Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission Summary: 0 pending, 8 declined, 5 accepted (13 total, 38.46% accepted)

DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Cyberlock lawyers threaten security researcher over vulnerability disclosure

qubezz writes: Security researcher Phar (Mike Davis/IOActive) gave his 30 days of disclosure notice to Cyberlock (apparently a company that makes electronic lock cylinders) that he would release a public advisory on vulnerabilities he found with the company's security devices. On day 29, their lawyers responded with a request to refrain, feigning ignorance of the previous notice, and invoking mention of the DMCA (this is not actually a DMCA takedown notice, as the law firm is attempting to suppress initial disclosure through legal wrangling). Mike's blog states:

The previous DMCA threats are from a company called Cyberlock, I had planned to do a fun little blog post (cause i .. hate blog posts) on the fun of how I obtained one, extracted the firmware bypassing the code protection and figured out its "encryption" and did various other fun things a lock shouldn't do for what its marketed as.. But before I could write that post I needed to let them know what issues we have deemed weaknesses in their gear.. the below axe grinderery is the results.

What should researchers do when companies make baseless legal threats to maintain their security-through-obscurity?

Submission + - Starbucks testing mobile order and pay in Portland on iOS

qubezz writes: For those who just can't wait in line, Starbucks announced today that the caffeinated city of Portland will be the first stop in the roll-out of an app for ordering drinks from your mobile device (iPhone only, Android anticipated in 2015). Not a delivery service — it appears your pre-paid drink will be waiting at the end of the bar for the asking. The cost? The app won't operate unless you allow it access to GPS location services, potentially turning every coffee consumer's device into a tracking beacon.

For the rest, there's still the independent site mapping which Starbucks are currently open.

Submission + - Google drops authorship with picture from search results.

qubezz writes: Did you notice the pictures of "experts" in your Google search results over the last few years? If a webmaster wanted a site to appear fancy and stand out in search results, a Google Plus profile had to link to your site, and pages recognized as articles needed continuous creation.

The "Authorship" feature, which rolled out in 2011 as another part of the Google+ social and real name marketing push, had its author profile pictures pulled from the search results in June this year. The remainder of the feature is now finally dead, with little fanfare.

Emil Protalinski at thenextweb.com (note the importance of author?) reports:

Google today stopped showing authorship in search results, meaning articles will no longer include a link to the Google+ profile of their author. The company says that it found the information isn’t as useful to its users as it hoped, and in some cases even distracts from the overall search results.

Submission + - Blizzard sues Starcraft II cheat authors in US Court (torrentfreak.com)

qubezz writes: The torrent news site TorrentFreak was first to report that Monday this week Blizzard filed a lawsuit in US District court in California against the programmers behind the popular Starcraft II cheat “ValiantChaos MapHack.”

The complaint seeks relief from "direct copyright infringement", "contributory copyright infringement", "vicarious copyright infringement", "trafficking in circumvention devices", etc. The suit seeks the identity of individuals, as it fishes for names of John Does 1-10, in addition to seeking an injunction against the software (which remains on sale) and punitive damages. Blizzard claims losses from diminished user experiences, and also that "when users of the Hacks download, install, and use the Hacks, they directly infringe Blizzard’s copyright in StarCraft II, including by creating unauthorized derivative works".

Submission + - Facebook, Twitter, Google opening URLs in your email (computerweekly.com)

qubezz writes: You have emailed someone a confidential email with a URL that gives them secure access to your site — well guess what, your email provider is logging into it also. Several email and messaging platforms are reading message contents and following web links in the messages.

Security firm High-Tech Bridge set up a dedicated server to see which of the services picked up and used a unique URL they added to emails sent through various services. During the 10 days of the experiment, only six services out of the 50 took the bait, but they included four of the biggest and most used social networks: Facebook, Twitter, Google+ and Formspring.


Submission + - iPhone's Siri Suffers Nationwide Five-Hour Outage (venturebeat.com) 1

qubezz writes: iPhone4S owners attempting to use the Siri voice recognition feature were greeted with widespread network outage messages Thursday starting around 11am PST, reports Venture Beat and others. Comments started coming in from the twitter-verse of the outage, and Apple hasn't yet made a statement about the cause.
Siri still provided humor after service was restored: "I asked her, "Siri, where you been all day?" Her response? A number of day spas and hair salons"


Submission + - Buying 259684 Bitcoins For $2613 During Mtgox Hack (bitcoin.org)

qubezz writes: The firsthand report from a trader about the mtgox.com flash-crash shows the impact to mtgox.com may be much deeper, and gives an insider perspective that throws doubt on mtgox's account of events. The Mt Gox bitcoin exchange remains shut down after it was disclosed that a hacker compromised a trading account and sold all it's bitcoins, crashing the exchange price. Mtgox reports that the hacker was able to transfer less than $1000 out of the hacked account.

