Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror

Submission + - Slack Patches Vulnerability In Windows Client That Could Be Used To Hijack Files (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: On May 17, researchers at Tenable revealed that they had discovered a vulnerability in the Windows version of the desktop application for Slack, the widely used collaboration service. The vulnerability, in Slack Desktop version 3.3.7 for Windows, could have been used to change the destination of a file download from a Slack conversation to a remote file share owned by an attacker. This would allow the attacker to not only steal the files that were downloaded by a targeted user, but also allow the attacker to alter the files and add malware to them. When victims opened the files, they would get a potentially nasty surprise. Tenable reported the vulnerability to Slack via HackerOne. Slack has issued an update to the Windows desktop client that closes the vulnerability.

Comment Re:It is an RPG (Score 1) 211

it is a fantastic immersive experience

Exactly. There are many who play games like this because they want to escape their surroundings and live, for a while, in another time/place/reality. It's escapism, a vacation.

RDR2 is the closest thing we have to a real Westworld right now. Sure, there's a story line and objectives so you can still consider it a game. But that's just to support the real purpose, which is to live as a cowboy for a while.

Submission + - SPAM: 6 seconds: How hackers only need moments to guess card number and security code 1

Submitted by schwit1
schwit1 writes: Criminals can work out the card number, expiry date and security code for a Visa debit or credit card in as little as six seconds using guesswork, researchers have found.

Fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud, and this may have been the method used in the recent Tesco Bank hack.

According to a study published in the academic journal IEEE Security & Privacy, that meant fraudsters could use computers to systematically fire different variations of security data at hundreds of websites simultaneously.

Within seconds, by a process of elimination, the criminals could verify the correct card number, expiry date and the three-digit security number on the back of the card.

Mohammed Ali, a PhD student at the university's School of Computing Science, said: "This sort of attack exploits two weaknesses that on their own are not too severe but, when used together, present a serious risk to the whole payment system.
Link to Original Source

Comment Re:It is a tool to hack, you idiot (Score 5, Insightful) 179

by saps1e (#52737901) Attached to: Computer Science Professor Mocks The NSA's Buggy Code
Agreed. Considering this in the context of "cyberweapon", many weapons have been poorly designed and/or rushed into service, so this may be par for the course. I haven't looked at the code myself, but I would imagine that having a small footprint, both in terms of size and resources, is key to running undetected. Cutting corners, minimal encryption... those could be considered advantages here.

Submission + - TAG Heuer Launches 'Connected' Android Wear Smartwatch With Intel Inside (hothardware.com)

Submitted by MojoKid
MojoKid writes: Today, TAG Heuer officially announced its Connected Watch, which is its fist watch to run Google's Android Wear operating system. $1,500 may sound like a lot to spend on a smartwatch, but TAG Heuer reckons that the high price tag won't matter given the pedigree attached to its newest wearable. The Connected takes more than a few cues from TAG Heuer's own Carrera analog watch, but replaces the intricately designed and assembled mechanical internals with microchips. TAG Heuer worked closely with both Google and Intel while developing the Connected. The smartwatch is powered by an Intel Atom Z34XX processor and offers Bluetooth LE, Wi-Fi, 4GB of internal storage, gyroscopic sensors and a grade 2 titanium casing.

Submission + - Computerworld: Fury and fear in Ohio as IT jobs go to India (computerworld.com)

Submitted by ErichTheRed
ErichTheRed writes: A company called Cengage Learning now joins the Toys 'R Us, Disney and Southern California Edison IT offshoring club. Apparently, even IT workers in low-cost parts of the country are too expensive and their work is being sent to Cognizant, one of the largest H-1B visa users. As a final insult, the article describes a pretty humiliating termination process was used. Is it time to think about a professional organization before IT goes the way of manufacturing?

Submission + - China, Russia try to hack Australia's upcoming submarine plans

Submitted by Anonymous Coward
An anonymous reader writes: Chinese and Russian spies have attempted to hack into the top secret details of Australia’s future submarines, with both Beijing and Moscow believed to have mounted repeated cyber attacks in recent months. One of the companies working on a bid for Australia's new submarine project said it records between 30 and 40 cyberattacks per night.

