Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Yahoo Scanning Order Unlikely To Be Made Public: Reuters (reuters.com)

An anonymous reader writes: Obama administration officials briefed key congressional staffers last week about a secret court order to Yahoo that prompted it to search all users’ incoming emails for a still undisclosed digital signature, but they remain reluctant to discuss the unusual case with a broader audience. Executive branch officials spoke to staff for members of the Senate and House of Representatives committees overseeing intelligence operations and the judiciary, according to people briefed on the events, which followed Reuters’ disclosure of the massive search. But attempts by other members of Congress and civil society groups to learn more about the Yahoo order are unlikely to meet with success anytime soon, because its details remain a sensitive national security matter, U.S. officials told Reuters. Release of any declassified version of the order is unlikely in the foreseeable future, the officials said. The decision to keep details of the order secret comes amid mounting pressure on the U.S. government to be more transparent about its data-collection activities ahead of a congressional deadline next year to reauthorize some foreign intelligence authorities. On Tuesday, more than 30 advocacy groups will send a letter to Director of National Intelligence James Clapper asking for declassification of the Yahoo order that led to the search of emails last year in pursuit of data matching a specific digital symbol. The groups say that Title I of the Foreign Intelligence Surveillance Act, under which sources said the order was issued, requires a finding that the target of such a wiretap is probably an agent of a foreign power and that the facility to be tapped is probably going to be used for a transmission. An entire service, such as Yahoo, has never publicly been considered to be a “facility” in such a case: instead, the word usually refers to a phone number or an email account.

Submission + - Strange signals from star survey may be evidence of intelligent life (iop.org)

Okian Warrior writes: A recent paper reporting on strange artifacts in the spectra of 234 stars is raising eyebrows in the Astronomical community.

A Fourier transform analysis of 2.5 million spectra in the Sloan Digital Sky Survey was carried out to detect periodic spectral modulations. Signals having the same period were found in only 234 stars overwhelmingly in the F2 to K1 spectral range. The signals cannot be caused by instrumental or data analysis effects because [various reasons...]

Finally, we consider the possibility, predicted in a previous published paper, that the signals are caused by light pulses generated by ETI to makes us aware of their existence. We find that the detected signals have exactly the shape of an ETI signal predicted in the previous publication and are therefore in agreement with this hypothesis. The fact that they are only found in a very small fraction of stars within a narrow spectral range centered near the spectral type of the Sun is also in agreement with the ETI hypothesis. However, at this stage, this hypothesis needs to be confirmed with further work.

Submission + - Viewing a Malicious JPEG Can Lead to Code Execution on iPhones

Trailrunner7 writes: Apple has patched several vulnerabilities in iOS that could lead to arbitrary code execution, including a handful of memory corruption bugs and a flaw that enables an attacker to use a malicious JPEG file to run arbitrary code.

The release of iOS 10.1 includes patches for 13 vulnerabilities, many of which can be used for arbitrary code execution. The most intriguing of those flaws is CVE-2016-4673, a bug in the Core Graphics component of iOS. Core Graphics is a framework used to handle drawing and images, and researchers from the Keen Lab in China discovered an issue with the way the framework handles JPEG files.

Submission + - Rowhammer Attack Can Now Root Android Devices (softpedia.com)

An anonymous reader writes: Researchers have discovered a method to use the Rowhammer RAM attack for rooting Android devices. For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack.

The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable. The research team says the Drammer attack has far more wide-reaching implications than just Android, being able to exploit any device running on ARM chips.

In the past, researchers have tested the Rowhammer attack against DDR3 and DDR4 memory cards, weaponized it via JavaScript, took over PCs via Microsoft Edge, and hijacked Linux virtual machines. There's an app to test if your phone is vulnerable to this attack.

Submission + - Electronic surveillance up 500% in D.C.area since 2011, almost all sealed cases (washingtonpost.com)

schwit1 writes: Secret law enforcement requests to conduct electronic surveillance in domestic criminal cases have surged in federal courts for Northern Virginia and the District, but only one in a thousand of the applications ever becomes public, newly released data show.

The bare-bones release by the courts leaves unanswered how long, in what ways and for what crimes federal investigators tracked individuals’ data and whether long-running investigations result in charges.

In Northern Virginia, electronic surveillance requests increased 500 percent in the past five years, from 305 in 2011 to a pace set to pass 1,800 this year.

Only one of the total 4,113 applications in those five years had been unsealed as of late July, according to information from the Alexandria division of the U.S. District Court for the Eastern District of Virginia, which covers northern Virginia.

Submission + - Linux Kernel 4.7 Reaches End of Life, Users Urged to Move to Linux 4.8

prisoninmate writes: The Linux 4.7 kernel branch officially reached end of life, and it has already been marked as EOL on the kernel.org website, which means that the Linux kernel 4.7.10 maintenance update is the last one that will be released for this branch. It also means that you need to either update your system to the Linux 4.7.10 kernel release or move to a more recent kernel branch, such as Linux 4.8. In related news, Linux kernel 4.8.4 is now the latest stable and most advanced kernel version, which is already available for users of the Solus and Arch Linux operating systems, and it's coming soon to other GNU/Linux distributions powered by a kernel from the Linux 4.8 series. Users are urged to update their systems as soon as possible.

Submission + - Would redundancy and really long TTL have countered a lot of DDOS effects? (medium.com) 1

marmot7 writes: My primary takeaways from this article was that it's important to have redundancy (additional NS's) and that it's important to have a very long TTL when you're not actively updating something. Would the measures in this article have at least limited the damage of these attacks? The long TTL change alone would have made the cache likely covered the entire attack, right?

