Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Risk Of Cascadia Quake Elevated As Puget Sound 'Slow Slip' Event Begins (patch.com) 1

schwit1 writes: On Wednesday, the semi-annual "slow slip" event began, according to the Pacific Northwest Seismic Network (PNSN) at the University of Washington. The event happens about every 14 months deep underneath the Puget Sound area and is essentially a slow earthquake that takes place over the course of two weeks.

During a slow-slip event, after 14 months of moving eastward, the Juan de Fuca tectonic plate stalls and moves westward, which puts stress on the Cascadia subduction zone.

Seismologists often refer to this as a "straw that broke the camel's back" scenario.

"It's loading up the edge of the lock zone of the Cascadia subduction zone more rapidly than normal tectonic processes would do," explained Bill Steele, director of communications at the PNSN. "You're getting seven months of strain accumulation applied to the back edge of the fault over a week."

Submission + - First victim of SHA-1 collisions: Subversion. Technique was reverse engineered

Artem Tashkinov writes: A WebKit developer who tried to upload "bad" PDF files generated from the first successful SHA-1 attack broke WebKit's SVN repository because Subversion uses SHA-1 hash to differentiate commits. The reason to upload the files was to create a test for checking cache poisoning in WebKit.

Another news story is that based on the theoretical incomplete description of the SHA-1 collision attack published by Google just two days ago, people have managed to recreate the attack in practice and now you can download a python script which can create a new PDF file with the same SHA-1 hashsum using your input PDF. The attack is also implemented as a website which can prepare two PDF files with different JPEG images which will result in the same hash sum.

Submission + - White House blocks news organizations from press briefing (cnn.com)

ClickOnThis writes: CNN reports that it, along with several other major news organizations, were blocked from attending a press briefing at the White House today. From the article:

The New York Times, the Los Angeles Times, Politico and BuzzFeed were also excluded from the meeting, which is known as a gaggle and is less formal than the televised Q-and-A session in the White House briefing room. The gaggle was held by White House press secretary Sean Spicer.

In a brief statement defending the move, administration spokeswoman Sarah Sanders said the White House "had the pool there so everyone would be represented and get an update from us today."

The pool usually includes a representative from one television network and one print outlet. In this case, four of the five major television networks — NBC, ABC, CBS and Fox News — were invited and attended the meeting, while only CNN was blocked.

And while The New York Times was kept out, conservative media organizations Breitbart News, The Washington Times and One America News Network were also allowed in.


Submission + - Toshiba plans to ship a 1TB flash chip to manufacturers this spring (computerworld.com)

Lucas123 writes: Toshiba has begun shipping samples of its third-generation 3D NAND memory product, a chip with 64 stacked flash cells that it said will enable a 1TB chip it will ship this spring. The new flash memory product has 65% greater capacity than the previous generation technology, which used 48 layers of NAND flash cells. The chip will be used in data center and consumer SSD products. The technology announcement comes even as suitors are eyeing buying a majority share of the company's memory business. Along with a previous report about WD, Foxxcon, SK Hynix and Micron have now also thrown their hats in the ring to purchase a majority share in Toshiba's memory spin-off, according to a new report in the Nikkei's Asian Review.

Submission + - World's Largest Spam Botnet Adds DDoS Feature (bleepingcomputer.com)

An anonymous reader writes: Necurs, the world's largest spam botnet with nearly five million infected bots, of which one million active each day, has added a new module that can be used for launching DDoS attacks. The sheer size of the Necurs botnet, even in its worst days, dwarfs all of today's IoT botnets, who barely managed to reach 400,000 (albeit the owner of that botnet has now been arrested).

If this new feature would ever to be used, a Necurs DDoS atack would easily break every DDoS record there is. Fortunately, no such attack has been seen until now. Until now, the Necurs botnet has been seen spreading the Dridex banking trojan and the Locky ransomware. According to industry experts, there's a low chance to see the Necurs botnet engage in DDoS attacks because the criminal group behind the botnet is already making too much money to risk exposing their full infrastructure in DDoS attacks.

Submission + - Security lapse exposed New York airport's critical servers for a year (zdnet.com)

An anonymous reader writes: A security lapse at a New York international airport left its server backups exposed on the open internet for almost a year, ZDNet has found.

Khalil Sehnaoui, founder of Krypton Security, and Brad "Renderman" Haines, a hacker and security researcher, analyzed the password file and a network schematic found among the files to determine the reach of a potential attacker.

