Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - The mathematics of the American Justice System (bbc.com)

Bob the Super Hamste writes: The BBC is reporting on the Compas assessment, Correctional Offender Management Profiling for Alternative Sanctions. This tool is used by a number of agencies to assess if someone is likely to commit additional crimes and the resulting score is used in determining bail, sentencing, or determining parole. The article points out that while the questions on the assessment do not include race the resulting score may be correlated with race but this is disputed by the software's creators. The assessment scores someone on a 10 point scale but the algorithm used to determine someone's score is kept secret. Because of this defendants are unable to effectively dispute that the score is incorrect.

Submission + - Wells Fargo Fires 5,300 Employees For Creating Millions of Phony Accounts (cnn.com)

An anonymous reader writes: Everyone hates paying bank fees. But imagine paying fees on a ghost account you didn't even sign up for. That's exactly what happened to Wells Fargo customers nationwide. On Thursday, federal regulators said Wells Fargo employees secretly created millions of unauthorized bank and credit card accounts — without their customers knowing it — since 2011. The phony accounts earned the bank unwarranted fees and allowed Wells Fargo employees to boost their sales figures and make more money. Wells Fargo confirmed to CNNMoney that it had fired 5,300 employees related to the shady behavior over the last few years. Employees went to far as to create phony PIN numbers and fake email addresses to enroll customers in online banking services, the CFPB said. The scope of the scandal is shocking. An analysis conducted by a consulting firm hired by Wells Fargo concluded that bank employees opened up over 1.5 million deposit accounts that may not have been authorized, according to the CFPB. Wells Fargo is being slapped with the largest penalty since the CFPB was founded in 2011. The bank agreed to pay $185 million in fines, along with $5 million to refund customers.

Submission + - QRLJacking Can Bypass Any QR Login System (softpedia.com)

An anonymous reader writes: Egyptian security researcher Mohamed Baset has published details about a new type of attack that successfully bypasses SQRLs (Secure QR Logins). In a Facebook post, Baset says he tested his attack on sites such as WhatsApp, WeChat, Line, Weibo, QQ Instant Messaging, QQ Mail, Alibaba, and more.

The QRLJacking attack is nothing more than a social engineering attack that works by requesting a QR code for the service the victim is trying to login into and modifying the QR code to send the confirmation message to the attacker's computer. The crook can modify these login details, add the data belonging to his PC, relay the data from his phone to the default login server, and access the victim's account from his PC.

This attack needs both the attacker and the victim to be online at the same time and can be defeated by any user that pays attention to the URL on which he's scanning QR codes. Judging that it's 2016 and people are still falling victims to phishing attacks, there's a high chance the attack can work.

Submission + - Medical Equipment Crashes During Heart Procedure Because Of Antivirus Scan (softpedia.com)

An anonymous reader writes: The device in question is Merge Hemo, a complex medical equipment used to supervise heart catheterization procedures, during which doctors insert a catheter inside blood veins and arteries in order to diagnose various types of heart diseases. According to one such report filed by Merge Healthcare in February, Merge Hemo suffered a mysterious crash right in the middle of a heart procedure when the screen went black and doctors had to reboot their computer. Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. The antivirus was configured to scan for viruses every hour, and the scan started right in the middle of the procedure. Merge says the antivirus froze access to crucial data acquired during the heart catheterization. Unable to access real-time data, the app crashed spectacularly.

Submission + - It's Way Too Easy to Hack the Hospital (bloomberg.com)

schwit1 writes: The Mayo Clinic had assembled an all-star team of about a dozen computer jocks, investigators from some of the biggest cybersecurity firms in the country, as well as the kind of hackers who draw crowds at conferences such as Black Hat and Def Con. The researchers split into teams, and hospital officials presented them with about 40 different medical devices. Do your worst, the researchers were instructed. Hack whatever you can.

Like the printers, copiers, and office telephones used across all industries, many medical devices today are networked, running standard operating systems and living on the Internet just as laptops and smartphones do. Like the rest of the Internet of Things—devices that range from cars to garden sprinklers—they communicate with servers, and many can be controlled remotely. As quickly became apparent to Rios and the others, hospital administrators have a lot of reasons to fear hackers. For a full week, the group spent their days looking for backdoors into magnetic resonance imaging scanners, ultrasound equipment, ventilators, electroconvulsive therapy machines, and dozens of other contraptions. The teams gathered each evening inside the hospital to trade casualty reports.

