Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Hackers selling NSA surveillance tools?

sittingnut writes: As Foreign Policy (pay walled),RT, and others, have reported, a "group calling itself “The Shadow Brokers” is claiming to have penetrated the National Security Agency," stolen some of its surveillance tools, and is auctioning off the files to the highest bidder in Bitcoin (reportedly pricing them at half a billion dollars.
"The authenticity of the files cannot be confirmed but appear to be legitimate, according to security researchers who have studied their content. ...The NSA did not answer Foreign Policy’s questions about the alleged breach on Monday."
"In a Twitter message to Foreign Policy, Guccifer 2.0 called the Shadow Broker dump “bullshit”"

Submission + - Google Launches Video Calling App Duo For Android And iOS

An anonymous reader writes: Google today launched Google Duo, a one-to-one video calling app for Android and iOS. You can download Duo from Google Play and Apple’s App Store though you may have to wait a bit as this is a gradual rollout — “it will be live worldwide in the next few days.” Duo is mobile-only, was built to be very fast thanks to Web Real-Time Communication (WebRTC), and “takes the complexity out of video calling,” according to principal software engineer Justin Uberti. Duo promises fewer dropped calls, and even supports handing off calls to and from Wi-Fi and cellular connections.

Submission + - Banks still not sanitizing user input.

BarbaraHudson writes: Recently I tried once again to use my bank's mobile app. I had deleted it a couple of times in the past because I could never get it to work. The bank had all sorts of excuses — "Maybe your card hasn't been activated for online banking", "You need to download the latest version", "We'll need to reset your password", "We'll issue you a new card", etc. New card, password reset both did nothing.

Turns out that entering the card number as shown on the card will never work. The card format is 9999 9999 9999 9999 (spaces between each group of 4 digits). They failed Rule 00; sanitize input.

Entering the number in that format will always fail. In this case they failed to remove spaces before testing whether the card number was valid. The android code to remove the embedded spaces is pretty generic one-liner:

String cardNo = edittext.getText().toString().replace(" ", "");

Looking at the online forums, others have had the same problem for the app's entire existence.

Having figured that out, I was immediately locked out for "too many failures to answer the security question". Of course, it never presented a security question, because the bozo who wrote the program incremented some "bad answer" counter on every login attempt, even if they never got to the point of seeing a security question. It also locks you out of using web banking on the same account..

Locking someone out of their account is now easy as pie, because it also works if the user enters their name instead of their card number. (If you have 5 John Smiths, you'll lock them all out, since access is granted based on both the user name and password matching if the account number isn't entered). Just load up an android app for the bank (I won't disclose which bank until 45 days have passed since notifying them today), enter their name and a bogus password a few times, and every John Smith is locked out. And of course, if the so-called developers are failing to do such basic input sanitation, it makes me pretty sure there are other intern-level programmer bugs are awaiting exploitation elsewhere.

Adding frustration is that they cannot do a password reset over the phone unless you have already signed up for telephone banking. Now why would anyone sign up for telephone banking when an app or the web is supposed to be more convenient? The excuse I was given is that they need it to establish my identity. So why not just text me an sms or email code that I can enter when requesting a password reset?

Lets hope other banks didn't use the same app geniuses.

Submission + - DNC Creates 'Cybersecurity Board' Without Any Cybersecurity Experts (

An anonymous reader writes: The Democratic National Committee has created a "cybersecurity advisory board" to improve its cybersecurity and to "prevent future attacks." Politico reports: "'To prevent future attacks and ensure that the DNC's cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field,' interim DNC Chairwoman Donna Brazile wrote in a memo. 'The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces — today and in the future.' Members include Rand Beers, former Department of Homeland Security acting secretary; Nicole Wong, former deputy chief technology officer of the U.S. and a former technology lawyer for Google and Twitter; Aneesh Chopra, co-founder of Hunch Analytics and former chief technology officer of the U.S.; and Michael Sussmann, a partner in privacy and data security at the law firm Perkins Coie and a former Justice Department cybercrime prosecutor." What's surprising is that none of these members are cybersecurity experts. Techdirt reports: "If the goal of the board was to advise on cybersecurity policy, then the makeup of it is at least slightly more understandable, but that's not goal. It's to actually improve the cybersecurity of the DNC. Even if the goal were just policy, having someone with actual technology experience with cybersecurity would be sensible."

