Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - SPAM: Western Digital Announces Breakthrough 64-Layer 3D NAND Tech

An anonymous reader writes: Western Digital has unveiled the world’s first 64-layer 3D NAND technology, which it promises will deliver bigger and significantly faster SSD flash memory solutions in the future. Alongside Toshiba, the American storage firm has developed the 3D NAND technology which counts an impressive 64 layers of vertically-stacked storage. The product is named BiCS3, continuing from the previous BiCS2 generation, and stores up to 3-bits-per-cell – the industry’s smallest. WD says that this capability allows for much improved capacity, as well as boosted performance and reliability. WD has already started production, but the company noted that while volume shipments would begin in late 2016, ‘meaningful commercial volumes’ would not be recorded until the beginning of 2017.

Submission + - LastPass accounts can be 'completely compromised' when users visit sites (theregister.co.uk)

mask.of.sanity writes: A dangerous zero-day vulnerability has been found in popular cloud password vault LastPass, which can completely compromise user accounts when users visit malicious websites. The flaw is today being reported to LastPass by established Google Project zero hacker Tavis Ormandy who says he has found other "obvious critical problems".

Submission + - Subscribers Pay 61 Cents/Hour of Cable, But Only 20 Cents/Hour of Netflix (allflicks.net)

An anonymous reader writes: The folks at AllFlicks decided to crunch some numbers to determine just how much more expensive cable is than Netflix. They answered the question: how much does Netflix cost per hour of content viewed, and how does that compare with cable's figures? AllFlicks reports: "We know from Netflix’s own numbers that Netflix’s more than 75 million users stream 125 million hours of content every day. So that’s (roughly) 100 minutes per user, per day. Using the price of Netflix’s most popular plan ($9.99) and a 30-day month, we can say that the average user is paying about 0.33 cents per minute of content, or 20 cents an hour. Not bad! But what about cable? Well, Nielsen tells us that the average American adult cable subscriber watches 2,260 minutes of TV per week (including timeshifted TV). That’s equivalent to 5.38 hours per day, or 161.43 hours per 30-day month. Thanks to Leichtman Research, we know that the average American pays $99.10 per month for cable TV. That means that subscribers are paying a whopping 61.4 cents per hour to watch cable TV – more than three times as much as users pay per hour of Netflix!"

Submission + - 'Sister Clones' Of Dolly The Sheep Have Aged Like Any Other Sheep, Study Says (npr.org)

An anonymous reader writes: About four years ago, Kevin Sinclair inherited an army of clones. "Daisy, Debbie, Denise and Diana," says Sinclair, a developmental biologist at the University of Nottingham in England. "'Sister clones' probably best describes them," Sinclair says. "They actually come from the exactly the same batch of cells that Dolly came from." In an article out Tuesday in the journal Nature Communications, Sinclair and his colleagues write that the ewes' age, along with their strapping health, might be a reason for people to start feeling more optimistic about what cloning can do. Dolly's life did not turn out as scientists in the cloning field hoped it would. She died young — 6 1/2 — with a nasty lung virus. "That was really just bad luck," Sinclair says, and had "nothing to do" with the fact that Dolly was a clone. It was a daunting concept for those in the cloning field, because, says Sinclair, "If you're going to create these animals, they should be normal in every respect. They should be just as healthy as any other animal that's conceived naturally. If that is not the case, then it raises serious ethical and welfare concerns about creating these animals in the first place." But, the good health of the 13 clones in the Nottingham herd suggest better prospects for the procedure. Sinclair and his colleagues evaluated the animals' blood pressure, metabolism, heart function, muscles and joints, looking for signs of premature aging. They even fattened them up (since obesity is a risk factor for metabolic problems including diabetes) and gave them the standard tests to gauge how their bodies would handle glucose and insulin. The results? Normal, normal, normal. "There is nothing to suggest that these animals were anything other than perfectly normal," says Sinclair. They had slight signs of arthritis (Debbie in particular), but not enough to cause problems. "If I put them in with a bunch of other sheep, you would never be able to identify them," he says.

