Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - USB Death Sticks for Sale (arstechnica.com)

npslider writes: "A USB Killer", a USB stick that fries almost everything that it is plugged into has been mass produced—available online for about £50/$50. Arstechnica first wrote about this diabolical device that looks like a fairly humdrum memory stick a year ago. From the ARS article:

"The USB Killer is shockingly simple in its operation. As soon as you plug it in, a DC-to-DC converter starts drawing power from the host system and storing electricity in its bank of capacitors (the square-shaped components). When the capacitors reach a potential of -220V, the device dumps all of that electricity into the USB data lines, most likely frying whatever is on the other end. If the host doesn't just roll over and die, the USB stick does the charge-discharge process again and again until it sizzles.

Since the USB Killer has gone on sale, it has been used to fry laptops (including an old ThinkPad and a brand new MacBook Pro), an Xbox One, the new Google Pixel phone, and some cars (infotainment units, rather than whole cars... for now). Notably, some devices fare better than others, and there's a range of possible outcomes—the USB Killer doesn't just nuke everything completely."


Submission + - 6 seconds: How hackers only need moments to guess card number and security code (telegraph.co.uk) 1

schwit1 writes: Criminals can work out the card number, expiry date and security code for a Visa debit or credit card in as little as six seconds using guesswork, researchers have found.

Fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud, and this may have been the method used in the recent Tesco Bank hack.

According to a study published in the academic journal IEEE Security & Privacy, that meant fraudsters could use computers to systematically fire different variations of security data at hundreds of websites simultaneously.

Within seconds, by a process of elimination, the criminals could verify the correct card number, expiry date and the three-digit security number on the back of the card.

Mohammed Ali, a PhD student at the university's School of Computing Science, said: "This sort of attack exploits two weaknesses that on their own are not too severe but, when used together, present a serious risk to the whole payment system.

Submission + - Alien life could thrive in the clouds of failed stars (sciencemag.org)

sciencehabit writes: There’s an abundant new swath of cosmic real estate that life could call home – and the views would be spectacular. Floating out by themselves in the Milky Way galaxy are perhaps a billion cold brown dwarfs, objects many times as massive as Jupiter but not big enough to ignite as a star. According to a new study, layers of their upper atmospheres sit at temperatures and pressures resembling those on Earth, and could host microbes that surf on thermal updrafts.

The idea expands the concept of a habitable zone to include a vast population of worlds that had previously gone unconsidered. “You don’t necessarily need to have a terrestrial planet with a surface,” says Jack Yates, a planetary scientist at the University of Edinburgh in the United Kingdom, who led the study.

Submission + - Facebook started trending false news stories on a regular basis (citiesofthefuture.eu)

dkatana writes: "Facebook started trending false news stories on a regular basis." that's the conclusion of Susan Etlinger. She is an industry analyst at the thinktank, Altimeter Group, where she focuses on data strategy, analytics and ethical data use.

“In the Facebook News feed, which is optimized for engagement, the consequence is that the most controversial and provocative stories tend to be shared more than real news reporting, and Facebook has not had a way to make verification and authenticity an important part of the algorithm and then Facebook started trending false news stories on a regular basis.” That, Etlinger told Cities of the Future, “is an example where a machine has too much responsibility.”

When asked about the possibility of people using data and AI to influence political decisions and distort information to the public, Etlinger is outspoken:

We don’t even know the level of intentional misinformation that has been shared.” Etlinger says. “Obviously the US news media, as an example, is full of conspiracy theories right now. The reality is [AI] is an incredibly powerful technology, even more because it is very difficult, and in some cases impossible, to go back and understand exactly what happens in an algorithm, and AI.”

Submission + - Microsoft Outlook injecting advertisement and URL into personal email

mr_diags writes: Recently GoDaddy's iPhone email client was retired and they aggressively encouraged users to migrate to Microsoft Outlook client. I detest most Microsoft products and ended up migrating to Spark. My wife took the path of least resistance and migrated to Outlook for iPhone. Yesterday I received a short email from her and noticed a live hypertext link “Get Outlook for iOS” in her email. I asked her why she wrote that and she said she did not. Examining the email source it clearly shows the email sent from her Outlook client has text embedded in the body of her email in both the plain text and HTML sections of the payload – including a live URL.

Yes, she needs to check if Outlook client had some default configuration when installed that embedded the advertisement, maybe a default signature. And who knows what the EULA she blindly accepted allowed MS to do, but isn’t this effectively a hack of a person’s personal email to inject an advertisement?

Content of the email, scrubbed of personal addresses:

------=_Part_13617_1251458795.1470690450092
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

It's a white 6.