Submission + - SPAM: Attempts to Frame Assange as a Pedophile and Russian spy 1

Okian Warrior writes: Earlier today the website DailyKos reported on a smear campaign plot to falsely accuse Julian Assange of pedophilia. An unknown entity posing as an internet dating agency prepared an elaborate plot to falsely claim that Julian Assange received US$1M from the Russian government and a second plot to frame him sexually molesting an eight year old girl.

Here is the description of the plot from Mr Assange’s legal team.

Link to Original Source

Submission + - Samsung SSD 960 Pro NVMe SSD Launched, Fastest Consumer SSD In Benchmarks (hothardware.com)

MojoKid writes: Samsung announced its latest, consumer-class NVMe M.2 based SSD 960 Pro solid state drive a few weeks back but today marks the official launch of the product. Samsung's new drive is an absolute beast with peak transfer speeds in the 3.5GB/s range and ultra-high endurance ratings too. The Samsung SSD 960 PRO NVMe M.2 series tested here will be offered in three capacities: 512GB, 1TB, and a beefy 2TB. All of the drives have the same M.2 (2280) "gumstick" form factor and offer peak read bandwidth of 3.5GB/s with 2.1GB/s writes, while their max IOPS ratings vary at higher queue depths, as do endurance ratings, which start at 400TBW (Terabytes Written) and scale to 1200TBW for the 2TB drive. At about $.63 — $.65 per GiB, they aren't the cheapest NVMe drives on the market (the 512GB drive drops in at $329) but the new SSD 960 Pro is definitely the fastest consumer SSD currently as benchmark testing clearly proves out.

Submission + - Quantum Research Achieves 10-Fold Boost In Superposition Stability

An anonymous reader writes: A team of Australian researchers has developed a qubit offering ten times the stability of existing technologies. The computer scientists claim that the new innovation could significantly increase the reliability of quantum computing calculations. The new technology, developed at the University of New South Wales (UNSW), has been named a ‘dressed’ quantum bit as it combines a single atom with an electromagnetic field. This process allows the qubit to remain in a superposition state for ten times longer than has previously been achieved. The researchers argue that this extra time in superposition could boost the performance stability of quantum computing calculations. Previously fragile and short-lived, retaining a state of superposition has been one of the major barriers to the development of quantum computing. The ability to remain in two states simultaneously is the key to scaling and strengthening the technology further.

Submission + - Acer updates Chromebook 15 with 12-hour battery life -- $199 at Walmart (betanews.com)

An anonymous reader writes: One of the most attractive aspects of Chromebooks is price — they are often quite affordable. Today, Acer refreshes its 15.6 inch Chromebook 15 with a mind-boggling 12 hours of battery life. Best of all? It starts at $199. Yes, this model will get Android app support in a future update too.

Submission + - Wikileaks precommits mean a big drop is coming, not that Assange is dead. (gizmodo.com)

argStyopa writes: Wikileaks has issued 3 precommits, which are crypto 'signatures' meant to confirm later data is genuine. This is likely tied to their post:
"Julian Assange's internet link has been intentionally severed by a state party. We have activated the appropriate contingency plans."
It should be taken as implied that either these precommits are in advance of an important dump, or simply as a preventative against more state-level attacks on their releases.

Submission + - FTC Shuts Down $9 Million Phone Fraud Ring

Trailrunner7 writes: The FTC has shut down a phone fraud scam that involved scammers calling consumers–mostly elderly and on fixed incomes–and pressuring them to invest in web sites that supposedly had ties to large companies, promising quick returns. The scheme allegedly netted the scammers more than $9 million.

The scheme involved six companies that the FTC alleges were owned and operated by three defendants, Susan Rodriguez, Matthew Rodriguez and William Whitley. The commission alleges that the defendants would call consumers unsolicited and try to convince them to hand over money for an investment in e-commerce sites that supposedly had links to large, legitimate sites such as Amazon.

“The details of the offer differ, but Defendants routinely describe it as an offer to purchase or invest in e-commerce websites, or websites that direct traffic to e-commerce websites such as Amazon.com. Defendants’ telemarketers typically promise consumers that they will earn money based on sales at the e-commerce websites and/or traffic through their websites to the e-commerce websites. Defendants promise consumers substantial returns or income, such as hundreds or thousands of dollars every quarter,” the FTC complaint says.

Submission + - Backdoor Found in Foxconn Android Firmware (threatpost.com)

msm1267 writes: A leftover factory debugger in Android firmware made by Taiwanese electronics manufacturer Foxconn can be flipped into a backdoor by an attacker with physical access to a device.

The situation is a dream for law enforcement or a forensics outfit wishing to gain root access to a targeted device. Android researcher Jon Sawyer on Wednesday publicly disclosed the situation, which he’s called Pork Explosion as a swipe at what he calls overhyped and branded vulnerabilities.

“As a physical threat, it’s bad; game over,” Sawyer said. “It’s easy to do and you get complete code execution on the device, even if it’s encrypted or locked down. It’s exactly what a forensics company or law enforcement officials would love to have.”

The backdoor was found in a bootloader built by Foxconn, Sawyer said. Foxconn builds phones and some low level software for firmware. Two vendors’ devices have been impacted so far—InFocus’ M810 and Nextbit’s Robin phones—but Sawyer cautioned that there are likely more.

Slashdot Top Deals

Do not simplify the design of a program if a way can be found to make it complex and wonderful.