"The password file would give us full access to every component of the internal network," said Sehnaoui.

But in the wrong hands, it could also be used to issue valid boarding passes to people on the "no-fly" list, a government watchlist that prevents possible terrorists from boarding flights, he said.

"You could access the database of travelers and know who is going where and when, and get a list of the passenger's data, such as names and passport numbers," said Haines.

Or, worst case scenario, hackers could shut down airport operations, stranding passengers on the ground, the researchers say.

Submission + - Malaysian Police: VX nerve gas killed N Korea leader's brother in airport attack (reuters.com)

An anonymous reader writes: Malaysian police have announced their finding that Kim Jong Nam, half-brother of North Korean leader Kim Jon Un, was killed by assassins using VX nerve gas in an attack in the busy Kuala Lumpur airport. Malaysian authorities plan to decontaminate the airport and other sites visited by the attackers. Police are holding the two female attackers, one of whom was affected by the chemical agent, as well as two other men. They are seeking seven more North Koreans connected to the case. VX is the most toxic of the nerve gasses and the UN has declared it a weapon of mass destruction. The manufacture and stockpiling of more than 100 grams of VX per year is prohibited by the Chemical Weapons Convention of 1993. It has no commercial uses. The Malaysian police are trying to discover if it was smuggled into their country, or manufactured there. The Malaysian government has recalled its ambassador to North Korea for consultation. North Korea is blaming the death of Kim Jong Nam on Malaysia. North Korea is believed to have major stockpiles of chemical weapons, and is alleged to conduct experiments on prisoners and social undesirables.

Submission + - SPAM: SNES Game Preservation Project Revived After Package Located

Xenographic writes: Byuu's SNES Game preservation project has been revived after social media attention led to the discovery of the $10,000 package of SNES games at an Atlanta, GA mail recovery center. As you may remember from Slashdot's previous coverage, byuu was working to preserve PAL format SNES games when 100 titles that were lent to him vanished in the mail. It turns out that the shipping label became separated from the package, causing it to fail to be delivered and only through special effort on the part of USPS were they able to locate the package and return it.
Link to Original Source

Submission + - AZ Bill Would Make Students in Grades 4-12 Participate Once In An Hour of Code

theodp writes: Christopher Silavong of Cronkite News reports: "A bill, introduced by [Arizona State] Sen. John Kavanagh, R-Fountain Hills, would mandate that public and charter schools provide one hour of coding instruction once between grades 4 to 12. Kavanagh said it’s critical for students to learn the language – even if it’s only one session – so they can better compete for jobs in today’s world. However, some legislators don’t believe a state mandate is the right approach. Senate Bill 1136 has passed the Senate, and it’s headed to the House of Representatives. Kavanagh said he was skeptical about coding and its role in the future. But he changed his mind after learning that major technology companies were having trouble finding domestic coders and talking with his son, who works at a tech company." According to the Bill, the instruction can "be offered by either a nationally recognized nonprofit organization [an accompanying Fact Sheet mentions tech-backed Code.org] that is devoted to expanding access to computer science or by an entity with expertise in providing instruction to pupils on interactive computer instruction that is aligned to the academic standards."

Submission + - Alphabet's Waymo Sues Uber For Allegedly Stealing Self-Driving Patents (bloomberg.com)

An anonymous reader writes: It took Alphabet Inc.’s Waymo seven years to design and build a laser-scanning system to guide its self-driving cars. Uber Technologies Inc. allegedly did it in nine months. Waymo claims in a lawsuit filed Thursday that was possible because a former employee stole the designs and technology and started a new company. Waymo accuses several employees of Otto, a self-driving startup Uber acquired in August for $680 million, of lifting technical information from Google’s autonomous car project. The “calculated theft” of Alphabet’s technology earned Otto’s employees more than $500 million, according to the complaint in San Francisco federal court. The claims in Thursday’s case include unfair competition, patent infringement and trade secret misappropriation. Waymo was inadvertently copied on an e-mail from one of its vendors, which had an attachment showing an Uber lidar circuit board that had a “striking resemblance” to Waymo’s design, according to the complaint. Anthony Levandowski, a former manager at Waymo, in December 2015 downloaded more than 14,000 proprietary and confidential files, including the lidar circuit board designs, according to the complaint. He also allegedly created a domain name for his new company and confided in some of his Waymo colleagues of plans to “replicate” its technology for a competitor. Levandowski left Waymo in January 2016 and went on in May to form Otto LLC, which planned to develop hardware and software for autonomous vehicles.