Submission + - 1.4 Billion Android Devices Affected by Linux TCP Flaw (

An anonymous reader writes: The security bug discovered in the Linux kernel's implementation of the TCP protocol also affects a large portion of the Android ecosystem, mobile security experts have discovered. CVE-2016-5696, the Linux TCP bug discovered last week, affects around 80 percent of all Android devices in use today, which is around 1.4 billion devices. All Android versions from version 4.4 (KitKat) and higher are affected. The reason is that this is the first Android version that featured the Linux kernel 3.6, the first version affected by the TCP flaw. Google said it was notified of the issue and is working on a patch.

Submission + - London cops waste £2.1m on thought crime unit and they want volunteer info (

An anonymous reader writes: The Metropolitan Police is to spend £2.1m of public money funding a unit that will actively investigate “offensive” comments on Twitter and Facebook, according to reports.

Backed by a team of “volunteers”, the Met's new unit will actively seek out anything “deemed inappropriate” on social media services, according to the Sunday papers.

Scotland Yard is splurging £1.7m of its own budget on the headline-grabbing stunt, which will have five full-time detectives on its staff.

The Home Office is contributing a further £452,756 to the Online Hate Crime Hub, as reported by the Sunday Telegraph.

The five-strong hub will consist of a detective inspector, a detective sergeant and three detective constables.

Submission + - Tim Cook: Privacy Is Worth Protecting (

An anonymous reader writes: In a wide-ranging interview with The Washington Post, Apple's CEO Tim Cook talks iPhones, AI, privacy, civil rights, missteps, China, taxes, and Steve Jobs — all without addressing rumors about the company's Project Titan electric car. One of the biggest concerns Tim Cook has is with user privacy. Earlier this year, Apple was in the news for refusing a request from the U.S. Department of Justice to unlock a suspected terrorist's iPhone because Apple argued it would affect millions of other iPhones, it was unconstitutional, and that it would weaken security for everyone. Cook told the Washington Post: "The lightbulb went off, and it became clear what was right: Could we create a tool to unlock the phone? After a few days, we had determined yes, we could. Then the question was, ethically, should we? We thought, you know, that depends on whether we could contain it or not. Other people were involved in this, too — deep security experts and so forth, and it was apparent from those discussions that we couldn't be assured. The risk of what happens if it got out, could be incredibly terrible for public safety." Cook suggest that customers rely on companies like Apple to set up privacy and security protections for them. "In this case, it was unbelievable uncomfortable and not something that we wished for, wanted — we didn't even think it was right. Honestly? I was shocked that [the FBI] would even ask for this," explained Cook. "That was the thing that was so disappointing that I think everybody lost. There are 200-plus other countries in the world. Zero of them had ever asked [Apple to do] this." Privacy is a right to be protected, believes Cook: "In my point of view, [privacy] is a civil liberty that our Founding Fathers thought of a long time ago and concluded it was an essential part of what it was to be an American. Sort of on the level, if you will, with freedom of speech, freedom of the press."

Submission + - Audi's Traffic Light Information System Tells You When The Lights Are Green ( 1

An anonymous reader writes: Audi’s Traffic light information system offers a first: the ability to tell you when the stoplight is going to change from red to green. This is a big thing for the impatient driver, but it’s an even bigger thing for the automotive industry. The new feature, announced Monday, will be available on 2017 Q7, A4, and A4 allroad models built from June, 2016 onward. As your car nears a traffic light, it will receive real-time data about the signals at that location. Because the data can be complex, Audi says the car’s computer will decide whether it has enough information to know when the traffic light you’re sitting at will turn green. If so, it’ll display a countdown clock on the instrument cluster. Malhotra said Audi tested the service on 100 cars for over a year. The company’s working closely with the agencies that manage the 300,000 or so traffic lights in the United States, and data provider Traffic Technology Solutions (TTS) of Portland, Oregon. TTS processes a constant stream of traffic signal status in real time and sends it to Audi’s own servers, which then send it to the car.