“Every day, it was like every device on the menu got crushed,” Rios says. “It was all bad. Really, really bad.” The teams didn’t have time to dive deeply into the vulnerabilities they found, partly because they found so many—defenseless operating systems, generic passwords that couldn’t be changed, and so on.

Sooner or later, hospitals would be hacked, and patients would be hurt. He’d gotten privileged glimpses into all sorts of sensitive industries, but hospitals seemed at least a decade behind the standard security curve. “Someone is going to take it to the next level. They always do,” says Rios. “The second someone tries to do this, they’ll be able to do it. The only barrier is the goodwill of a stranger.”

Submission + - The one guy responsible for GPG is running out of money

jasonridesabike writes: ProPublica reports that Werner Koch, the man behind GPG is in financial straits. Link to article Link to GPG donate page

The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive. Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded.

Submission + - Adobe Patches One Flash Zero Day, Another Still Unfixed

Trailrunner7 writes: Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit.

The vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks.

The patch for Flash comes just a day after Kafeine disclosed that some instances of the Angler exploit kit contained an exploit for a previously unknown vulnerability in the software. Adobe officials said Wednesday that they were investigating the reports. Kafeine initially saw Angler attacking the latest version of Flash in IE on Windows XP, Vista, 7 and 8, but said the exploit wasn’t being used against Chrome or Firefox.

On Thursday he said on Twitter that the group behind Angler had changed the code to exploit Firefox as well as fully patched IE 11 on Windows 8.1.

Submission + - Phony USB Charger Masquerades as Wireless Keylogger (threatpost.com) 3

msm1267 writes: Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards.

The device is known as KeySweeper and Kamkar has released the source code and instructions for building one of your own. The components are inexpensive and easily available, and include an Arduino microcontroller, the charger itself and a handful of other bits. When it’s plugged into a wall socket, the KeySweeper will connect to a nearby Microsoft wireless keyboard and passively sniff, decrypt and record all of the keystrokes and send them back to the operator over the Web.

Submission + - Microsoft Restricts Advanced Notification of Patch Tuesday Updates (securityweek.com) 1

wiredmikey writes: Microsoft has decided to ditch its tradition of publicly publishing information about upcoming patches the Thursday before Patch Tuesday. The decision represents a drastic change for the company's Advance Notification Service (ANS), which was created more than a decade ago to communicate information about security updates before they were released. However, Microsoft's "Premier customers" who still want to receive information about upcoming patches will be able to get the information through their Technical Account Manager support representatives, Microsoft said.

Submission + - Ask Slashdot: Bluetooth to USB bridge

technology_dude writes: I work at a K-12 school and Smartboard interactive white boards are a pretty prominent part of our classroom technology. Smart Technologies, the maker of the boards we own, have a bluetooth module they sell for their older boards. It consists of a plug-in module for the controller on the back of the board and a bluetooth dongle about two inches long for the PC. Their bluetooth module reportedly doesn't play well with other bluetooth devices. Our problem is that we are wanting to move to tablets where the teacher would walk around the room using the Smartboard, mostly with Windows based devices, and the two inch dongle sticking out of a tablet just doesn't seem appropriate (breaking, damaging the tablet USB port, etc).

I am looking for a device that would take a USB connection on one side and finish out the connection with Bluetooth. Something like the USB bridge adapter here (http://www.hantzundpartner.com/hannovermesse_2013/). I have yet been able to receive any replies from a couple of different email addresses on the website. IOGear makes a USB sharing station but I don't know if it will work in this situation. The Smartboard is basically a large touchpad.

I'm hoping someone here on Slashdot can point me to a solution.

