Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - NSA-Leaking Shadow Brokers Just Dumped Its Most Damaging Release Yet (arstechnica.com)

An anonymous reader writes: The Shadow Brokers—the mysterious person or group that over the past eight months has leaked a gigabyte worth of the National Security Agency's weaponized software exploits—just published its most significant release yet. Friday's dump contains potent exploits and hacking tools that target most versions of Microsoft Windows and evidence of sophisticated hacks on the SWIFT banking system of several banks across the world. Friday's release—which came as much of the computing world was planning a long weekend to observe the Easter holiday—contains close to 300 megabytes of materials the leakers said were stolen from the NSA. The contents (a convenient overview is here) included compiled binaries for exploits that targeted vulnerabilities in a long line of Windows operating systems, including Windows 8 and Windows 2012. It also included a framework dubbed Fuzzbunch, a tool that resembles the Metasploit hacking framework that loads the binaries into targeted networks. Independent security experts who reviewed the contents said it was without question the most damaging Shadow Brokers release to date. One of the Windows zero-days flagged by Hickey is dubbed Eternalblue. It exploits a remote code-execution bug in the latest version of Windows 2008 R2 using the server message block and NetBT protocols. Another hacking tool known as Eternalromance contains an easy-to-use interface and "slick" code. Hickey said it exploits Windows systems over TCP ports 445 and 139. The exact cause of the bug is still being identified. Friday's release contains several tools with the word "eternal" in their name that exploit previously unknown flaws in Windows desktops and servers.

Submission + - Last Jedi Trailer Is Out (youtube.com)

xxxJonBoyxxx writes: The Last Jedi trailer is out:
https://www.youtube.com/watch?...

It's pretty much what you'd expect (after watching dozens of fanboy trailers) — skip to the second half to see anything interesting. Not sure what the ships painting the planet in formation are up to, but I did like the armada of rebellion ships near the end.

Submission + - Does space heat up when you accelerate? Physicists to test controversial idea (sciencemag.org)

sciencehabit writes: More than 40 years ago, a leading relativity theorist made a surprising prediction. Whereas empty space should feel immeasurably cold to any observer gliding along at a constant speed, one who is accelerating, say because he's riding a rocket, would find empty space hot. This so-called Unruh effect seemed practically impossible to measure, but now four theorists claim they have devised a doable experiment that could confirm the underlying physics. Skeptics say it will do no such thing—but for contradictory reasons.

"The hope is that this will convince skeptics that the whole thing is coherent," says Stephen Fulling, a theoretical physicist and mathematician at Texas A&M University in College Station who was not involved in the work. But Vladimir Belinski, a theorist at International Network of Centers for Relativistic Astrophysics in Pescara, Italy, says, "The Unruh effect is nonsense, it's based on a mathematical mistake."

Submission + - SPAM: How often is Linux really used in Linux-related jobs? 3

jumpingjack1 writes: Long story short, my employer got upset because I was doing my development work through Linux rather than Windows. He claims it's because everyone else in this company uses Windows and that most corporations do Linux development through Windows terminals. This is only my second Linux job (first one didn't mind at all) and needless to say, I'm not sure what the real world looks like.
Link to Original Source

Submission + - UW Professor: The Information War Is Real, And We're Losing It (seattletimes.com)

An anonymous reader writes: It started with the Boston marathon bombing, four years ago. University of Washington professor Kate Starbird was sifting through thousands of tweets sent in the aftermath and noticed something strange. Too strange for a university professor to take seriously. “There was a significant volume of social-media traffic that blamed the Navy SEALs for the bombing,” Starbird told me the other day in her office. “It was real tinfoil-hat stuff. So we ignored it.” Same thing after the mass shooting that killed nine at Umpqua Community College in Oregon: a burst of social-media activity calling the massacre a fake, a stage play by “crisis actors” for political purposes. “After every mass shooting, dozens of them, there would be these strange clusters of activity,” Starbird says. “It was so fringe we kind of laughed at it. “That was a terrible mistake. We should have been studying it.” Starbird argues in a new paper, set to be presented at a computational social-science conference in May, that these “strange clusters” of wild conspiracy talk, when mapped, point to an emerging alternative media ecosystem on the web of surprising power and reach. There are dozens of conspiracy-propagating websites such as beforeitsnews.com, nodisinfo.com and veteranstoday.com. Starbird cataloged 81 of them, linked through a huge community of interest connected by shared followers on Twitter, with many of the tweets replicated by automated bots. Starbird is in the UW’s Department of Human Centered Design & Engineering — the study of the ways people and technology interact. Her team analyzed 58 million tweets sent after mass shootings during a 10-month period. They searched for terms such as “false flag” and “crisis actor,” web slang meaning a shooting is not what the government or the traditional media is reporting it to be. Then she analyzed the content of each site to try to answer the question: Just what is this alternative media ecosystem saying? Starbird is publishing her paper as a sort of warning. The information networks we’ve built are almost perfectly designed to exploit psychological vulnerabilities to rumor.

Submission + - About 90% of Smart TVs Vulnerable To Remote Hacking Via Rogue TV Signals (bleepingcomputer.com)

An anonymous reader writes: A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Scheel's method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV's background processes, meaning users won't notice when an attacker compromises their TVs. The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA's Weeping Angel toolkit, which makes his work even more impressing. Furthermore, Scheel says that "about 90% of the TVs sold in the last years are potential victims of similar attacks," highlighting a major flaw in the infrastructure surrounding smart TVs all over the globe. At the center of Scheel's attack is Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable providers and smart TV makers that "harmonizes" classic broadcast, IPTV, and broadband delivery systems. TV transmission signal technologies like DVB-T, DVB-C, or IPTV all support HbbTV. Scheel says that anyone can set up a custom DVB-T transmitter with equipment priced between $50-$150, and start broadcasting a DVB-T signal.

