Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment This shows... (Score 1) 24

...that connecting sites, and allowing one site to post to another, increases your attack surface. It also shows that a failure to police these connections can increase risk as older services become "stale."

Twitter, Facebook, et al should introduce security tools to help remind users. "Hey, you haven't used "Cartoon your face" in two years. Would you like to disable access to your account? You can always change it back later."

Submission + - Microsoft Adds Network 3D Printer Support For Raspberry Pi, Windows 10 IoT Core

Mickeycaskill writes: Microsoft has added support for networked 3D printers to the Windows 10 IoT Core platform, which is used by devices such as gateways and the Raspberry Pi

The Network 3D Printer app connects 3D printers via Wi-Fi and lets multiple Windows devices link up across a network. 3D printers will act like any other network device, such as a scanner or wireless mouse, which can then be simply added on to the PC.

Microsoft included a 3D printing app in Windows 10, the aptly-named Microsoft 3D Builder, but says that the new launch will support other services too.

A recent report from Gartner predicts 3D printers are set to become a common presence in homes and businesses. Analysts forecast shipments will more than double every year between 2016 and 2019, reaching more than 5.6 million.

Submission + - Cybercriminals Add DDoS Component To Ransomware Payloads

An anonymous reader writes: Instead of just encrypting data files on a workstation (plus any network drive it can find) and locking the machine, a new variant of the Cerber ransomware is now adding a DDoS bot that can quietly blast spoofed network traffic at various IPs, according to KnowBe4. This is the first time DDoS malware has been bundled within a ransomware infection. It means that while the victim is unable to access their endpoint, that same endpoint is being used to deny service to another victim. Two attacks for the price of one (and two ways cybercriminals can make money off victims).

Submission + - What phone respects privacy and security in 2016?

An anonymous reader writes: There have been revelations about Blackberry encryption keys. Firefox OS is dead. Apple has a decent track record, but they maintain a walled garden. Microsoft has less than 1% market share, and Windows 10's privacy hasn't been well regarded. Google sells ads based on what you do, and firmware update availability is hit or miss.

If you don't want to buy into feudalism, and want a mobile device that serves you, and you alone, where do you go in 2016?

Submission + - Facebook Acquires Audio Company To Launch VR and 360-Degree Sound Design Tool (

An anonymous reader writes: Facebook is looking to improve its virtual-reality audio experience with the acquisition of Two Big Ears. Facebook is rereleasing Two Big Ears' "Spatial Workstation" software as the Facebook 360 Spatial Workstation, reports VentureBeat. The software is designed to "make VR audio succeed across all devices and platforms," and Two Big Ears developers will be merged with Facebook's Oculus team of employees. The acquisition of Two Big Ears is being made by Facebook and not Oculus — the program is branded as a Facebook product, focused on 360-degree video and VR. The Spatial Workstation was first released last fall and was a platform for mixing audio that sounded realistically three-dimensional. Two Big Ears will provide "support in accordance with your current agreement" for the next 12 months to those who purchased a paid license to the old workstation. The company says it "will continue to be platform and device agnostic," not being licked into the Rift or Gear VR.

Submission + - "Buy Now" Button Misleads Purchasers of Digital Media (

An anonymous reader writes: This new study by UC Berkeley finds that consumers think they have all sorts of rights in their digital media downloads that they do not. The study finds that the "buy now" button may be causing this confusion.

Comment Well, kinda. There is flawed reasoning here. (Score 3, Insightful) 245

The assumption here is that an attacker choosing the easiest way has no other route. It would be safer to say that the route used by the worm would have been unavailable if basic preventative steps had been taken.

It's like the old joke. "Ever wonder why whatever you're looking for is always in the last place you look?" "Well, sure, once you've found it, why keep looking?"

Microsoft seems to think the authors would have stopped looking without finding an exploit route. Instead, they found one, and stopped looking.

Comment Re:Mixed message (Score 1) 627

Eh, I kinda agree with him. I hate it when my phone is a computer too.

I do appreciate that Apple has spent some time making things snappy. I understand this isn't always the case (iOS 4 on iPhone 3G for example).

It sounds like he's complaining about being told that he has to update this, scan that, defrag something, and turn on his firewall for crissakes. My netbook is far more interested in telling me that whatever programs I run at boot have a new version out than just opening whatever program I need to use badly enough to have turned the thing on.

And that's the deal here - firing up a desktop operating system in the first place requires a certain amount of work and carries with it a certain cost that makes using a desktop operating system for short periods inefficient.

If you want to, for example, check the weather, for many, it's going to take five minutes of computer stuff to support a minute of the actual task.

Now, someone is going to come in and tell me that Ubintows 7X Meerkat boots faster than an iPad on a triskadecacore i8 with SSD, but I say that's not everyone's experience.

Further, the iPad doesn't expose the finer points of computer configuration, use, and management. The Slashdot crowd has a lot of people whose work exists in that stuff. I'm one, and time with an iPad or CR-48 makes me feel like I can't get work done, but that's often because my work is "computery." For people whose work is word processing, it doesn't matter so much.

So, Slashdot, if your work is working on the tool, it's easy to see a tool that doesn't need your kind of work as a tool that prevents you from doing work.

Comment Re:DansGuardian (Score 1) 384

Agreed on DansGuardian. You'd want all ports closed for all users in the organization, including 80 and 443, then you'd want to create an exception for the Dansguardian box.

Also, even if it's on older hardware, consider setting up a second box to serve as backup. Look into proxy autoconfiguration files. You can return two proxy addresses in an autoconfig file, and if your main proxy is down, your clients will silently fail over to the other box. The config files also allow your internal traffic to skip the proxy for things like your intranet site.

Also, consider putting /var/log on it's own partition, if you aren't already. You don't want to let forgetting about your logging directory free space to be able to kick your whole organization off the web.

On squid (DansGuardian is often used with squid) look at your http_safe_ports (I might have that variable a little munged, as I'm not in the config right now) to make sure it's right for your org, and that it matches what your firewall is allowing out.

Data Storage

Submission + - Write Once Optical M-Disc Stores Your Data Forever (

MojoKid writes: "M-Disc technology is a new write once and read forever optical disc format developed by Millenniata. Current DVD technology uses organic dyes and low laser power to make marks on the data layer of a standard recordable DVD. Over time, these marks become unreadable because organic dyes degrade when exposed to minimal levels of light, heat, and humidity, and they have an average lifespan of only about 3 to 5 years. M-Discs store data in physical pits in a patented data layer made entirely of inorganic materials and compounds. The material stays solid from room temperature on up to 500C. Think of it as the modern day equivalent to carving in stone."

Submission + - Cryptanalysis of full AES (

betterunixthanunix writes: Just presented at the rump session of CRYPTO2011: a key recovery attack on the full AES, for all versions (128, 192, 256 bit keys). The attack involves a novel method of cryptanalysis, and results in a key recovery faster than brute force. Luckily, "faster" in this context is still not nearly fast enough to be practical, and AES remains more secure than triple DES (so don't panic just yet).

Slashdot Top Deals

"If you can, help others. If you can't, at least don't hurt others." -- the Dalai Lama