Submission + - Highest-Paid CEOs Run Worst-Performing Companies, Research Finds (independent.co.uk)

An anonymous reader writes: According to a study carried out by corporate research firm MSCI, CEO's that get paid the most run some of the worst-performing companies. It found that every $100 invested in companies with the highest-paid CEOs would have grown to $265 over 10 years. However, the same amount invested in the companies with the lowest-paid CEOs would have grown to $367 over 10 years. The report, titled "Are CEOs paid for performance? Evaluating the Effectiveness of Equity Incentives," looked at the salaries of 800 CEOs at 429 large and medium-sized U.S. companies between 2005 and 2014 and compared it with the total shareholder return of the companies. Senior corporate governance research at MSCI, Ric Marshall, said in a statement: "The highest paid had the worse performance by a significant margin. It just argues for the equity portion of CEO pay to be more conservative."

Submission + - EU Plans To Create Database Of Bitcoin Users With Identities & Wallet Addres (softpedia.com)

An anonymous reader writes: The European Commission is proposing the creation of a database that will hold information on users of virtual currencies. The database will record data on the user's real world identity, along with all associated wallet addresses.

The database will be made available to financial investigation agencies in order to track down users behind suspicious operations. The creation of this database is part of a regulatory push that the EU got rolling after the Paris November 2015 terror attacks, and which it officially put forward in February 2016, and later approved at the start of July 2016. Legally, this is an attempt to reform the Anti-Money Laundering Directive (AMLD). The current draft is available here.

Submission + - AR Helmet Startup Skully Has Crashed and Burned (techcrunch.com)

An anonymous reader writes: Sources inside the AR helmet company Skully say the startup is no more. TechCrunch reports: "Operations have ceased within the company, and we’re told the website will be turned off at some point today. Weller has also been asked to sign a confidentiality deal with investors. Weller told TechCrunch today he will not sign and that he’s completely walked away from all dealings with the company as of 10 days ago. The site is still up for now but it says Skully’s AR-1 helmet is sold out in every size and no one is able to order. A source tells us sales were cut off on Monday. The shutdown leaves several vendors and Skully’s manufacturer Flextronics with unpaid bills and at least 50 full-time employees out of a job. It’s unclear if any of the vendors will be paid. That also means the more than 3,000 people who pre-ordered a helmet may never get one — and one source tells us it’s doubtful any of them will be receiving a refund."

Submission + - Norway Is Building The World's First 'Floating' Underwater Tunnels (thenextweb.com)

An anonymous reader writes: Norway plans to build "submerged floating bridges" to allow drivers to cross its bodies of water. The Next Web reports: "The 'submerged floating bridges' would consist of large tubes suspended by pontoon-like support structures 100 feet below water. Each will be wide enough for two lanes of traffic, and the floating structures should ease the congestion on numerous ferries currently required to get commuters from Point A to Point B. Each support pontoon would then be secured to a truss or bolted to the bedrock below to keep things stable."

Submission + - Thousands of Bugs Found on Medical Monitoring System (securityledger.com)

chicksdaddy writes: The Department of Homeland Security warned of hundreds of vulnerabilities in a hospital monitoring system sold by Philips. Security researchers who studied the system said the security holes may number in the thousands, according to a report by The Security Ledger (https://securityledger.com/2016/07/code-blue-thousands-of-bugs-found-on-medical-monitoring-system/)

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an alert on July 14 (https://ics-cert.us-cert.gov/advisories/ICSMA-16-196-01) about the discovery of 460 vulnerabilities in the Philips Xper-IM Connect system, including 360 with a severity rating of “high” or “critical” severity. But an interview with one of the researchers who analyzed the Xper system said that the true number of vulnerabilities was much higher, numbering in the thousands.

