Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Cryptographic proof Wikileak podesta emails have been modified? (pastebin.pl)

An anonymous reader writes: Downloading the raw email from wikileaks directly and running it through opendkim-msgtest will on a suprising number of "raw" emails from wikileaks indicate that the DKIM signature is incorrect. eg.

curl https://wikileaks.org/podesta-... | opendkim-testmsg

vs.

curl https://wikileaks.org/podesta-... | opendkim-testmsg

There is a list of modified emails posted on a pastebin right now http://pastebin.pl/view/351dca...

Because the DKIM header contains the checksum of the message body and is signed with the servers public key it would seem to be irrefutable proof of email tampering before the emails were given to wikileaks.

Submission + - Android Devices That Contain Foxconn Firmware May Have a Secret Backdoor (softpedia.com)

An anonymous reader writes: Some Android devices that contain firmware created by Foxconn may be vulnerable via a debugging feature left inside the bootloader, which acts as a backdoor and bypasses authentication procedures for any intruder with USB access to a vulnerable phone. By sending the "reboot-ftm" command to Android devices that contain Foxconn firmware, an attacker would authenticate via USB, and boot the device, running as root with SELinux disabled.

There isn't a list of affected devices available yet, but Jon Sawyer, the researchers that discovered this hidden command provides instructions on how to detect if a phone is affected.

"Due to the ability to get a root shell on a password protected or encrypted device, Pork Explosion would be of value for forensic data extraction, brute forcing encryption keys, or unlocking the boot loader of a device without resetting user data. Phone vendors were unaware this backdoor has been placed into their products," Sawyer says.

Submission + - Static types for Python are now production-ready! (zulip.org)

quartertime writes: In recent years, static types checkers have become available for popular dynamic languages like PHP (Hack) and JavaScript (Flow and TypeScript), and have seen wide adoption. Python just joined the party! A team at Dropbox (including Python creator Guido van Rossum!) has led the development of mypy into a mature type checker that can enforce static type consistency in Python programs. For the many programmers who work in large Python 2 codebases, the even more exciting news is that mypy has full support for type-checking Python 2 programs, scales to large Python codebases, and can substantially simplify the upgrade to Python 3. Read the details on it being 100% adopted by Zulip, an open source group chat product with 50,000 lines of Python, here: http://blog.zulip.org/2016/10/....

Submission + - FBI: It Will Take 2 Years To Respond To FOIA Request About Its Sheep Video Game

blottsie writes: Earlier this year, the FBI released a free, online video game featuring sheep in its attempts to fight terrorism recruitment efforts. The game is called The Slippery Slope of Violent Extremism, and it is a real thing that exists. You can play it here. After journalists filed a FOIA request to find out more about the game, the FBI said it would take two years to respond—a staggeringly long wait that helps expose how the Bureau actively avoids responding to open-records requests.

Submission + - Internet of Things nightmare: is this a reasonable solution?

satch89450 writes: Fixing the security of the Internet of Things: Now we have had several distributed denial of service attacks — generating eye-popping amounts of network traffic to bury a web site or gamer — arguably traced to botnets-for-sale of "hacked" common devices with Internet connectivity. It's time to look at the problem bad product design can cause. Not being "computers", many of those devices — cameras, televisions, light bulbs, to name a few — don't have tough-enough security moxie baked in. And it's not enough to solve today's attacks, they have to survive new attacks down the road.

Some of these household items didn't conform to today's Best Practices, taught in Security 101, with the rules learned (painfully) over the last 30 years. And then there is the question of installing security fixes: "Hey, Joe, you have to install an update to your thermostat and washing machine." Right.

This is nothing new. What is new is the tsunami of Internet-capable devices hitting the market and the Internet...and doing it badly. By sheer numbers, the situation rises to a whole new level of risk to the nation's communications infrastructre. The magnitude of the problem? Think how many light bulbs are in the typical house or apartment, and you get the idea.

This note comes a little late to the game, but I thought that one way to stem the flood of carb from compromised household stuff is to treat vulnerabilities as design defects, defects as serious as the exploding batteries in the Samsung Galaxy Note 7. So, looking at the procedures already in place for dealing with merchandise that can cause harm, this suggestion.

Proposed: GIVEN

  • any Internet-connected device,
  • "powned" by cybercriminals,
  • that cause significant harm,
  • the manufacturer receiving notice of the defect, and
  • did not, or can not, provide a timely, zero-cost update

THEREFORE the Consumer Product Safety Commission shall require that the manufacturer provide a security update to the device within 30 day of first notice; or failing that, to issue a complete recall of the defective devices.

