Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Proposed 'social media ID, please' law met with anger (computerworld.com)

dcblogs writes: A plan by the U.S. government to require some foreign travelers to provide their social media IDs on key travel documents is being called by critics “ludicrous,” an “all-around bad idea,” “blatant overreach,” “desperate, paranoid heavy-handedness,” “preposterous,” “appalling,” and “un-American." That's just a sampling of the outrage. Some 800 responded to the U.S. request for comments about a proposed rule affecting people traveling from “visa waiver” countries to the U.S., where a visa is not required. This includes most of Europe, Singapore, Chile, Japan, South Korea, Australia and New Zealand. Travelers will be asked to provide their Twitter, Facebook, Instagram, LinkedIn, Google+, and whatever other social ID you can imagine to U.S. authorities. It’s technically an “optional” request, but since it’s the government asking, critics believe travelers will fear consequences if they ignore it. People who are traveling from a country where a visa is required, such as India or China, get a security vetting when they apply for a visa at a U.S. consulate, so this proposal doesn’t apply to them. In a little twist of irony, some critics said U.S. President Obama’s proposal for foreign travelers is so bad, it must have been hatched by Donald Trump.

Submission + - What NASA could teach Tesla about the limits of autopilot (scientificamerican.com)

DirkDaring writes: Tesla's autopilot along with Uber, Google and others has gotten seemingly weekly attention in the news for cars which drive by themselves. But another rather large organization has already been down this path for a very long time — NASA. They found that the more foolproof the automation’s performance becomes the harder it is for an on-the-loop supervisor (or driver) is to monitor it, which is the opposite of what Tesla is aiming their autopilot to be.

Submission + - Domino's to Deliver Pizza by Drone (roboticstrends.com)

An anonymous reader writes: Pizza lovers everywhere rejoice. Flirtey and Domino’s are developing pizza delivery drones, successfully demoing the system today in Auckland, New Zealand.

The companies say pizza-by-drone deliveries to customer homes could begin later in 2016 from a select New Zealand Domino’s store. And, yes, the drone delivery system keeps your pizza or breadsticks pipping hot.

Flirtey’s staff help Domino’s workers safely load the delivery drones at the store. The drones then fly at around 200 feet in the air and the customer is notified as the delivery is approaching. The deliveries are then made to customer’s home by safely lowering the package out of the air.

Submission + - Wrong chemical dumped into Olympic pools made them green (arstechnica.com)

Z00L00K writes:

After a week of trying to part with green tides in two outdoor swimming pools, Olympic officials over the weekend wrung out a fresh mea culpa and yet another explanation—neither of which were comforting. According to officials, a local pool-maintenance worker mistakenly added 160 liters of hydrogen peroxide to the waters on August 5, which partially neutralized the chlorine used for disinfection. With chlorine disarmed, the officials said that “organic compounds”—i.e. algae and other microbes—were able to grow and turn the water a murky green in the subsequent days. The revelation appears to contradict officials’ previous assurances that despite the emerald hue, which first appeared Tuesday, the waters were safe.

I would personally have avoided using the green pools, but that's just me.

Submission + - NVIDIA Drops Pascal Desktop GPUs Into Laptops With Mobile GeForce GTX 10-Series (hothardware.com)

MojoKid writes: NVIDIA's new Pascal core graphics architecture is being driven throughout the company's entire product portfolio, as is typically the case. Today, NVIDIA brings Pascal to notebooks with the introduction of the NVIDIA Mobile GeForce GTX 10-Series. What's interesting is that the first laptop-targeted GPUs are actually quite similar to their desktop counterparts. In fact, all three of the Mobile GeForce GTX 10-Series graphics processors NVIDIA is announcing today come sans the traditional "M" tacked on the end of their model numbers. As it turns out, the migration to a 16nm manufacturing process with Pascal has been kind to NVIDIA and the Mobile GeForce GTX 1080 and Mobile GeForce GTX 1060 have nearly identical specs to their desktop counterparts, from CUDA core counts, to boost, and memory clock speeds. However, the Mobile GeForce GTX 1070 actually has a few more CUDA cores at 2048, versus 1920 for the desktop GTX 1070 (with slightly lower clocks). By tweaking boost clock peaks and MXM module power requirements, NVIDIA was able to get these new Pascal mobile GPUs into desktop replacement class machines and even 5-pound, 15-inch class standard notebook designs (for the 1060). In the benchmarks, the new Mobile GeForce GTX 10-Series blows pretty much any previous discrete notebook graphics chip out of the water and smooth 4K or 120Hz gaming is now possible on notebook platforms.

Submission + - Banks still not sanitizing user input.

BarbaraHudson writes: Recently I tried once again to use my bank's mobile app. I had deleted it a couple of times in the past because I could never get it to work. The bank had all sorts of excuses — "Maybe your card hasn't been activated for online banking", "You need to download the latest version", "We'll need to reset your password", "We'll issue you a new card", etc. New card, password reset both did nothing.

Turns out that entering the card number as shown on the card will never work. The card format is 9999 9999 9999 9999 (spaces between each group of 4 digits). They failed Rule 00; sanitize input.

Entering the number in that format will always fail. In this case they failed to remove spaces before testing whether the card number was valid. The android code to remove the embedded spaces is pretty generic one-liner:

String cardNo = edittext.getText().toString().replace(" ", "");

Looking at the online forums, others have had the same problem for the app's entire existence.

Having figured that out, I was immediately locked out for "too many failures to answer the security question". Of course, it never presented a security question, because the bozo who wrote the program incremented some "bad answer" counter on every login attempt, even if they never got to the point of seeing a security question. It also locks you out of using web banking on the same account..

