Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Man = 1000 (Score 1) 162

Infinite places does not mean everywhere. This is a common misconception when dealing with infinite sets.

Suppose you have infinite many places, as many as the natural numbers.
You may have infinitely many places numbered by even numbers, while still not have the other, infinitely many, places with odd numbers.

So a more correct translation would be "in many places". But then again, if you are talking about infinite sets, the concept of "many" is also tricky, and leads into questions of set cardinality, aleph numbers, etc. which fortunately is a lot more interesting than the usual Netflix soap operas.

Uh, thanks Lars. Where would we be without iconoclastic pedantry on Slashdot?

Since we're being pedantic, you may wish to learn how to parse the phrase "loosely meaning".

Comment Man = 1000 (Score 1) 162

The Korean "man", which incidentally is actually pronounced with a long "a" to rhyme with the English word "on", is the same as 1,000 but can be translated as "infinite" in many situations. For example, a fountain pen is translated into Korean as a "1,000 year pen" or "man-youn-pil" (see here).

The "bang", which is also pronounced with a long "a" to rhyme with the English word "on", means a "place" or a "room", as others here have noticed.

Thus this word (as with many Korean words) is a portmanteau, in this case loosely meaning "infinite places", which makes the translation to the English word "everywhere" fairly reasonable.

All that said, like most of the posters here, I think this choice of branding is truly hilarious.

Communications

NIST Prepares To Ban SMS-Based Two-Factor Authentication (softpedia.com) 150

An anonymous reader writes: "The U.S. National Institute for Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban of SMS-based Two-Factor Authentication (2FA)," reports Softpedia. The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone number, and because in the case of VoIP connections, SMS messages may be intercepted and not delivered to the phone. The guideline recommends the usage of tokens and software cryptographic authenticators instead. Even biometrics authentication is considered safe, under one condition: "Biometrics SHALL be used with another authentication factor (something you know or something you have)," the guideline's draft reads. The NIST DAG draft reads in part: "If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance."

Comment Entropy Canary (Score 1) 102

I have considered keeping a "Ransomware canary" around. I'm thinking of, say, a Word .doc file on a network drive. A process on some separate computer then checks its entropy on a regular basis, or on file change notification if available, to make sure file entropy has not grown huge.

The idea fails for local files because (as I recall) the more sophisticated ransomware inserts itself as a filesystem driver. That's a likely problem for some of these researchers' heuristics as well.

(Expanding on something I wrote a while ago)

Submission + - Student sues police for fine after refusing Breathalyzer

schwit1 writes: A Michigan high school student who was fined when she refused to take a Breathalyzer test — even though she was only a passenger in the vehicle — has filed a federal lawsuit claiming her constitutional right to be free from unreasonable searches was violated.

The law violates Guthrie’s Fourth Amendment right to be free from unreasonable searches, her Detroit lawyer told NBC News. “Her rights were violated when she was forced to submit to Breathalyzer to prove her innocence,” attorney Mike Rataj said. “That is not how the criminal justice system works. This is a girl who has never been in trouble before and has no criminal history.”

It can be argued that a driver has made a deal with the state, which provides roads and regulates their safe use, and must submit. She however was merely a passenger, and thus any search of her body really does require a warrant, as per the Bill of Rights.

Piracy

Fake Gaming Torrents Download Unwanted Apps Instead of Popular Games (helpnetsecurity.com) 92

Reader Orome1 writes: If you're looking for torrents to download pirated copies of popular games, be extra careful not to be tricked into downloading malicious and unwanted software instead. According to Symantec researchers, who have been trawling popular torrent websites, there's an active distribution campaign going on that delivers potentially unwanted apps posing as torrents for games like Assassin's Creed Syndicate, The Witcher 3, World of Warcraft: Legion, The Walking Dead: Michonne, and several others. At first glance, the torrent does not seem suspicious -- its size is as small as expected from a torrent file. After saying "Yes" to the UAC security dialogue that asks if they are sure they want to allow the program to make changes to the computer, users end up with a file downloaded from a Google Drive -- a file that is considerably larger than a torrent file (around 3.5 MB) and is obviously an executable.
Security

Fiverr Suffers Six-Hour DDoS Attack After Removing DDoS-For-Hire Listings (softpedia.com) 44

Two days after Fiverr, a marketplace for digital services, removed user listings from its website that advertised DDoS-for-hire services, the company's website suffered a six-hour long DDOS attack. Softpedia reports: The incident took place on the morning of May 27 (European timezones), and the service admitted its problems on its Twitter account. At the time of writing, Fiverr has been back up and functioning normally for more than two hours. Fiverr's problems stem from an Incapsula probe that found DDoS-for-hire ads on its marketplace, available for $5. Incapsula reported the suspicious listings to Fiverr, who investigated the issue and removed the ads. Fiverr first removed all listings advertising blatantly illegal DDoS services, but later also removed the ads offering to "test" a website for DDoS "protection" measures.
Security

Genius' Web Annotations Undermined Web Security (theverge.com) 27

New reader BradyDale shares an article on the Verge: Until early May, when The Verge confidentially disclosed the results of my independent security tests, the "web annotator" service provided by the tech startup Genius had been routinely undermining a web browser security mechanism. The web annotator is a tool which essentially republishes web pages in order to let Genius users leave comments on specific passages. In the process of republishing, those annotated pages would be stripped of an optional security feature called the Content Security Policy, which was sometimes provided by the original version of the page. This meant that anyone who viewed a page with annotations enabled was potentially vulnerable to security exploits that would have been blocked by the original site. Though no specific victims have been identified, the potential scope of this bug was broad: it was applied to all Genius users, undermined any site with a Content Security Policy, and re-enabled all blocked JavaScript code. Vijith Assar dives deep into how Genius did this :The primary way Genius annotations are accessed on the web is by adding "genius.it" in front of any URL as a prefix. The genius.it server reads the original content behind the scenes, adds the annotations, and delivers the hybrid content. The Genius version of the page includes a few extra scripts and highlighted passages, but until recently it also eliminated the original page's Content Security Policy. The Content Security Policy is an optional set of instructions encoded in the header of the HTTP connection which tells browsers exactly which sites and servers should be considered safe -- any code which isn't from one of those sites can then be ignored.
Earth

New 'Tunneling' State of Water Molecules Discovered by Scientists (inhabitat.com) 60

MikeChino quotes a report from Inhabitat: Scientists just discovered a new state of water molecules that displays some pretty unexpected characteristics. This discovery, made by researchers at the U.S. Department of Energy's Oak Ridge National Laboratory (ORNL), reveals that water molecules "tunnel" in ultra-small hexagonal channels (measuring only 5 angstrom across) of the mineral beryl. Basically, this means the molecules spread out when they are trapped in confined spaces, taking a new shape entirely. The ORNL used neutron scattering and computational modeling to reveal the "tunneling" state of water that breaks the rules of known fundamentals seen in gas, liquid, or solid state. The researchers said the discovery describes the behavior of water molecules present in tightly confined areas such as cell walls, soils, and rocks. The study was published in Physical Review Letters on April 22.

Slashdot Top Deals

try again

Working...