Submission + - Ask Slashdot: Dealing With Electronics-Induced Pseudo ADHD? 1

An anonymous reader writes: I am a graduate student in his twenties who used to be able to read dozens and dozens of lengthy books in his childhood. Over the years, I have noticed that my attention span and ability to concentrate has decreased noticeably, seemingly in synchronization with society's increased connectedness with the Internet and constant stimulation from computers and mobile devices alike. I have noticed that myself and others seem to have a difficult time really sitting down to read anything or focus on anything relatively boring for even more than ten seconds (the "TL;DR Generation," as I sometimes call it). I see it when socializing with others or even during a professor's lecture. It is not that I have developed true ADHD in a clinical sense, but rather pseudo ADHD, possibly due to electronics dependence and a constant need for stimulation. I have tried leaving my mobile phone at home and limiting myself to fewer browser tabs in an effort to regain concentration that I believe has been lost in recent years. Nonetheless, this is an issue that has begun to adversely affect my academic studies and may only get worse in time. What advice do fellow Slashdot users have with regard to reclaiming what has been lost? Should such behaviors simply be accepted as a sign of the times?

Submission + - 18th Century Law dredged up to force decryption of devices (theregister.co.uk) 1

Cognitive Dissident writes: The Register has a story about federal prosecutors using a law signed by George Washington to force manufacturers to help law enforcement access encrypted data on devices they manufacture. The All Writs Act is a broad statute simply authorizing courts to issue any order necessary to obtain information within their jurisdiction.

Quoting the Register Article:
Last month, New York prosecutors successfully persuaded a judge that the ancient law could be used to force an unnamed smartphone manufacturer to help unlock a phone allegedly used in a credit card fraud case. The judge ordered the manufacturer to offer "reasonable technical assistance" to make the phone's contents available.

End quote. What will happen when this collides with Apple and Google deliberately creating encryption that they themselves cannot break?

Submission + - Scientists Have Finally Sampled the Most Abundant Material on Earth

rossgneumann writes: The most abundant material on Earth didn’t have a name, and, in fact, hadn’t been seen—until now. For the first time ever, scientists have gotten their hands on a sample of bridgmanite, a mineral that is believed to make up more than a third of the volume of the Earth. In a new paper published in Science late last week, Oliver Tschauner of the University of Nevada, Las Vegas, and his team describe bridgmanite for the first time.

Submission + - Wells Fargo refuses to honor 30-year old CD because they can't find it (kpho.com)

BUL2294 writes: The Consumerist and KPHO-TV Phoenix are reporting the story of a widow who attempted to cash a Certificate of Deposit (CD) at Wells Fargo that had been issued to her late husband for just over $18,000 in 1984. She has been battling with them since 2009, after finding the CD among other paperwork, and a decision in the court case is expected in January. The CD was issued by First Interstate bank, which merged with Norwest, which was bought by Wells Fargo. Wells Fargo has no record of the CD, but the physical document itself mentions that it has to be surrendered to receive payment, or could have been paid out by signing an indemnity form--which they also do not have. In addition, there's a fight over whether the CD is worth $60,000 or $400,000, as the CD was self-renewing and was issued when interest rates were 10.9%.

Ultimately, this is a case of data getting lost within 30-years worth of mergers and system changes. Both the existence of this instrument and its terms are probably on some long-lost tape that may no longer be readable, or paper copies were shredded years ago. That being said, we entrust that our banks and regulators can dig up such historical information... So what happens when they can't? As was evidenced during the US mortgage crisis, banks are terrible at appropriate document retention, so how could they prove what was paid out and when? More importantly, how much of banks' historical / legacy accounts are complete guesses?

Submission + - Fish tagged for research become lunch for gray seals (sciencemag.org)

sciencehabit writes: When scientists slap an acoustic tag on a fish, they may be inadvertently helping seals find their next meal. The tags, rods a few centimeters long that give off a ping that can be detected from up to a kilometer away, are often used to follow fish for studies on their migration, hunting, or survival rates. Researchers working with 10 gray seals (Halichoerus grypus) who were captive for a year have now reported that the animals—including the female seal pictured above, named Janice—can learn to associate the pings with food. If the findings hold true in the wild, the authors warn, they could skew the results of studies trying to analyze fish survival rates or predation.

Slashdot Top Deals

CCI Power 6/40: one board, a megabyte of cache, and an attitude...