, so be sure to opt-in if you want to play around with it.
VR on Linux will exclusively use Vulkan, so it's going to be a pretty good push for Vulkan if VR becomes more popular.

Submission + - A.T.F. Filled Secret Bank Account With Millions From Shadowy Cigarette Sales (nytimes.com)

schwit1 writes: “Working from an office suite behind a Burger King in southern Virginia, operatives used a web of shadowy cigarette sales to funnel tens of millions of dollars into a secret bank account. They weren’t known smugglers, but rather agents from the Bureau of Alcohol, Tobacco, Firearms and Explosives. The operation, not authorized under Justice Department rules, gave agents an off-the-books way to finance undercover investigations and pay informants without the usual cumbersome paperwork and close oversight, according to court records and people close to the operation.”

Laws and rules are for the little people.

Submission + - NIST: Cybersecurity Framework Webinars

Presto Vivace writes: Cybersecurity Framework Webinars

This webinar introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). NIST will provide a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). Participants will gain an understanding of potential benefits of Framework, and how the Framework can be used. NIST will highlight industry resources, progress in Roadmap areas, and future direction of the Framework program. A Q&A session with participants will follow. ... Cybersecurity Framework Update Webinar On January 10, 2017 NIST released proposed updates to the Cybersecurity Framework. This draft Version 1.1 of the Cybersecurity Framework seeks to clarify, refine, and enhance the Framework. Updates were derived from feedback NIST received since publication of Cybersecurity Framework Version 1.0.

Submission + - Google has demonstrated a successful practical attack against SHA-1 (googleblog.com)

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Submission + - Microsoft: no plans to patch known bugs before March (itwire.com) 1

troublemaker_23 writes: Microsoft says it will not issue any patches for known bugs before its March updates. There are two known remotely exploitable bugs — Google issued details of a bug in the Windows graphic device interface library that can be exploited both locally and remotely to read the contents of a user's memory. Plus a zero-day exploit, one that implements a SMB3 server and affects clients connecting to it was disclosed earlier in February. Microsoft put off its February updates for unknown reasons.

Submission + - EE Drones And Balloons To Beam 4G Signals To Rural Britain

An anonymous reader writes: The UK’s largest mobile network operator EE has unveiled plans to deliver mobile and wireless broadband connectivity to internet blackspots via drones and helium balloons. The company noted that its ‘air mast’ solution will be able to bolster 4G data services in rural locations, at major events, or in areas where natural disasters, such as flooding, have damaged traditional infrastructure. EE CEO Marc Allera said that customers would be able to request a balloon with a mobile signal to hover over a certain area, providing them with an ‘on demand’ data service. ‘What if an event organizer could request a temporary EE capacity increase in a rural area, or a climber going up Ben Nevis could order an EE aerial coverage solution to follow them as they climb?’ said Allera.

Submission + - China Launches Deep Learning Lab For AI Dominance

An anonymous reader writes: China has approved a plan to create a next-generation national laboratory for deep learning. The lab is expected to help China close the gap with Western counterparts in the field of competitive artificial intelligence applications. The National Development and Reform Commission (NDRC) approved plans for a national engineering lab to support the research and development of deep learning technologies. The lab will be online only, without a physical presence. The NDRC commissioned Baidu, the Chinese search engine giant, to create the lab in collaboration with Tsinghua and Beijing Universities, as well as the China Academy of Information and Communications Technology, and the China Electronics Standardization Institute. The project will be led by Baidu’s deep learning institute chief Lin Yuanqing and scientist Xu Wei, along with academics from the Chinese Academy of Sciences, Zhang Bo and Li Wei. Baidu will also provide the deep learning computing, algorithms and big data for the project.

Submission + - Linux Kernel 4.10 Officially Released with Virtual GPU Support

prisoninmate writes: Linux kernel 4.10 is out and it has been in development for the past seven weeks, during which it received a total of seven RC (Release Candidate) snapshots that implemented all the changes that you'll soon be able to enjoy on your favorite Linux-based operating system. Prominent new features include virtual GPU (Graphics Processing Unit) support, new "perf c2c" tool that can be used for analysis of cacheline contention on NUMA systems, support for the L2/L3 caches of Intel processors (Intel Cache Allocation Technology), eBPF hooks for cgroups, hybrid block polling, and better writeback management. A new "perf sched timehist" feature has been added in Linux kernel 4.10 to provide detailed history of task scheduling, and there's experimental writeback cache and FAILFAST support for MD RAID5. More details about these new features can be studied at https://kernelnewbies.org/Linu....

Submission + - Techdirt asks judge to throw out suit over "Inventor of E-mail" (arstechnica.com)

walterbyrd writes: Michael Masnick, who founded the popular Techdirt blog, filed a motion today asking for a defamation lawsuit against him to be thrown out. Masnick was sued last month by Shiva Ayyadurai, a scientist and entrepreneur who claims to have invented e-mail in 1978 at a medical college in New Jersey.

In his motion, Masnick claims that Ayyadurai "is seeking to use the muzzle of a defamation action to silence those who question his claim to historical fame."

Submission + - Your Digital Life Can Be Legally Seized at the Border 3

Toe, The writes: Quincy Larson from freeCodeCamp relates some frightening stories from U.S. citizens entering their own country, and notes that you don't have fourth and fifth amendment rights at the border. People can and have been compelled to give their phone password (or be detained indefinitely) before entering the U.S and other countries. Given what we keep on our phones, he concludes that it is now both easy and legal for customs and border control to access your whole digital life. And he provides some nice insights on how easy it is to access and store the whole thing, how widespread access would be to that data, and how easy it would be for the wrong hands to get on it. His advice: before you travel internationally, wipe your phone or bring/rent/buy a clean one.

Submission + - RSA conference attendees get hacked (esecurityplanet.com)

storagedude writes: Security testing company Pwnie Express scanned Wi-Fi access at the RSA conference and found multiple EvilAP attacks. What's worse, several attendees fell for these dummy Wi-Fi services that spoof well-known brands like Starbucks. The company also found a number of access points using outdated WEP encryption. So much for security pros...

Submission + - Javascript side-channel attack can bypass ASLR

ripvlan writes: A new attack proposed and demonstrated by researchers uses Javascript to do a "simple" attack thereby bypassing all of the security goodness of Address Space Layout Randomization. ASLR is a technique to make sure memory isn't where you expect it to be — thus making Stack overflows and Heap overwrites difficult to implement in a predictable manner.

Researchers showed how a Javascript program can implement a side-channel attack on the Memory Management Unit of any CPU and discover the layout of memory. Their sample can also be injected into a Drive-By attack — thus making future exploits more...eh.. reliable. https://arstechnica.com/securi...

Slashdot Top Deals

The wages of sin are high but you get your money's worth.

Working...