Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Norwegian cyber command warns against supply chain security risks in F35 project (safecontrols.blog)

hrdo writes: The commander of the Norwegian CYFOR (a branch of the military) held a speach Monday night in Oslo where he warned that large military projects like the F35 fighter jet project can be threatened by attacks on the supply chain. The warnings follow several media stories about security breaches due to outsourcing and lack of controls. In one case an Indian IT company was contracted to operate the emergency communications network for Norwegian police, ambulances and fire departments — without security clearances or background checks.

The general should keep preaching security to his peers, not only within his own organization and on the battle field, but also in the procurement trenches. The initianl penetration of advanced persistent threats targeting high-security organizations is tyically coming via a less secure supply chain partner. Still, coordinated security management in large projects remains a fantacy in most cases.

Submission + - PHP Is First Language To Add "Modern" Cryptography Library To Its Core (bleepingcomputer.com)

An anonymous reader writes: The PHP team has unanimously voted to integrate the Libsodium library in the PHP core, and by doing so, becoming the first programming language to support a modern cryptography library by default. Developers approved a proposal with a vote of 37 to 0 and decided that Libsodium will be added to the upcoming PHP 7.2 release that will be launched towards the end of 2017.

Scott Arciszewski, the cryptography expert who made the proposal says that by supporting modern crypto in the PHP core, the PHP team will force the WordPress team to implement better security in its CMS, something they avoided until now. Additionally, it will allow PHP and CMS developers to add advanced cryptography features to their apps that run on shared hosting providers, where until now they weren't able to install custom PHP extensions to support modern cryptography. Other reasons on why he made the proposal are detailed in depth here.

Arciszewski also says that PHP is actually "the first" programming language to support a "modern" cryptography library in its core, despite Erlang and Go including similar libraries, which he claims are not as powerful and up-to-date as PHP's upcoming Libsodium implementation.

Submission + - Trump has 3,643 websites (cnn.com) 3

mykepredko writes: http://money.cnn.com/2017/02/2... reports that Donald Trump has a vast online portfolio of domain names — digital addresses that foreshadowed his political career, business projects and accusations of unethical behavior.

CNNMoney investigated 20 years of internet records using DomainTools, which tracks registrations and transfers. Some are obvious choices he acquired long ago, like TrumpOrganization.com and TrumpBuilding.org. But Trump has also grabbed names that could be used against him, including TrumpFraud.org and TrumpScam.com.

Submission + - Techdirt asks judge to throw out suit over "Inventor of E-mail" (arstechnica.com)

walterbyrd writes: Michael Masnick, who founded the popular Techdirt blog, filed a motion today asking for a defamation lawsuit against him to be thrown out. Masnick was sued last month by Shiva Ayyadurai, a scientist and entrepreneur who claims to have invented e-mail in 1978 at a medical college in New Jersey.

In his motion, Masnick claims that Ayyadurai "is seeking to use the muzzle of a defamation action to silence those who question his claim to historical fame."

Submission + - Mozilla will deprecate XUL add-ons before the end of 2017 2

Artem Tashkinov writes: Mozilla has published a plan of add-ons deprecation in future Firefox releases. Firefox 53 will run in multi process mode by default for all users with some exceptions. Most add ons will continue to function, however certain add ons have already ceased to function because they don't expect multi user mode under the hood. Firefox 54-56 will introduce even more changes which will ultimately break even more addons. Firefox 57, which will be preliminarily released on the 28th of Novermber, 2017, will only run WebExtensions: which means no XUL (overlay) add ons, no bootstrapped extensions, no SDK extensions and no Embedded WebExtensions. In other words by this date the chromification of Firefox will have been completed. If you depend on XUL add ons your only choice past this date will be Pale Moon.

Submission + - Is Donald Trump suffering from mental illness? (scientificamerican.com)

mmell writes: Despite a long-standing rule against remotely diagnosing public figures' mental health, 35 U.S. psychiatrists, psychologists and social workers signed a letter to the editor of The New York Times warning about Trumpâ(TM)s mental health, according to multiple generally reliable media sources. The signatory psychiatrists and psychologists have chosen to break from accepted practice (the so called "Goldwater Rule") both because the publicly available evidence in this instance is to them quite clear, and because of the tremendous risk to the general welfare which they feel the current POTUS poses. âoeWe fear that too much is at stake to be silent any longerâ, stated one of the signatory professionals.