Get Outlook for iOS

Received: (qmail 23638 invoked by uid 30297); 8 Aug 2016 21:07:31 -0000
Received: from unknown (HELO p3plibsmtp02-14.prod.phx3.secureserver.net) ([72.167.218.25])
(envelope-sender <xxxxx@xxxxx.com>)
by p3plsmtp01-05.prod.phx3.secureserver.net (qmail-1.03) with SMTP
for <yyyy@yyyyy.us>; 8 Aug 2016 21:07:31 -0000
Received: from p3plsmtpa12-02.prod.phx3.secureserver.net ([68.178.252.231])
by p3plibsmtp02-14.prod.phx3.secureserver.net with bizsmtp
id Uku71t01H50JyDQ01l7WVW; Mon, 08 Aug 2016 14:07:31 -0700
Received: from mail.outlook.com ([52.32.165.217])
by p3plsmtpa12-02.prod.phx3.secureserver.net with
id Ul7W1t00A4hkzKG01l7Wm9; Mon, 08 Aug 2016 14:07:30 -0700
Date: Mon, 8 Aug 2016 21:07:30 +0000 (UTC)
From: xxxxx < xxxxx@xxxxx.com >
To: yyyy@yyyyy.us
Message-ID: <42D594FBB05BB1EC.2A5FFCE7-7B0A-44C6-8158-660A799F2AC9@mail.outlook.com>
In-Reply-To: <20160807214047.a3cf85ee342f91baffbcbe5e7a33596d.19fe9dae3e.wbe@email01.godaddy.com>
References: <20160807214047.a3cf85ee342f91baffbcbe5e7a33596d.19fe9dae3e.wbe@email01.godaddy.com>
Subject: Re: iPhone screens
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_13617_1251458795.1470690450092"
X-Mailer: Outlook for iOS and Android
X-Nonspam: Whitelist

------=_Part_13617_1251458795.1470690450092
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

It's a white 6.

Get Outlook for iOS

On Mon, Aug 8, 2016 at 12:40 AM -0400, <yyyy@yyyyy.us> wrote:

=C2=A0 =C2=A0Your screen parts shipped and ETA is Wednesday delivery.=C2=A0=
=C2=A0For your friends iPhone6 I've searched and found iPhone 6 — not 6plu=
s — screen repair kits for under $30, so depending on their model it may be=
reasonably priced to get the parts.

------=_Part_13617_1251458795.1470690450092
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<html><head></head><body><div>It's a white 6.<br><br><div class="acompli_signature">Get <a href="https://www.microsoft.com/en-us/outlook-com/mobile/?WT.mc_id=outlook_app_signature_1">Outlook for iOS</a></div><br></div><br><br><br>
<div class="gmail_quote">On Mon, Aug 8, 2016 at 12:40 AM -0400, <span dir="ltr">&lt;<a href="mailto:yyyy@yyyyy.us" target="_blank">yyyy@yyyyy.us</a>&gt;</span> wrote:<br>
<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div dir="3D&quot;ltr&quot;">
<span style="font-family:Verdana; color:#000000; font-size:10pt;"><div>&nbsp; &nbsp;Your screen parts shipped and ETA is Wednesday delivery.</div><div>&nbsp; &nbsp;For your friends iPhone6 I've searched and found iPhone 6 — not 6plus — screen repair kits for under $30, so depending on their model it may be reasonably priced to get the parts.</div></span>

</div>

</blockquote>
</div>
</body></html>
------=_Part_13617_1251458795.1470690450092--

Submission + - Russian Anti-Piracy Law Targets Social Media

An anonymous reader writes: Officials in Russia are considering a new anti-piracy law which will target social media platforms that allow users to upload copyrighted content. A coalition that includes members of the Russian media groups National Federation of Music Industry (NFMI) and the Association of Film and Television Producers (APKIT) is reviewing current legislation and making recommendations for changes that will protect the rights of those who create original content. Their primary concern is for content that is uploaded without restriction to social media platforms by users. The new proposal includes an attempt to have current legislation revoked or changed to provide stricter definitions to help protect copyrights. They are also proposing an advertising ban on sites that have been found to violate content creators rights in court.

Submission + - 1 In 3 Americans Report Financial Losses Due To Being Defrauded (helpnetsecurity.com)

An anonymous reader writes: With nearly half of Americans reporting they have been tricked or defrauded, citizens are concerned that the Internet is becoming less safe and want tougher federal and state laws to combat online criminals, according to the Digital Citizens Alliance. In the survey of 1,215 Americans, 46 percent said they had been the victim of a scam or fraud, had credit card information stolen, or had someone steal their identity. One in three Americans reported suffering financial loss – with 10 percent reporting that the loss had been over $1,000.

Submission + - Misuse of Language: 'Cyber' (threatpost.com)

msm1267 writes: The terms “cyber war” and “cyber weapon” are thrown around casually, often with little thought to their non-“cyber” analogs. Many who use the terms “cyber war” and “cyber weapon” relate these terms to “attack,” framing the conversation in terms of acceptable responses to “attack” (namely, “strike-back,” “hack-back,” or an extreme interpretation of the vague term “active defense”).

