Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - A.T.F. Filled Secret Bank Account With Millions From Shadowy Cigarette Sales (nytimes.com)

schwit1 writes: “Working from an office suite behind a Burger King in southern Virginia, operatives used a web of shadowy cigarette sales to funnel tens of millions of dollars into a secret bank account. They weren’t known smugglers, but rather agents from the Bureau of Alcohol, Tobacco, Firearms and Explosives. The operation, not authorized under Justice Department rules, gave agents an off-the-books way to finance undercover investigations and pay informants without the usual cumbersome paperwork and close oversight, according to court records and people close to the operation.”

Laws and rules are for the little people.

Submission + - NIST: Cybersecurity Framework Webinars

Presto Vivace writes: Cybersecurity Framework Webinars

This webinar introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). NIST will provide a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). Participants will gain an understanding of potential benefits of Framework, and how the Framework can be used. NIST will highlight industry resources, progress in Roadmap areas, and future direction of the Framework program. A Q&A session with participants will follow. ... Cybersecurity Framework Update Webinar On January 10, 2017 NIST released proposed updates to the Cybersecurity Framework. This draft Version 1.1 of the Cybersecurity Framework seeks to clarify, refine, and enhance the Framework. Updates were derived from feedback NIST received since publication of Cybersecurity Framework Version 1.0.

Submission + - Google has demonstrated a successful practical attack against SHA-1 (googleblog.com)

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Submission + - Microsoft: no plans to patch known bugs before March (itwire.com) 1

troublemaker_23 writes: Microsoft says it will not issue any patches for known bugs before its March updates. There are two known remotely exploitable bugs — Google issued details of a bug in the Windows graphic device interface library that can be exploited both locally and remotely to read the contents of a user's memory. Plus a zero-day exploit, one that implements a SMB3 server and affects clients connecting to it was disclosed earlier in February. Microsoft put off its February updates for unknown reasons.

Submission + - EE Drones And Balloons To Beam 4G Signals To Rural Britain

An anonymous reader writes: The UK’s largest mobile network operator EE has unveiled plans to deliver mobile and wireless broadband connectivity to internet blackspots via drones and helium balloons. The company noted that its ‘air mast’ solution will be able to bolster 4G data services in rural locations, at major events, or in areas where natural disasters, such as flooding, have damaged traditional infrastructure. EE CEO Marc Allera said that customers would be able to request a balloon with a mobile signal to hover over a certain area, providing them with an ‘on demand’ data service. ‘What if an event organizer could request a temporary EE capacity increase in a rural area, or a climber going up Ben Nevis could order an EE aerial coverage solution to follow them as they climb?’ said Allera.

Submission + - China Launches Deep Learning Lab For AI Dominance

An anonymous reader writes: China has approved a plan to create a next-generation national laboratory for deep learning. The lab is expected to help China close the gap with Western counterparts in the field of competitive artificial intelligence applications. The National Development and Reform Commission (NDRC) approved plans for a national engineering lab to support the research and development of deep learning technologies. The lab will be online only, without a physical presence. The NDRC commissioned Baidu, the Chinese search engine giant, to create the lab in collaboration with Tsinghua and Beijing Universities, as well as the China Academy of Information and Communications Technology, and the China Electronics Standardization Institute. The project will be led by Baidu’s deep learning institute chief Lin Yuanqing and scientist Xu Wei, along with academics from the Chinese Academy of Sciences, Zhang Bo and Li Wei. Baidu will also provide the deep learning computing, algorithms and big data for the project.

Submission + - Linux Kernel 4.10 Officially Released with Virtual GPU Support

prisoninmate writes: Linux kernel 4.10 is out and it has been in development for the past seven weeks, during which it received a total of seven RC (Release Candidate) snapshots that implemented all the changes that you'll soon be able to enjoy on your favorite Linux-based operating system. Prominent new features include virtual GPU (Graphics Processing Unit) support, new "perf c2c" tool that can be used for analysis of cacheline contention on NUMA systems, support for the L2/L3 caches of Intel processors (Intel Cache Allocation Technology), eBPF hooks for cgroups, hybrid block polling, and better writeback management. A new "perf sched timehist" feature has been added in Linux kernel 4.10 to provide detailed history of task scheduling, and there's experimental writeback cache and FAILFAST support for MD RAID5. More details about these new features can be studied at https://kernelnewbies.org/Linu....

Submission + - Techdirt asks judge to throw out suit over "Inventor of E-mail" (arstechnica.com)

walterbyrd writes: Michael Masnick, who founded the popular Techdirt blog, filed a motion today asking for a defamation lawsuit against him to be thrown out. Masnick was sued last month by Shiva Ayyadurai, a scientist and entrepreneur who claims to have invented e-mail in 1978 at a medical college in New Jersey.

