Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Researcher find D-Link DWR-932 router is "chock full of holes"

JustAnotherOldGuy writes: Security researcher Pierre Kim has unearthed a bucketload of vulnerabilities in the LTE router/portable wireless hotspot D-Link DWR-932. Kim found the latest available firmware has these vulnerabilities:

- Two backdoor accounts with easy-to-guess passwords that can be used to bypass the HTTP authentication used to manage the router
- A default, hardcoded Wi-Fi Protected Setup (WPS) PIN, as well as a weak WPS PIN generation algorithm
- Multiple vulnerabilities in the HTTP daemon
- Hardcoded remote Firmware Over The Air credentials
- Lowered security in Universal Plug and Play, and more.

“At best, the vulnerabilites are due to incompetence; at worst, it is a deliberate act of security sabotage from the vendor,” says Kim, and advises users to stop using the device until adequate fixes are provided.

Submission + - SpaceX Test Fires First Raptor Engine (techcrunch.com)

Thelasko writes: Elon Musk is preparing to unveil his plans to colonize Mars at IAC tomorrow. As a tease to his lecture, he has released some details about the Raptor engine on Twitter, including pictures.

Mr. Musk states that, "Production Raptor coal is specific impulse of 382 seconds and thrust of 3 MN (~310 metric tons) at 300 bar." He goes on to note that the specific impulse spec is at Mars ambient pressure.

Submission + - OpenSSL Patches Bug Created by Patch From Last Week

Trailrunner7 writes: Four days after releasing a new version that fixed several security problems, the OpenSSL maintainers have rushed out another version that patches a vulnerability introduced in version 1.1.0a on Sept. 22.

Last week, OpenSSL patched 14 security flaws in various versions of the software, which is the most widely used toolkit for implementing TLS. One of the vulnerabilities fixed in that release was a low-risk bug related to memory allocation in tls_get_message_header.

The problem is, the patch for that vulnerability actually introduced a separate critical bug. The new vulnerability, which is fixed in version 1.1.0b, only affected version 1.1.0a, but it can lead to arbitrary code execution.

Submission + - Brian Krebs is back online, with Google Cloud Hosting (krebsonsecurity.com)

Gumbercules!! writes: After the massive 600mbps DDOS on http://krebsonsecurity.com/ last week that forced Akamai to withdraw the (pro-bono) DDOS protection they offered the site, krebsonsecurity.com is now back online, hosted by Google.

Following Brian Krebs breaking an article on vDOS (https://developers.slashdot.org/story/16/09/08/2050238/israeli-ddos-provider-vdos-earned-600000-in-two-years), leading to the arrest of the two founders, his site was hit with a record breaking DDOS. It will certainly be an interesting test of Google's ability to provide DDOS protection to clients.

Submission + - Ex-NSA Official: The Horse is Out of the Barn on Government Crypto Control

Trailrunner7 writes: Controlling the development and deployment of strong encryption may have once been a possibility for intelligence and law enforcement agencies, but those days have passed and will not return, current and former U.S. intelligence officials said Tuesday.

“The scar tissue from the 1990s makes it hard today to align these interests. We’ve spent a lot of time looking over our shoulders about what we did in the Nineties, a la the Clipper Chip, and too little time looking forward, Chris Inglis, former deputy director of the NSA and a visiting professor at the United States Naval Academy, said during a panel discussion at the CIA’s Conference on the Ethos and Profession of Intelligence Tuesday.

“If we allow this to be deferred to market forces then diverse markets will have a variety of responses. How do we achieve the and property as opposed to the or property? The horse is out of the barn if you say you absolutely want to control it.”

Submission + - Scientists Use Quantum Teleportation to Send Encrypted Messages (discovermagazine.com)

Flash Modin writes: Two teams of scientists have taken quantum teleportation from the lab into the real world. Researchers in Calgary, Canada, and Hefei, China, used existing fiber optics networks to transmit small units of information across cities via quantum entanglement — Einstein’s “spooky action at a distance.”

A few experiments in the lab had previously managed to send information using quantum entanglement. But translating their efforts to the real world, where any number of factors could confound the process is a much more difficult challenge. That’s exactly what these two teams of researchers have done. Their breakthrough, published in two separate papers today in Nature Photonics, promises to offer important advancements for communications and encryption technologies.