Xper IM Connect is a “physiomonitoring” system that is widely used in the healthcare sector to monitor and manage other medical devices. Research by two companies, Synopsys and Whitescope LLC, working in collaboration with Philips, found that the system is directly afflicted by 460 software vulnerabilities, including 272 in the Xper software itself and 188 in the Windows XP operating system that Xper IM runs on. The vulnerabilities include remote code execution flaws that could allow malicious code to be run on the Xper system as well as vulnerabilities that could expose sensitive information stored on Xper systems.

Submission + - John Cook's experiment with online science trolls

Lasrick writes: John Cook is a researcher who writes about climate change denial at SkepticalScience, and he writes here about dealing with online trolls. Not only has he turned online trolling into a source of data collection, but has also come up with a very effective way to deal with trolling. Great read: 'When I turn the spotlight around to expose the techniques of science denial, the reaction can be intense.'

Submission + - Hiding Commands in AAAA DNS Records for Covert Command and Control Channels (sans.edu)

UnderAttack writes: DNS makes for a great command and control channel. Pretty much all systems are able to reach the global DNS infrastructure via recursive name servers. The other advantage of DNS is that any operating system includes tools to perform DNS lookups on the command line. To exfiltrate data, a simple "A" record lookup for a hostname can be used like 4111111111111111.evilexample.com to exfiltrate a credit card number. But to send commands back to the system, many covert channels use "TXT" records, which are much less common and easily detected or blocked.

The script prevented here uses a simple bash script to instead encode commands in AAAA records, and use them to send command back to the compromised systems. AAAA records hold 16 bytes per record, and due to them being displayed in hex, are easily decoded with tools like xxd.

Submission + - NIST Will Ban SMS for Two-Factor Authentication

Trailrunner7 writes: The move toward two-factor authentication and two-step verification for high-value services has been a positive one for user security, but many of those services use SMS as the channel for the second step in the authentication process, a method that the United States government is preparing to recommend against using.

The National Institute of Standards and Technology has published draft guidance that recommends against companies and government agencies using SMS as the channel for out-of-band verification. Many services that have deployed 2FA or 2SV as part of the authentication process use SMS to deliver short codes that users then enter into an app or site. However, text messaging isn’t considered a secure channel and NIST is now saying that the use of SMS as a channel for out-of-band verification won’t be permitted in future versions of its Digital Authentication Guideline.

Submission + - How To Use Print Screen On A Mac OS X Computer (usefulpcguide.com)

tonytranupc writes: It's very easy to take a screenshot on a Mac (use Print Screen Mac function) for users who have been using Mac OS X for years — nothing strange with the features and functions of Mac OS X. But if you have recently switched from Microsoft's Windows or Linux to Mac OS X, you might feel unfamiliar with this new platform and don't really know how to use its features.

Submission + - UAC Bypass Attack On Windows 10 Allows Malicious DLL Loading (helpnetsecurity.com) 1

Orome1 writes: Security researchers Matt Graeber and Matt Nelson have discovered a way to run a malicious DLL on Windows 10 without the User Account Control (UAC) springing into action and alerting users of the potential danger. By modifying a default scheduled task (“SilentCleanup”) associated with the Disk Cleanup utility, they were able to trigger the running of a specially crafted DLL file without triggering UAC. That’s because SilentCleanup on Windows 10 is configured “to be launchable by unprivileged users but to run with elevated/high integrity privileges.”

Submission + - Solar Impulse completes solar-powered flight around the world

MikeChino writes: After 558 hours of total flight time, a solar-powered airplane just finished a record-shattering trip around the world. The Solar Impulse landed in Abu Dhabi at 4:05 am this morning, completing the final leg of an adventure spanning 43,041 kilometers. Upon landing and exiting the cockpit, Piccard said: “This is not only a first in the history of aviation; it’s before all a first in the history of energy. I’m sure that within 10 years we’ll see electric airplanes transporting 50 passengers on short to medium haul flights."

Slashdot Top Deals

"Ignorance is the soil in which belief in miracles grows." -- Robert G. Ingersoll

Working...