I don't care if it's a television, camera, refrigerator, light bulb, thermostat, washing machine, wireless access router, smart phone, desktop computer, server, you-name-it...if it's broke, and can't (or won't) be fixed, it gets recalled.

That's the only way manufacturers will take Internet security seriously. If they have to upgrade the stuff they sell, without exception, the manufacturers will find a method that will keep their expense for upgrades down. Upgrades should not be charged to the customer — the manufacturer screwed up, they should fix the problem, at their expense. I further suggest that security testing should be specifically permitted under law, not be considered part of "reverse engineering", or other shrink-wrap or copyright restriction.

The CSPC should develop guidelines for product with embedded computers that connect to the Internet at large, either directly or indirectly.

There are a number of things to consider, when building such a regulation, that come into play that complicated things

  • orphaned devices,
  • devices made by companies that have gone out of business,
  • imported stuff,
  • methods of notification, and
  • enforcement

This is an off-the-top-of-my-head idea. I think it's worth considering over other "solutions" I've seen proposed.

Submission + - Move Over EmDrive, Here Comes Woodward's Mach Effect Drive (hacked.com) 1

giulioprisco writes: An exotic “impossible” space propulsion technology known as “Cannae Drive,” less known than the EmDrive but equally controversial, made news headlines a few weeks ago with the announcement that it is about to be tested in space. There are speculations that the Cannae Drive could exploit physics known as “Mach Effect.” But perhaps the same physics plays a role in the EmDrive as well.
Image

Music By Natural Selection 164

maccallr writes "The DarwinTunes experiment needs you! Using an evolutionary algorithm and the ears of you the general public, we've been evolving a four bar loop that started out as pretty dismal primordial auditory soup and now after >27k ratings and 200 generations is sounding pretty good. Given that the only ingredients are sine waves, we're impressed. We got some coverage in the New Scientist CultureLab blog but now things have gone quiet and we'd really appreciate some Slashdotter idle time. We recently upped the maximum 'genome size' and we think that the music is already benefiting from the change."
Earth

Submission + - Jewel Tone Solar Panels Generate Energy From Indir (inhabitat.com) 1

MikeChino writes: "Solar panels go disco in these jewel-toned transparent solar cell sheets. Developed by Israel-based GreenSun Energy, the fresh technology uses 80% less silicon than traditional solar cells and is capable of generating energy from diffuse light rather than relying upon direct sunlight. As the direct or indirect sunlight hits the panels, it diffuses across and the nanoparticles of metal direct and concentrate the sunlight to the edges where the silicon is."
Science

Submission + - Raptorex Challenges Dinosaur Evolution

chrb writes: "BBC News and ScienceBlogs are reporting on a new paper by Paul Serano titled "Tyrannosaurid Skeletal Design First Evolved at Small Body Size" (subscription required). The paper presents Raptorex kriegsteini, a newly discovered species of dinosaur that resembles a miniature T. rex, but predates the actual Tyrannosaurus rex by 60 million years. The discovery has challenged the accepted dogma of paleontological evolution, where it has traditionally been accepted that T. rex features, such as small arms, developed over time in response to increasing body size. Raptorex kriegsteini shows all the features of a T. rex on a scale 1/90th the size, measuring 3 metres from head to tail, and weighing 65kg, suggesting that the design "worked" on a small scale, and was subsequently scaled up to the large."

Comment Re:Depends on the parents (Score 1) 1345

Yes, success in unschooling very much depends on the parents.

Unschooling, properly done, is much more difficult for the parents than typical homeschooling. Most homeschoolers depend on cirricula written by others. For unschoolers, its all done on the fly.

Is your kid interested about
  - Ancient Egypt? Learn about mining limestone, or the chemistry of mummification.
  - Robotics? Lego Mindstorms.
  - Justice? Attend actual trials, discuss the issues that come up.

Most of the comments here are confusing "un-schooling" with "no-schooling", or "non-schooling". The meanings of the two terms couldn't be further apart.

Comment Re:logic? (Score 1) 267

Maybe the (Belgian) logic was something along these lines:

Yahoo email accounts were used by Belgian citizens to commit some sort of crime. If Yahoo allows Belgian citizens to open an use Yahoo email accounts from computers located in Belgium, then Yahoo is "doing business" in Belgium, and thus is subject to Belgian laws, at least as far as these "Belgian" email accounts.

Sci-Fi

Submission + - Simon Pegg is Scotty in Trek prequel

ndogg writes: "The crew list for the Trek prequel keeps getting bigger, and the newest addition is probably the most interesting one. Simon Pegg from Shaun of the Dead is to play as Scotty. Well, at least they'll be ready if they run into any alien zombies."

Slashdot Top Deals

"Never face facts; if you do, you'll never get up in the morning." -- Marlo Thomas

Working...