Submission + - The Sophisticated Business of Today's Most Nasty Phishing Attacks

Submitted by snydeq
snydeq writes: Forget Nigerian princes — today’s spearphishing is sophisticated business, fooling even the most seasoned security pros, writes InfoWorld's Roger A. Grimes, in a look at what sets today’s most sophisticated spearphishing attempts apart. 'Most of the time, phishing attempts are a minor menace we solve with a Delete key. Enter spearphishing: a targeted approach to phishing that is proving nefariously effective, even against the most seasoned security pros. Why? Because they are crafted by thoughtful professionals who seem to know your business, your current projects, your interests. They don’t tip their hand by trying to sell you anything or claiming to have money to give away. In fact, today’s spearphishing attempts have far more sinister goals than simple financial theft.'

Submission + - Senator Paul stands for over ten hours in Senate over NSA bulk data collection. (aljazeera.com)

Submitted by Anonymous Coward
An anonymous reader writes: Sen. Rand Paul held up a vote on the Fast Track Authority for a eleven hour dissertation on the flaws of the Patriot Act, the replacement the USA Freedom Act, bulk data collection including credit card purchases, the DEA and IRS's use of NSA intel. for "parallel construction", warrant-less GPS bugs on vehicles, as well as the important distinction of a general warrant v a spacific one.

The memes that have been created are clever too, "I don't normally take over C-Span2, but when I do -people watch C-Span2." Of course, the expected #StandWithRand and posting selfies with people actually watching C-Span2.

Comment Re:North Pole (Score 1) 496

by saps1e (#49741457) Attached to: The Brainteaser Elon Musk Asks New SpaceX Engineers
Supposing you could walk at a speed equal to Earth's rotation (you're in really, really great shape!), the equator (or really, anywhere except very near the poles) could be an answer. Walking westward at that speed, you'd counter Earth's easterly rotation. You'd end up in a different spot in relation to the planet's surface, but be in the same position relative to space. And space is what really matters at this job, right?

Submission + - The Reason For Java's Staying Power: It's Easy To Read

Submitted by jfruh
jfruh writes: Java made its public debut twenty years ago today, and desite a sometimes bumpy history that features its parent company being absorbed by Oracle, it's still widely used. Mark Reinhold, chief architect for the Oracle's Java platform group, offers one explanation for its continuing popularity: it's easy for humans to understand it at a glance. "It is pretty easy to read Java code and figure out what it means. There aren’t a lot of obscure gotchas in the language ... Most of the cost of maintaining any body of code over time is in maintenance, not in initial creation."

Submission + - Belize's 'Blue Hole' Reveals Clues to Maya's Demise

Submitted by Anonymous Coward
An anonymous reader writes: The collapse of the Mayan civilization has been a mystery for decades, but now new research suggests that the blue hole of Belize could provide an answer. Studying minerals from Belize's famous underwater cave, researchers have discovered that an extreme drought occurred between AD 800 and AD 900, which is when the Mayan civilization collapsed. From the article: "Although the findings aren't the first to tie a drought to the Mayan culture's demise, the new results strengthen the case that dry periods were indeed the culprit. That's because the data come from several spots in a region central to the Mayan heartland, said study co-author André Droxler, an Earth scientist at Rice University."

Submission + - Neil DeGrasse Tyson Explains his Christmas Tweet. (mediaite.com) 1

Submitted by 140Mandak262Jamuna
140Mandak262Jamuna writes: Neil DeGrasse Tyson tweeted on christmas day what appeared to begin as a tribute to Infant Jesus, but ended up celebrating Isaac Newton who shares his birthday with Jesus, (with sufficient allowances for the estimate of Jesus' and the confusion between Gregorian and Julian calenders for Newton). Apparently this was retweeted some 77000 times, far above his average of 3.5K retweets. He doubled down on it by tweeting about people being offended by objective truths. Then wrote a fuller explanation.

Submission + - A smart electric bike: taking the Copenhagen Wheel out for a spin (xconomy.com)

Submitted by mlamonica
mlamonica writes: Bikes are a great way to get around the city. But what if it's just too hilly or far to commute by bike? That's where Superpedestrian wants to come in. With a license from MIT's Senseable City Lab, they're commercializing the Copenhagen Wheel, a bike wheel replacement that gives riders electric assist, and through 12 embedded sensors, lots of information on a smart phone app. I took the bike for a ride at the Cambridge office and offer this review.

Slashdot Top Deals

You will lose an important tape file.

Close