In his motion, Masnick claims that Ayyadurai "is seeking to use the muzzle of a defamation action to silence those who question his claim to historical fame."

Submission + - Your Digital Life Can Be Legally Seized at the Border 3

Toe, The writes: Quincy Larson from freeCodeCamp relates some frightening stories from U.S. citizens entering their own country, and notes that you don't have fourth and fifth amendment rights at the border. People can and have been compelled to give their phone password (or be detained indefinitely) before entering the U.S and other countries. Given what we keep on our phones, he concludes that it is now both easy and legal for customs and border control to access your whole digital life. And he provides some nice insights on how easy it is to access and store the whole thing, how widespread access would be to that data, and how easy it would be for the wrong hands to get on it. His advice: before you travel internationally, wipe your phone or bring/rent/buy a clean one.

Submission + - RSA conference attendees get hacked (esecurityplanet.com)

storagedude writes: Security testing company Pwnie Express scanned Wi-Fi access at the RSA conference and found multiple EvilAP attacks. What's worse, several attendees fell for these dummy Wi-Fi services that spoof well-known brands like Starbucks. The company also found a number of access points using outdated WEP encryption. So much for security pros...

Submission + - Javascript side-channel attack can bypass ASLR

ripvlan writes: A new attack proposed and demonstrated by researchers uses Javascript to do a "simple" attack thereby bypassing all of the security goodness of Address Space Layout Randomization. ASLR is a technique to make sure memory isn't where you expect it to be — thus making Stack overflows and Heap overwrites difficult to implement in a predictable manner.

Researchers showed how a Javascript program can implement a side-channel attack on the Memory Management Unit of any CPU and discover the layout of memory. Their sample can also be injected into a Drive-By attack — thus making future exploits more...eh.. reliable. https://arstechnica.com/securi...

Submission + - Kim Jong-nam, Kim Jong-un's half brother, dead after apparent assassination (bbc.com)

edx93 writes: According to the WSJ (likely paywalled. Click here for non-paywalled story):

North Korean leader Kim Jong Un’s estranged half-brother Kim Jong Nam was killed under mysterious circumstances in Malaysia, the South Korean government and Malaysian police said, eliminating a reform-minded member of the dynasty who was once considered next in line to rule the isolated country.

Kim Jong Nam was apparently attacked on Monday in the departures area of Kuala Lumpur International Airport 2, where he was boarding a flight to Macau, said the state police chief, Abdul Samah Mat. It was unclear who was behind the attack.

“His head was wrapped in cloth believed to contain some kind of a liquid,” Mr. Abdul Samah said. He said an unidentified woman was reported to be near Kim Jong Nam at the time of the incident, and that the woman’s whereabouts weren’t known.

The victim was pronounced dead en route to a nearby hospital, and an investigation and autopsy were under way, police officials said.

South Korea’s Ministry of Unification confirmed the murder of Kim Jong Nam at a press briefing on Wednesday, adding that Seoul was working with the Malaysian government on the case.


Submission + - Senators Request Details on Trump's Smartphone Security (securityweek.com)

wiredmikey writes: Two US senators have requested details on President Donald Trump's smartphone security, saying he could jeopardize national secrets if he is still using his old handset, as some reports say.

"Did Trump receive a secured, encrypted smartphone for his personal use on or before Jan. 20? If so, is he using it?," said a tweet Tuesday by Senator Tom Carper, who along with fellow Democrat Claire McCaskill released a letter to the administration requesting information on the president's device. The lawmakers said they were concerned by reports that Trump was still using an Android device that may be several years old for his frequent personal Twitter messages.

The New York Times reported last month that while Trump had received a new, secure device after his inauguration, he still relied on his older device despite protests from aides.

Submission + - H-1b Reduced Computer Programmer Employment By Up To 11%, Study Finds (marketwatch.com)

An anonymous reader writes: There would have been up to 11% more computer science jobs at wages up to 5% higher were it not for the immigration program that brings in foreign high-skilled employees, a new study finds. The paper — by John Bound and Nicolas Morales of the University of Michigan and Gaurav Khanna of the University of California, San Diego — was conducted by studying the economy between 1994 and 2001, during the internet boom. It was also a period where the recruitment of so-called H-1B labor was at or close to the cap and largely before the onset of the vibrant IT sector in India. In 2001, the number of U.S. computer scientists was between 6.1%-10.8% lower and wages were between 2.6% and 5.1% lower. Of course, there also were beneficiaries — namely consumers and employers. Immigration lowered prices by between 1.9% and 2.4%, and profits increased as did the total number of IT firms.

Slashdot Top Deals

"Engineering meets art in the parking lot and things explode." -- Garry Peterson, about Survival Research Labs

Working...