In this op-ed, information security experts Dave Dittrick and Katherine Carpeneter discuss two problematic issues: first, we illustrate the misuse of the terms “cyber war” and “cyber weapon,” to raise awareness of the potential dangers that aggressive language brings to the public and the security community; and second, we address the reality that could exist when private citizens (and/or corporations) want to act aggressively against sovereign nations and the undesirable results those actions could produce.

Dittrich and Carpenter discuss these topics through the lens of the recent furor around the cyber incident at the Democratic National Committee.

Submission + - How the Pay Per Install Industry Works (csoonline.com)

itwbennett writes: It starts with that terms of service notice you never read when you download a new piece of software. 'Buried in the text that nobody reads is information about the bundle of unwanted software programs in the package you're about to download,' says Damon McCoy, an assistant professor of computer science and engineering at NYU Tandon and one of the researchers who studied the link between so-called "pay-per-install" (PPI) practices and the distribution of unwanted software. Between the hapless user and the adware or scareware that plagues them is a network of brokers who forge the deals to bundle the extra software with popular applications and place download offers on well-trafficked websites. They get paid by PPI businesses directly, sometimes as much as $2 per install, the researchers said. One of their most striking findings is the degree to which downloads are personalized to maximize the chances that their payload will be delivered. The paper will be presented at the USENIX Security Symposium in Austin, Texas, later this week.

Submission + - Top-Level Cyber Espionage Group Uncovered After Years Of Stealthy Attacks (helpnetsecurity.com)

An anonymous reader writes: Symantec and Kaspersky Lab researchers have uncovered another espionage group that is likely backed by a nation-state. The former have dubbed the threat actor Strider, wile the latter named it ProjectSauron (after a mention in the code of one of the malware modules the group deploys). According to the researchers, evidence of ProjectSauron’s activity can be found as far back as 2011, and as near as early 2016. Within that period, the group has targeted at least 30 organizations around the world – Russia, China, Sweden, Belgium, Iran, Rwanda, (possibly) Italy. The complexity of the malware used, the fact that it remained hidden for so long, the nature of the victimized organizations (government and military entities, embassies, telecoms, scientific research centers), and the nature of the data collected and exfiltrated all point to a state-backed attack group, but it’s impossible to say for sure which one.

Submission + - London's Metropolitan Police Still Running 27,000 Windows XP Desktops

An anonymous reader writes: London’s Met Police has missed its deadline for abandoning the out-of-date operating system Windows XP, as findings reveal 27,000 computers still run on the software two years after official support ended. Microsoft stopped issuing updates and patches for Windows XP in Spring 2014, meaning that any new bugs and flaws in the operating system are left open to attack. A particularly risky status for the UK capital’s police force – itself running operations against hacking and other cybercrime activity. The figures were disclosed by Conservative politician Andrew Boff. The Greater London Assembly member said: ‘The Met should have stopped using Windows XP in 2014 when extended support ended, and to hear that 27,000 computers are still using it is worrying.’ As in similar cases across civil departments, the core problem is bespoke system development, and the costs and time associated with integrating a new OS with customized systems.

Submission + - EFF Asks FTC To Demand 'Truth In Labeling' For DRM (techdirt.com)

An anonymous reader writes: Interesting move by Cory Doctorow and the EFF in sending some letters to the FTC making a strong case that DRM requires some "truth in labeling" details in order to make sure people know what they're buying. The argument is pretty straightforward (PDF): "The legal force behind DRM makes the issue of advance notice especially pressing. It’s bad enough to when a product is designed to prevent its owner from engaging in lawful, legitimate, desirable conduct — but when the owner is legally prohibited from reconfiguring the product to enable that conduct, it’s vital that they be informed of this restriction before they make a purchase, so that they might make an informed decision. Though many companies sell products with DRM encumbrances, few provide notice of these encumbrances. Of those that do, fewer still enumerate the restrictions in plain, prominent language. Of the few who do so, none mention the ability of the manufacturer to change the rules of the game after the fact, by updating the DRM through non-negotiable updates that remove functionality that was present at the time of purchase." In a separate letter (PDF) from EFF, along with a number of other consumer interest groups, but also content creators like Baen Books, Humble Bundle and McSweeney's, they suggest some ways that a labeling notice might work.

Submission + - Solar Impulse off on the last leg (bbc.com)

AppleHoshi writes: The BBC is reporting that Solar Impulse, the all electric aeroplane making a circumnavigation of the globe, has left Cairo on the 17th and final leg of the epic journey. The Solar Impulse team estimates a 48-hour flight to the destination (and the staring point for the flight, last year), Abu Dhabi. All is not plain sailing, though. Despite the flight being mostly over desert where there's generally plenty of sunshine, the pilot, Bertrand Piccard, may have problems with the desert heat and the strong thermal updraughts which it creates.

Slashdot Top Deals

"Security is mostly a superstition. It does not exist in nature... Life is either a daring adventure or nothing." -- Helen Keller

Working...