Locking someone out of their account is now easy as pie, because it also works if the user enters their name instead of their card number. (If you have 5 John Smiths, you'll lock them all out, since access is granted based on both the user name and password matching if the account number isn't entered). Just load up an android app for the bank (I won't disclose which bank until 45 days have passed since notifying them today), enter their name and a bogus password a few times, and every John Smith is locked out. And of course, if the so-called developers are failing to do such basic input sanitation, it makes me pretty sure there are other intern-level programmer bugs are awaiting exploitation elsewhere.

Adding frustration is that they cannot do a password reset over the phone unless you have already signed up for telephone banking. Now why would anyone sign up for telephone banking when an app or the web is supposed to be more convenient? The excuse I was given is that they need it to establish my identity. So why not just text me an sms or email code that I can enter when requesting a password reset?

Lets hope other banks didn't use the same app geniuses.

Submission + - NASA TV to Air Spacewalk Live on August 19 (spacecoastdaily.com)

William Robinson writes: NASA Television will be bringing to viewers around the world live coverage Friday, Aug. 19, as two NASA astronauts install a new gateway for American commercial crew spacecraft at the International Space Station. Walking in space alone poses a threat to the astronauts performing their duty, but the new mission of installing a dock into the ISS adds to the level of difficulties that astronauts will need to survive in order to perform their duty. Coverage will begin at 6:30 a.m. EDT Aug. 19, on NASA TV and the agency’s website, with the spacewalk scheduled to begin at 8:05 a.m. Leading up to the spacewalk, NASA TV will air a briefing from the agency’s Johnson Space Center in Houston at 2 p.m. Monday, Aug. 15, during which station and commercial crew experts will discuss the process and significance of installing and connecting the first of two international docking adapters (IDAs) that will be used for the future arrivals of Boeing and SpaceX commercial crew spacecraft. Not an event to miss.

Submission + - Volkswagen screws up again, 100 million remote controls hacked (wired.com) 1

An anonymous reader writes: The Wired writes that 100 million vehicles are vulnerable to a new Volkswagen hack. Researches from Birmingham (UK) and Germany discovered that vehicles which are manufactured by Volkswagen (including Seat, Skoda and Audi) in at least the last 15 years use a very insecure remote control system. Today, the scientific article, that describes the technical details and severity of the problem, is publicly released at the 25th USENIX Security Symposium 2016. It shows that the remote controls use some sort of cryptography, however, VW simply decided to use only one global encryption key for all their cars worldwide. This basically means there is no security all, only obscurity, since every key and every car contains the same secret. The research report states that:

The attacks are hence highly scalable and could be potentially carried out by an unskilled adversary. Since they are executed solely via the wireless interface, with at least the range of the original remote control (i.e., a few tens of meters), and leave no physical traces, they pose a severe threat in practice.

It is interesting how insurance companies might respond to this exposure. All vulnerable cars can be remotely unlocked with information that is extracted from just one recording that is intercepted from a significant distance. Moreover, the alarm system is disabled as well, which enables an adversary to enter the car and connect directly to the On Board Diagnostic (OBD) socket to disable the immobilizer and drive away.

Submission + - Retro computer project directors row (bbc.co.uk)

Big Hairy Ian writes: The founders of a crowd-funded project to make a retro computer games console, backed by Spectrum inventor Sir Clive Sinclair, have distanced themselves from the company they used to run.
Retro Computers has received £417,375 ($542,000) from an Indiegogo campaign.
But former directors Paul Andrews and Chris Smith said they had been unable to answer backers' concerns and were now "publicly distancing" themselves.
The company accused Mr Andrews and Mr Smith of developing a rival product.

Submission + - Windows 10 Anniversary Update Is Infested With Bugs (cio.com)

itwbennett writes: As previously reported on Slashdot, in Tuesday's updates, Microsoft disabled RC4 in its Microsoft Edge and Internet Explorer browsers on Windows 7, Windows 8.1 and Windows 10, after deeming the cipher 'no longer cryptographically secure.' The company also fixed 'a serious security flaw in the Windows PDF Library.' But these aren't the only bugs being reported in the Windows 20 Anniversary Update. CIO.com's Bill Snyder reports that 'there are widespread reports of significant bugs in the update, and they're causing systems to freeze, browsers to misbehave, and peripherals — including Xbox One controllers — to malfunction. Two major antivirus companies also warn that incompatibilities with Windows 10 could open up users to security risks.'

Submission + - Widespread Linux Flaw Allows TCP Session Hijacking, Data Injection

Trailrunner7 writes: The TCP implementation in all Linux systems built since 2012 has a serious flaw that can allow an attacker to terminate or inject data into a session between any two vulnerable machines on the Internet. The bug could also be used to end encrypted connections or downgrade the privacy of connections run through Tor or other anonymity networks.

The vulnerability was introduced in Linux 3.6 and an attacker does not need to be in a man-in-the-middle position in order to exploit it. The researchers at the University of California Riverside who discovered the flaw say that it results from an attackers ability to infer the TCP sequence numbers for the packets flowing between two hosts.

Submission + - Lenovo Fails To Perform Planned Spark SSD Demo

An anonymous reader writes: Lenovo, the Chinese PC giant, planned to unveil its long-anticipated Project Spark solid state drive for data center use. However, it backed out of the demonstration at the last minute, citing a ‘reassessment of the risk’ involved with completing a demonstration of the technology so far from the 2017 mid-year release date. Project Spark represents Lenovo’s initial entry into the highly competitive SSD market. A demonstration was planned at the Flash Memory Summit in California but was cancelled on the same day. The prototype SSD, approximately the size of a memory stick, is believed to have between 6 and 8TB of storage space. Lenovo is currently researching linking multiple Project Spark cards onto a single board, which could provide storage capacity of more than 48TB.

Slashdot Top Deals

"We don't care. We don't have to. We're the Phone Company."

Working...