Submission + - Cloudflare Leaks Sensitive User Data Across the Web

ShaunC writes: In a bug that's been christened "Cloudbleed," Cloudflare disclosed today that some of their products accidentally exposed private user information from a number of websites. Similar to 2014's Heartbleed, Cloudflare's problem involved a buffer overrun that allowed uninitialized memory contents to leak into normal web traffic. Tavis Ormandy, of Google's Project Zero, discovered the flaw last week. Affected sites include Uber, Fitbit, and OKCupid, as well as unnamed services for hotel booking and password management. Cloudflare says the bug has been fixed, and Google has purged affected pages from its search index and cache.

Submission + - Early Apple internal memos found at Seattle thrift shop (blogspot.com)

An anonymous reader writes: "I was at the Seattle Goodwill outlet recently and I noticed the Apple logo on letterhead sticking out from a bin of books, so I started digging. What I found were the 1979-1980 files of Jack MacDonald, manager of system software for the Apple II and /// at the time.

"They tell the story of project "SSAFE" or "Software Security from Apples Friends and Enemies." This was a proposal to bring disk copy protection in-house to sell as a service to outside developers. Inter-office memos, meeting notes and progress reports all give a good idea of what a project life cycle looked like. Different schemes and levels of protection are considered, as well as implementation primarily on the Apple II+ and the upcoming SARA (The Apple ///) and Lisa computers."

Submission + - Study Reveals Bot-On-Bot Editing Wars Raging On Wikipedia's Pages (theguardian.com)

An anonymous reader writes: A new study from computer scientists has found that the online encyclopedia is a battleground where silent wars have raged for years. Since Wikipedia launched in 2001, its millions of articles have been ranged over by software robots, or simply “bots," that are built to mend errors, add links to other pages, and perform other basic housekeeping tasks. In the early days, the bots were so rare they worked in isolation. But over time, the number deployed on the encyclopedia exploded with unexpected consequences. The more the bots came into contact with one another, the more they became locked in combat, undoing each other’s edits and changing the links they had added to other pages. Some conflicts only ended when one or other bot was taken out of action. The findings emerged from a study that looked at bot-on-bot conflict in the first ten years of Wikipedia’s existence. The researchers at Oxford and the Alan Turing Institute in London examined the editing histories of pages in 13 different language editions and recorded when bots undid other bots’ changes. While some conflicts mirrored those found in society, such as the best names to use for contested territories, others were more intriguing. Describing their research in a paper entitled Even Good Bots Fight in the journal Plos One, the scientists reveal that among the most contested articles were pages on former president of Pakistan Pervez Musharraf, the Arabic language, Niels Bohr and Arnold Schwarzenegger. One of the most intense battles played out between Xqbot and Darknessbot which fought over 3,629 different articles between 2009 and 2010. Over the period, Xqbot undid more than 2,000 edits made by Darknessbot, with Darknessbot retaliating by undoing more than 1,700 of Xqbot’s changes. The two clashed over pages on all sorts of topics, from Alexander of Greece and Banqiao district in Taiwan to Aston Villa football club.

Submission + - UK Police Arrest Suspect Behind Mirai Malware Attacks on Deutsche Telekom (bleepingcomputer.com)

An anonymous reader writes: German police announced today that fellow UK police officers have arrested a suspect behind a serious cyber-attack that crippled German ISP Deutsche Telekom at the end of November 2016. The attack in question caused over 900,000 routers of various makes and models to go offline after a mysterious attacker attempted to hijack the devices through a series of vulnerabilities.

The attacks were later linked to a cybercrime groups operating a botnet powered by the Mirai malware, known as Botnet #14, which was also available for hire online for on-demand DDoS attacks.

According to a statement obtained by Bleeping Computer from Bundeskriminalamt (the German Federal Criminal Police Office), officers from UK's National Crime Agency (NCA) arrested yesterday a 29-year-old suspect at a London airport. German authorities are now in the process of requesting the unnamed suspect's extradition, so he can stand trial in Germany. Bestbuy, the name of the hacker that took credit for the attacks has been unreachable for days.

Slashdot Top Deals

I am NOMAD!

Working...