This isn’t teleportation in the “Star Trek” sense — the photons aren’t disappearing from one place and appearing in another. Instead, it’s the information that’s being teleported through quantum entanglement.

Submission + - NYPD Says Talking About Its IMSI Catchers Would Make Them Vulnerable To Hacking (vice.com)

An anonymous reader writes: Typically, cops don't like talking about IMSI catchers, the powerful surveillance technology used to monitor mobile phones en masse. In a recent case, the New York Police Department (NYPD) introduced a novel argument for keeping mum on the subject: Asked about the tools it uses, it argued that revealing the different models of IMSI catchers the force owned would make the devices more vulnerable to hacking. The New York Civil Liberties Union (NYCLU), an affiliate of the ACLU, has been trying to get access to information about the NYPD’s IMSI catchers under the Freedom of Information Law. These devices are also commonly referred to as “stingrays”, after a particularly popular model from Harris Corporation. Indeed, the NYCLU wants to know which models of IMSI catchers made by Harris the police department has. “Public disclosure of this information, and the amount of taxpayer funds spent to buy the devices, directly advances the Freedom of Information Law’s purpose of informing a robust public debate about government actions,” the NYCLU writes in a court filing. The group has requested documents that show how much money has been spent on the technology. After the NYPD withheld the records, the FOI request was escalated to a lawsuit, which is where the NYPD’s strange argument comes in (among others). “Public disclosure of the specifications of the CSS [cell site simulator] technologies in NYPD's possession from the Withheld Records would make the software vulnerable to hacking and would jeopardize NYPD's ability to keep the technologies secure,” an affidavit from NYPD Inspector Gregory Antonsen, dated August 17, reads. Antonsen then imagines a scenario where a “highly sophisticated hacker” could use their knowledge of the NYPD's Stingrays to lure officers into a trap and ambush them.

Submission + - Working Round The 'Big Data Bottleneck' In Modern CPUs (thestack.com)

An anonymous reader writes: Modern CPU architecture is built to retrieve large chunks of data, to limit the number of time-consuming journeys between the central controller and the location of the data in memory banks. When you're fetching the first data block of a picture for Photoshop, bringing along the adjacent block makes sense, because you're probably going to need it. But when you're making ten calls to a 'sparse' dataset, where each of the items you want is resident in different memory allocation, and none of them have any relevant adjacent data, the architecture is fighting the intention.

Researchers from MIT have addressed the problem by creating a C++ extension that gathers these requests into one queue for each core, and then forces the cores to swap and negotiate which requests they can most efficiently handle for the minimum number of journeys to memory. In earluy tests, access to sparse datasets has been increased by up to four times using this method, and promises even greater increases with a dedicated architecture. Contributing researcher Vladimir Kiriansky explains why the teams called the extension 'Milk', and why the name also explains the challenge: "It’s as if, every time you want a spoonful of cereal, you open the fridge, open the milk carton, pour a spoonful of milk, close the carton, and put it back in the fridge."

Submission + - NYC Threatens To Sue Verizon Over FiOS Shortfalls (arstechnica.com)

An anonymous reader writes: New York City officials yesterday notified Verizon that the company is in default of an agreement to bring fiber connections to all households in the city and could file a lawsuit against the company. The road to a potential lawsuit has been a long one. In June 2015, New York released an audit that found Verizon failed to meet a commitment to extend FiOS to every household in the five boroughs by June 2014. City officials and Verizon have been trying to resolve the matter since then with no success, as Verizon says that it hasn't actually broken the agreement. The default letter (full text) sent yesterday by the city Department of Information Technology & Telecommunications (DoITT) says Verizon has failed to pass all residential buildings in the city with fiber. As of October 2015, there were at least 38,551 addresses where Verizon hadn't fulfilled installation service requests that were more than a year old, the letter said. "Moreover, Verizon improperly reduced, from $50 million to $15 million, the performance bond required [by] the Agreement on the basis of Verizon's incorrect representations that Verizon had met the prescribed deployment schedule, when in fact it had not," the letter said. City officials demanded that Verizon restore the bond and wants a response within 30 days. The default letter also accuses Verizon of failing to make records related to its provision of cable service available to the city during its audit. "Officials say they could sue Verizon unless the carrier shows clear plans for stepping up installations," and that the notice is the first step in that process, The Wall Street Journal reported. The citywide fiber agreement lets NYC seek monetary damages from Verizon if it fails to deliver on the fiber promises.