Submission + - UK home secretary peddling Security Snake Oil (bbc.co.uk)

Martin S. writes: Amanda Rudd the UK Home Secretary responsible for Policing is peddling security snake oil. Ignoring the big problem with information security is that is really is impossible to tell the difference between good security and bad security without an expert and we all know what the current crop of politicons they think of experts. https://www.schneier.com/crypt...

Submission + - Prominent Drupal and PHP dev kicked from the Drupal project over Gor beliefs (techcrunch.com) 1

An anonymous reader writes: Last week the Drupal community erupted in anger after its leader, Dries Buytaert, asked Larry Garfield, a prominent Drupal contributor and long-time member of the Drupal and PHP communities, “to leave the Drupal project.” Buytaert claims he did this "because it came to my attention that he holds views that are in opposition with the values of the Drupal project.". A huge furor has erupted in response — not least because the reason clearly has much to do with Garfield’s unconventional sex life. Buytaert made his post in response after Larry went public, outing himself to public opinion.

Submission + - SPAM: In Fourth Lagrangian Area Spacecraft Finds No Earth-Trojan Asteroids, NASA's OSI

Joliaanderson12 writes: The Osiris-Rex spacecraft, which was heading for the near-Earth asteroid Pino, has successfully cleared part of the area surrounding the Trojan asteroids, NASA said on Friday. Although no such asteroids were detected, the survey showed that the main instrument on board the spacecraft worked much better than expected.
Link to Original Source

Submission + - Over 14K Let's Encrypt SSL Certificates Issued to PayPal Phishing Sites (bleepingcomputer.com) 1

An anonymous reader writes: During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites. Other CAs have issued a combined number of 461 SSL certificates containing the term "PayPal" in the certificate information, which were later used for phishing attacks. This number is far smaller compared to misused Let's Encrypt certs.

Assuming that current trends continue, Let’s Encrypt will issue 20,000 additional “PayPal” certificates by the end of this year, bringing the total up to 35,000 over the past two years. To blame for this situation is Let's Encrypt, who said in a mission statement it doesn't intent to police the Internet. Browser makers are also to blame [1, 2], along with "security experts" who tell people HTTPS is "secure," when they should point out HTTPS means "encrypted communication channel," and not necessarily that the destination website is secure.

Submission + - Supermassive black hole rocketing out of distant galaxy at 5 million mph

The Bad Astronomer writes: Astronomers have found a supermassive black hole barreling out of its home galaxy at 5 million mph. The 3 billion solar mass behemoth formed from the merger of two slightly smaller black holes after two galaxies collided and themselves merged. The resulting blast of gravitational waves is thought to have been asymmetric, causing a rocket effect which launched the resulting black hole away. It's currently 40,000 light years from the galaxy's core.

Submission + - Hash indexes are faster than Btree indexes? (blogspot.in)

amitkapila writes: PostgreSQL supports Hash Index from a long time, but they are not much used in production mainly because they are not durable. Now, with the next version of PostgreSQL, they will be durable. The immediate question is how do they perform as compared to Btree indexes. This blog has tried to answer that question.

Submission + - Trump's proposed budget would result in big spending cuts for renewables (computerworld.com)

Lucas123 writes: The Trump administration's newly released 2018 budget proposal outlining changes to discretionary would likely cut spending on renewable energy. For example, not only does the proposed budget cut the EPA and Energy Department budget by 31% and 6%, respectively, it would also not fund the Clean Power Plan and other climate change programs. With the CPP gone, the U.S. would likely see fewer retirements of coal-fired power plants due to carbon emissions and less impetus for the procurement of utility-grade solar power. The good news for renewables: the budget would not have any impact on the solar investment tax credit, carbon tax proposals or state-based solar subsidies, according to Amit Ronen, director of the Solar Institute at George Washington University. Additionally, renewable energy resources, such as solar panels, have gained too much momentum and aren't likely to be deterred by regulatory changes at this point, according to Raj Prabhu, CEO of Mercom Capital Group, a clean energy research firm. For example, even with the dissolution of the CPP, the number of coal-fired generators is still expected to be reduced by about one-third through 2030, or by about 60 gigawatts of capacity, according to the U.S. Energy Information Administration (EIA). Meanwhile, wind and solar are by far the fastest growing energy sectors, which indicates an appetite by utilities and consumers that is highly unlikely to be slowed by regulatory changes at the federal level, experts said.

Submission + - Renewable energy now Australia's cheapest power option (econews.com.au)

Socguy writes: With the cost of gas rising and the cost of storage falling, true cost renewables (renewables + storage) have become the cheapest option in Austrailia.

Carbon capture technology will not be ready for prime time till perhaps as late as 2030 and by then there may be no appetite to build new base-load generating stations as they are too inflexible to compete in the modern electrical infrastructure.

Submission + - How to effectively implement sitewide file encryption?

Pig Hogger writes: The recent assertion that, given the recent CIA/Wikileaks dump about “encryption really working” makes encryption much more desirable.

So, if you decide to implement server-level encryption accross all your servers, how do you manage the necessary keys/passwords/passphrases to insure that you both have maximum uptime (you can access your data if you need to reboot your servers), yet that the keys cannot be compromised, as if the password is known by many different people, because, once the server is seized, you can’t change the password?

What are established practices to address this issue?

Slashdot Top Deals

If you had better tools, you could more effectively demonstrate your total incompetence.

Working...