The "Goldwater Rule" came about during the mid-1960's when multiple mental health professionals went on record asserting that Barry Goldwater suffered from mental illness. The public nature of their concerns led to a libel suit which Senator Goldwater won. Presumably, the doctors and media outlets involved in this public statement regarding Donald Trump have considered the Goldwater Rule and decided that the threat to the general weal outweighs their individual exposure to litigation.

It should be noted that not all health care professionals share their colleagues views on this matter. Some strongly disagree with the remote diagnosis of mental health issues while others are concerned that this could be seen as bringing an unpleasant stigma to those diagnosed with mental health issues. Incidentally, the remote diagnosis which has been mentioned is Narcissistic Personality Disorder, or NPD. It is characterized as an inability to tolerate any opinion or fact which does not correlate with one's personally held views.

Submission + - Your Digital Life Can Be Legally Seized at the Border 3

Toe, The writes: Quincy Larson from freeCodeCamp relates some frightening stories from U.S. citizens entering their own country, and notes that you don't have fourth and fifth amendment rights at the border. People can and have been compelled to give their phone password (or be detained indefinitely) before entering the U.S and other countries. Given what we keep on our phones, he concludes that it is now both easy and legal for customs and border control to access your whole digital life. And he provides some nice insights on how easy it is to access and store the whole thing, how widespread access would be to that data, and how easy it would be for the wrong hands to get on it. His advice: before you travel internationally, wipe your phone or bring/rent/buy a clean one.

Submission + - At the End, Obama Administration Gave NSA Broad New Powers (pjmedia.com) 1

Tulsa_Time writes: This story, from the Jan. 12, 2017, edition of the New York Times, was little-remarked upon at the time, but suddenly has taken on far greater significance in light of current events:

In its final days, the Obama administration has expanded the power of the National Security Agency to share globally intercepted personal communications with the government’s 16 other intelligence agencies before applying privacy protections.

Submission + - JavaScript Attack Breaks ASLR on 22 CPU Architectures (bleepingcomputer.com)

An anonymous reader writes: Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures from vendors such as Intel, AMD, ARM, Allwinner, Nvidia, and others. The attack, christened ASLRCache, or AnC, focuses on the memory management unit (MMU), a lesser known component of many CPU architectures, which is tasked with improving performance for cache management operations.

What researchers discovered was that this component shares some of its cache with untrusted applications, including browsers. This meant that researchers could send malicious JavaScript that specifically targeted this shared memory space and attempted to read its content. In layman's terms, this means an AnC attack can break ASLR and allow the attacker to read portions of the computer's memory, which he could then use to launch more complex exploits and escalate access to the entire OS.

Researchers have published two papers [1, 2] detailing the AnC attack, along with two videos[1, 2] showing the attack in action.

Submission + - Nearly 56,000 bridges called structurally deficient (usatoday.com)

schwit1 writes:

More than one in four bridges (173,919) are at least 50 years old and have never had major reconstruction work, according to the ARTBA analysis. State transportation officials have identified 13,000 bridges along interstates that need replacement, widening or major reconstruction, according to the group.

“America’s highway network is woefully underperforming,” said Alison Premo Black, the group’s chief economics who conducted the analysis. “It is outdated, overused, underfunded and in desperate need of modernization.”


Submission + - Human Gene Editing Receives Science Panel's Support (nytimes.com)

schwit1 writes: An influential science advisory group formed by the National Academy of Sciences and the National Academy of Medicine on Tuesday lent its support to a once-unthinkable proposition: the modification of human embryos to create genetic traits that can be passed down to future generations.

This type of human gene editing has long been seen as an ethical minefield. Researchers fear that the techniques used to prevent genetic diseases might also be used to enhance intelligence, for example, or to create people physically suited to particular tasks, like serving as soldiers.

The advisory group endorsed only alterations designed to prevent babies from acquiring genes known to cause “serious diseases and disability,” and only when there is no “reasonable alternative.” The report provides an explicit rationale for genetic research that the federal government has avoided supporting until now, although the work is being pursued in countries like Sweden and China.

Slashdot Top Deals

Artificial intelligence has the same relation to intelligence as artificial flowers have to flowers. -- David Parnas

Working...