Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Microsoft ends Tuesday patches (helpnetsecurity.com)

An anonymous reader writes: Yesterday was a big day for Patch Tuesday. It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches will be bundled together and users will no longer be able to pick and choose which updates to install. Furthermore, these new ‘monthly update packs’ will be combined, so for instance, the November update will include all the patches from October as well.

Submission + - Network-On-Chip (netspeedsystems.com)

Radha Shelke writes: NetSpeed Systems has developed a network on chip (NoC) architecture a set of tools designed to synthesise the best type of network for a given SoC, for better performance.

Submission + - Malware Counts Word Docs to Evade Detection (threatpost.com) 2

msm1267 writes: A new macro-based malware has been spotted that goes to novel lengths to avoid detection. Once a computer is compromised, the malware will count the number of Word documents stored on the local drive; if it's more than two, the malware executes. Otherwise, it figures it's landed in a virtual environment or is executing in a sandbox and stays dormant.

A typical test environment consists of a fresh Windows computer image loaded into a VM. The OS image usually lacks documents and other telltale signs of real world use.

If no Microsoft Word documents are found, the VBA macro's code execution terminates, shielding the malware from automated analysis and detection. Alternately, if more than two Word documents are found on the targeted system, the macro will download and install the malware payload.

Submission + - U.S. drone case tests rights to air space (yahoo.com)

turkeydance writes: LONDON/WASHINGTON (Thomson Reuters Foundation) — When a small town American roofer took legal action against a neighbor for shooting down his drone, the local dispute sparked a case that could help shape the newest frontier of property rights law – who owns the air.

Drone owner David Boggs filed a claim for declaratory judgment and damages in the Federal Court after his neighbor William Merideth from Hillview in the southern state of Kentucky blasted his $1,800 drone with a shotgun in July last year.

Boggs argued to the District Court in Kentucky that the action was not justified as the drone was not trespassing nor invading anyone's privacy, while Merideth — who dubs himself the "drone slayer" — said it was over his garden and his daughter.

After a year of counter argument, a decision on which court jurisdiction should hear the complaint is expected within weeks and this could set new precedents for U.S. law.

Submission + - September 19th SpaceX Launch will be visible across California, Nevada. (reddit.com)

Bruce Perens writes: The nighttime launch of a SpaceX Falcon 9 containing Iridium satellites at 9:49 PM PST Monday September 19th from Vandenberg AFB SLC-4 is likely to be visible across California and in some Nevada locations. Although Vandenberg has a landing pad for the Falcon under construction, this will probably be a drone-ship landing and some California observers might see two of the landing burns.

Submission + - An unsecured database leaves off-the-grid energy customers exposed (zdnet.com)

Zack Whittaker writes: Thousands of remote villagers in Guatemala and South Africa are living off the grid, but their personal information isn't. Chris Vickery, lead security researcher of the MacKeeper security research team, discovered an unprotected database with no password over two months ago . Anyone who knew the database was there could access more than 40 gigabytes of customer data.

The database, run by Guatemala-based energy startup Kingo, has exposed the personal information of more than 18,800 customers, both in its home country and in South Africa.

Este artículo está disponible en español.

Submission + - Fabric fixes itself with help from squid proteins (acs.org)

ckwu writes: Mending ripped clothes could take just a few seconds and some water, thanks to a new self-healing coating based on a squid protein. The protein comes from the teeth ringing the suction cups of squid. When severed, the protein can fuse back together under water. To form the 1-micron-thick coating, researchers dip patches of cotton, linen, and wool into solutions containing a polymer and the squid protein. To mend a tear, they simply sprinkle warm water on the coated fabric and press the torn edges together. The repaired textiles remained just as flexible and strong as they were before the damage. What's more, the researchers can incorporate enzymes into the coating to break down toxins, offering the wearer protection against environmental hazards.

Submission + - Facebook recommended that this psychiatrist's patients friend each other (fusion.net)

Presto Vivace writes:

Facebook’s ability to figure out the “people we might know” is sometimes eerie. Many a Facebook user has been creeped out when a one-time Tinder date or an ex-boss from 10 years ago suddenly pops up as a friend recommendation. How does the big blue giant know? ... While some of these incredibly accurate friend suggestions are amusing, others are alarming, such as this story from Lisa*, a psychiatrist who is an infrequent Facebook user, mostly signing in to RSVP for events. Last summer, she noticed that the social network had started recommending her patients as friends—and she had no idea why. ... “I haven’t shared my email or phone contacts with Facebook,” she told me over the phone.