Submission + - How a 1967 Solar Storm Nearly Led to Nuclear War (

schwit1 writes: A powerful solar storm nearly heated the Cold War up catastrophically a half century ago, a new study suggests.

The U.S. Air Force began preparing for war on May 23, 1967, thinking that the Soviet Union had jammed a set of American surveillance radars. But military space-weather forecasters intervened in time, telling top officials that a powerful sun eruption was to blame, according to the study.

"Had it not been for the fact that we had invested very early on in solar and geomagnetic storm observations and forecasting, the impact [of the storm] likely would have been much greater," Delores Knipp, a space physicist at the University of Colorado Boulder and the study's lead author, said in a statement. "This was a lesson learned in how important it is to be prepared."

Submission + - SPAM: Student embeds subway card in her fingernails

Mr.Intel writes: Design student Lucie Davis made these high tech nails for a university project. The Tube's Oyster Card comes with an RFID chip inside, which she embedded. ‘I took the RFID chip from an Oyster card and embedded it within a full set of acrylic nails to give commuters the ability to pay for their journeys with a single tap/touch,’ she told WAH Nails. ‘You can still top them up with money too. Now you’ll never have to worry about misplacing your card again!’ As long as you don’t lose the one with the chip in somewhere on the Circle Line, of course.
Link to Original Source

Submission + - Venus May Have Been Habitable

EzInKy writes: Science Daily has an article speculating that Venus may have been habitable which is suggested by NASA climate modeling which proposes that Venus may have had a shallow liquid-water ocean and habitable surface temperatures for up to two billion years of its early history. Talk about global climate change run amok, Venus may represent a near Earth example of what is in store for the future of our world if we don't make it a number one priority to address.

Submission + - Here's what went down at Def Con and Black Hat (

mattydread23 writes: Referred to as "hacker summer camp," Black Hat USA and Def Con last week brought together hackers, information security professionals, and government agents. This year, more than 22,000 people showed up to see talks, buy tools and t-shirts, and enjoy Sin City. They also crammed into various villages at Def Con to compete or learn things like lock-picking and safekeeping their online privacy. Business Insider with the photo report.

Submission + - The Rise and Fall of the Gopher Protocol (

An anonymous reader writes: Tim Gihring at MinnPost talks to the creators of what was, briefly, the biggest thing in the internet, Gopher. Gopher, for those who don't know or have forgotten, was the original linked internet application, allowing you to change pages and servers easily, though a hierarchical menu system. It was quick, it was easy to use, and important for this day and age, it didn't have Flash.

Submission + - NASA TV to Air Spacewalk Live on August 19 (

William Robinson writes: NASA Television will be bringing to viewers around the world live coverage Friday, Aug. 19, as two NASA astronauts install a new gateway for American commercial crew spacecraft at the International Space Station. Walking in space alone poses a threat to the astronauts performing their duty, but the new mission of installing a dock into the ISS adds to the level of difficulties that astronauts will need to survive in order to perform their duty. Coverage will begin at 6:30 a.m. EDT Aug. 19, on NASA TV and the agency’s website, with the spacewalk scheduled to begin at 8:05 a.m. Leading up to the spacewalk, NASA TV will air a briefing from the agency’s Johnson Space Center in Houston at 2 p.m. Monday, Aug. 15, during which station and commercial crew experts will discuss the process and significance of installing and connecting the first of two international docking adapters (IDAs) that will be used for the future arrivals of Boeing and SpaceX commercial crew spacecraft. Not an event to miss.

Slashdot Top Deals

Earth is a beta site.