Submission + - WikiLeaks drops latest Guccifer 2.0 data on Hillary Clinton, DNC, Democrats (smh.com.au)

SonicSpike writes: WikiLeaks has published what purports to contain "new" Democratic Party documents hacked by the Guccifer 2.0 hacker.

The organisation posted a tweet at around 9am on Wednesday Sydney time, with links that promised access to 678.4 megabytes of new "DNC documents".

Initial images of what appeared to be presentation slides show information about databases used for voter identification and turnout efforts.

Other slides discuss the outcome of past get-out-the-vote campaigns.

Democratic presidential candidate Hillary Clinton was US secretary of state when WikiLeaks released hundreds of thousands of State Department emails in 2010.

The latest document dump comes after an earlier tranche of emails, reportedly hacked by Guccifer 2.0, prompted the resignation of politicians within the Democratic Party on the eve of the party's convention.

Submission + - SPAM: XKCD's Take on Global Warming

cakiwi writes: XKCD has created a handy chart to show people who say "Climate has changed before".

Submission + - Firefox 49 Postponed One Week Due to Unexpected Bugs (softpedia.com)

An anonymous reader writes: Mozilla has announced this week that it is delaying the release of Firefox 49 for one week to address two unexpected bugs. Firefox 49, which was set for release on Tuesday, September 13, will now launch the following Tuesday, on September 20.

Work on fixing the two issues is ongoing. The first is a problem with a slow browser script, which is also the most time-consuming issue since the Mozilla team needs around a week of telemetry data to evaluate the fix. This is also the primary reason they've delayed Firefox 49 in the first place. The second problem relates to loading Giphy GIF images on Twitter, which open in a new blank page instead of the Giphy URL. This issue was first detected in Firefox 49 Beta releases.

Firefox 49 is an important release in Mozilla's grand scheme of things when it comes to Firefox. This is the version when Mozilla will finish multi-process support rollout (a.k.a. e10s, or Electrolysis), and the version when Firefox launches the new WebExtensions API that replaces the old Add-ons API, making Firefox compatible with Chromium extensions.

Submission + - China Tests Quantum Radar That Detects Stealth Aircrafts (defenseworld.net)

William Robinson writes: According to some reports, China has tested its first single photon detection technology quantum radar which could detect objects, including stealth aircraft, within the range of 100 kilometres, somewhere is mid August. The radar uses quantum entanglement photons, which means it has better detection capabilities than conventional systems. This means it can more easily track modern aircraft that use stealth technology or baffle enemy radar. The report also suggests that "The system was able to detect a target at a range of 100 kms in a real-world environment".

Submission + - Dissecting a frame of DOOM

An anonymous reader writes: An article takes us through the process of rendering one frame of DOOM (2016). The game released earlier this year uses the Vulkan API to push graphics quality and performance at new levels.
The article shades light on rendering techniques, mega-textures, reflection computation... all the aspects of a modern game engine.

Submission + - Why Intel Kaby Lake And AMD Zen Will Only Be Optimized On Windows 10 (hothardware.com)

MojoKid writes: There was quite a stir caused recently when it was determined that Microsoft would only be fully supporting Intel's Kaby Lake and AMD's Zen next-generation processor microarchitectures with Windows 10. It's easy to dismiss the decision as pure marketing move, but there's more to consider and a distinction to be made between support and compatibility. The decision means future updates and optimizations that take advantage of the latest architectural enhancements in these new processors won't be made for older OS versions. Both of these microarchitectures have new features that require significant updates to Windows 10 to optimally function. Kaby Lake has updates to Intel's Speed Shift technology that make it possible to change power states more quickly than Skylake, for example. Then there's Intel's Turbo Boost 3.0, which is only baked natively into Windows 10 Redstone 1. For an operating system to optimally support AMD's Zen-based processors, major updates are likely necessary as well. Zen has fine-grained clock gating with multi-level regions throughout the chip, in addition to newer Simultaneous Multi-Threading technology for AMD chips. To properly leverage the tech in Zen, Microsoft will likely have to make updates to the Windows kernel and system scheduler, which is more involved than a driver update. Of course, older versions of Windows and alternative operating systems will still install and run on Kaby Lake and Zen. They are X86 processors, after all.

Slashdot Top Deals

What this country needs is a dime that will buy a good five-cent bagel.

Working...