What could possibly go wrong?

Submission + - Google Login Bug Allows Credential Theft

Trailrunner7 writes: Attackers can add an arbitrary page to the end of a Google login flow that can steal users’ credentials. or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process.

A researcher in the UK identified the vulnerability recently and notified Google of it, but Google officials said they don’t consider it a security issue. The bug results from the fact that the Google login page will take a specific, weak GET parameter.

Using this bug, an attacker could add an extra step to the end of the login flow that could steal a user’s credentials. For example, the page could mimic an incorrect password dialog and ask the user to re-enter the password. Woods said an attacker also could send an arbitrary file to the target’s browser any time the login form is submitted.

In an email interview, Woods said exploiting the bug is a simple matter.

“Attacker would not need to intercept traffic to exploit – they only need to get the user to click a link that they have crafted to exploit the bug in the continue parameter,” Woods said.

Google told Woods they don't consider this a security issue.

Submission + - Okta May Have Solved the Password Mess—for Your Employer, Not You (backchannel.com)

mirandakatz writes: Today, most of us have more passwords than ever, and are increasingly spending time in what writer Scott Rosenberg calls "authentication hell," struggling to remember whether we capitalized the name of our first pet when inputting our security questions. One company says it's making serious headway on solving this problem, and trying to create a definitive single sign-on system. The problem? They're only doing it for your employer, and it might be a long time before individuals are liberated from password purgatory.

Submission + - Proposed 'social media ID, please' law met with anger (computerworld.com)

dcblogs writes: A plan by the U.S. government to require some foreign travelers to provide their social media IDs on key travel documents is being called by critics “ludicrous,” an “all-around bad idea,” “blatant overreach,” “desperate, paranoid heavy-handedness,” “preposterous,” “appalling,” and “un-American." That's just a sampling of the outrage. Some 800 responded to the U.S. request for comments about a proposed rule affecting people traveling from “visa waiver” countries to the U.S., where a visa is not required. This includes most of Europe, Singapore, Chile, Japan, South Korea, Australia and New Zealand. Travelers will be asked to provide their Twitter, Facebook, Instagram, LinkedIn, Google+, and whatever other social ID you can imagine to U.S. authorities. It’s technically an “optional” request, but since it’s the government asking, critics believe travelers will fear consequences if they ignore it. People who are traveling from a country where a visa is required, such as India or China, get a security vetting when they apply for a visa at a U.S. consulate, so this proposal doesn’t apply to them. In a little twist of irony, some critics said U.S. President Obama’s proposal for foreign travelers is so bad, it must have been hatched by Donald Trump.

Submission + - What NASA could teach Tesla about the limits of autopilot (scientificamerican.com)

DirkDaring writes: Tesla's autopilot along with Uber, Google and others has gotten seemingly weekly attention in the news for cars which drive by themselves. But another rather large organization has already been down this path for a very long time — NASA. They found that the more foolproof the automation’s performance becomes the harder it is for an on-the-loop supervisor (or driver) is to monitor it, which is the opposite of what Tesla is aiming their autopilot to be.

Submission + - Domino's to Deliver Pizza by Drone (roboticstrends.com)

An anonymous reader writes: Pizza lovers everywhere rejoice. Flirtey and Domino’s are developing pizza delivery drones, successfully demoing the system today in Auckland, New Zealand.

The companies say pizza-by-drone deliveries to customer homes could begin later in 2016 from a select New Zealand Domino’s store. And, yes, the drone delivery system keeps your pizza or breadsticks pipping hot.

Flirtey’s staff help Domino’s workers safely load the delivery drones at the store. The drones then fly at around 200 feet in the air and the customer is notified as the delivery is approaching. The deliveries are then made to customer’s home by safely lowering the package out of the air.

Slashdot Top Deals

If a 6600 used paper tape instead of core memory, it would use up tape at about 30 miles/second. -- Grishman, Assembly Language Programming