This trader has an interest in doubting the hacker story behind the big sell-off — during the fire sale, because when the market crashed, he was able to buy over 250,000 BTC for less than $3000 (at a price of a $0.0101 each), and even transferred 643 BTC off the exchange to his personal wallet, where it is untouchable (and now worth about $10,000). When the exchange rolls back the transactions wiping his remaining 250,000 BTC balance ($4 million at previous exchange prices), will he be getting his $2613 USD back?


Submission + - First Bitcoin Theft? $500,000 in BTC Stolen 1

qubezz writes: A Bitcoin user has lost 25,000 Bitcoins, the digital peer-to-peer currency that is all the rage in digital peer-to-peer currencies these days, which at current exchange rates is around $470,000. For doubters, here is the lo-fi (but still very slow) version of the discussion thread where user "allinvain" has posted the info about the transfers. Theories are still out there about how his wallet got hacked. Lesson: spread your savings, and perhaps transfer your earnings from pools to a super-locked-down non-pool account with an offline key.
Quote from victim: Hi everyone. I am totally devastated today. I just woke up to see a very large chunk of my bitcoin balance gone to the following address: 1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg. Transaction date: 6/13/2011 12:52 (EST). I feel like killing myself now. This get me so f'ing pissed off. If only the wallet file was encrypted on the HD. I do feel like this is my fault somehow for now moving that money to a separate non windows computer. I backed up my wallet.dat file religiously and encrypted it but that does not do me much good when someone or some trojan or something has direct access to my computer somehow.

Submission + - Companies outsourcing work verification calls

qubezz writes: Didn't get approved for that recent rental? Maybe it's because your company has outsourced their work verification! I recently discovered this nefarious new world order approving renters for my property (BTW, it was VOLT, a temp agency for tech companies like Microsoft, Intel, and others.) If you work for a company that has outsourced their work verification, the caller will be instructed to call another company with an account code, and sit through a phone tree and wait time with bad accent outsourced call center that rivals the worst tech support. That company will then want to set up the caller with an internet account to their service and charge $18 per verification. The biggest outsourcer is Talx (theworknumber.com), which was acquired for $1.4 billion in 2007 by Equifax. They are also infamous for getting your unemployment claims denied for your previous employer. So now your weekly paycheck is being directly reported to a credit agency by your company, and your employer now has a company cajoling money from places you want to rent (denying you is free though). Among other services they are now able to sell to lenders is a complete earning history from your SSN.

Submission + - Digitally filtering out the drone of the World Cup 1

qubezz writes: World Cup soccer fans may think a hornet's nest has infiltrated their TVs. However the buzz that is the background soundtrack of the South African-hosted games comes from tens of thousands of plastic horns called Vuvuzelas, that are South Africa's version of ringing cowbells or throwing rats. It looks like the horns won't be banned anytime soon though.

A savvy German hacker, 'Tube' discovered that the horn sound can be effectively filtered out by applying a couple of digital notch filters to the audio at the frequencies the horn produces (another summary in English). Now it looks like even broadcasters like the the BBC and others are considering using such filters on their broadcasts.

Submission + - 114,000 iPad user emails exposed in breach (gawker.com)

qubezz writes: Gawker.com is reporting an exclusive — that a hacker group 'Goatse security' has discovered the account numbers and user email addresses for what seems to be every early-adopter of the iPad 3G. The site reports:

"Goatse Security obtained its data through a script on AT&T's website, accessible to anyone on the internet. When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address, in what was apparently intended to be an AJAX-style response within a Web application."

Among the email addresses revealed are several .mil addresses and entertainment personalities...


Submission + - 700MB of MediaDefender internal emails leaked (torrentfreak.com) 2

qubezz writes: The company MediaDefender which works with the RIAA and MPAA against piracy (setting up fake torrents and trackers and disrupting p2p) had earlier set up a fake internet video download site designed to catch and bust users. They denied the entrapment charges. Now 700MB of internal emails from the company from the last 6 months leaked onto BitTorrent trackers detail their entire plan, how they intended to distance themselves from the fake company they set up, future strategies, and reveal other company information such as logins and passwords, wage negotiations, and numerous other aspect of their internal business! torrentfreak.com details some of the jems!

Slashdot Top Deals

Prototype designs always work. -- Don Vonada