By EditorDavid from Slashdot's spray-on-storage department
Researchers at Duke University have developed "spray-on" digital memory using only an aerosol jet printer and nanoparticle inks. An anonymous reader quotes Duke Today:
The device, which is analogous to a 4-bit flash drive, is the first fully-printed digital memory that would be suitable for practical use in simple electronics such as environmental sensors or RFID tags. And because it is jet-printed at relatively low temperatures, it could be used to build programmable electronic devices on bendable materials like paper, plastic or fabric...
The new material, made of silica-coated copper nanowires encased in a polymer matrix, encodes information not in states of charge but instead in states of resistance. By applying a small voltage, it can be switched between a state of high resistance, which stops electric current, and a state of low resistance, which allows current to flow. And, unlike silicon, the nanowires and the polymer can be dissolved in methanol, creating a liquid that can be sprayed through the nozzle of a printer.
Amazingly, its write speed is three microseconds, "rivaling the speed of flash drives." The information can be re-written many times, and the stored data can last for up to 10 years.Read Replies (0)
By EditorDavid from Slashdot's hole-in-the-cloud department
"A trove of records containing personal and health information on close to a million people was exposed after a former developer working at a telemarketing company uploaded a backup of its database to the internet," writes ZDNet. An anonymous reader quotes their report:
The data contained personal and health-related information, such as names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, health insurance information, and other data relating to the types of health problems the individuals have regarding the products they need, though many of the records were truncated or incomplete. An examination showed that the database was used to market products to thousands of customers by telemarketers at HealthNow -- no longer a registered business as of 2015. Several records we've seen included customized notes written by staff who were tasked with calling customers, such as when they are home and any other relevant information on the subject.
The database apparently lingered online for years in an AWS instance until it was discovered two weeks ago in search results from Shodan by a Twitter user calling himself Flash Gordon. Databreaches.net, which investigated the breach with ZDNet, believes this as a teachable moment. "Before you give your personal or health insurance information to telemarketers or firms that call to offer you supplies for diabetes or back pain or other conditions, think twice."Read Replies (0)
By EditorDavid from Slashdot's under-the-hedge department
"The transition to internet protocol version 6 has opened up a whole new range of threat vectors that allow attackers to set up undetectable communications channels across networks, researchers have found."
Slashdot reader Bismillah summarizes a report from IT News.
Researchers at NATO's Cooperative Cyber Defence Centre of Excellence and Estonia's University of Tallinn have worked out how to set up communications channels using IPv6 transition mechanisms, to exfiltrate data and for systems control over IPv4-only and dual-stack networks -- without being spotted by network intrusion detection systems.
The article argues that "Since IPv6 implementations and security solutions are relatively new and untested, and systems engineers aren't fully aware of them, the new protocol can become a network backdoor attackers can exploit undetected." The researchers' paper is titled "Hedgehog In The Fog."Read Replies (0)
By EditorDavid from Slashdot's Cathedral-and-the-bizarre department
An anonymous reader writes:
Open source guru Eric S. Raymond has announced public brainstorming on a "gallery of hacker archetypes to help motivate newbies" by defining several different psychologies commonly found among programmers. He's unveiled an initial list developed with a friend, along with some interesting commentary. (Algorithmicists often have poor social skills and "a tendency to fail by excessive cleverness. Never let them manage anyone!")
Raymond cautions that "No hacker is only one of these" -- though apparently most of the hackers he knows appear to be two of them, "an indication that we are, even if imperfectly, zeroing in on real traits." But the blog post ends by asking "What archetypes, if any, are we missing?"
It'll be interesting to see if Slashdot readers if they recognize themselves in any of the archetypes. But the blog post also answers the inevitable question. What archetype is Eric S. Raymond? "Mostly Architect with a side of Algorithmicist and a touch of Jack-of-All-Trades."Read Replies (0)
By EditorDavid from Slashdot's asking-Ask department
"The Ask.com search engine went through some sort of technical issue late Friday night, as its servers were exposing the internal Apache server status page, revealing recently processed search queries," reports BleepingComputer. An anonymous reader writes:
The issue is now fixed, but a copy of the server status page with some search queries can still be viewed in Google's search engine cache. "Some of the weirdest search queries were collected by users in a Hacker News thread," reports BleepingComputer, adding "As you'd expect, the server page included plenty of searches for porn."
The issue also affected localized Ask.com servers, such as uk.ask.com/server-status, us.ask.com/server-status, and de.ask.com/server-status, but no user data was exposed, as the search queries passed through load balancers and already hid user IPs.Read Replies (0)
By EditorDavid from Slashdot's messing-with-Texas department
"I had the displeasure of being awoken at midnight to the sounds of civil-defense/air-raid sirens," writes very-long-time Slashdot reader SigIO, blaming "some schmuck with a twisted sense of humor." The Dallas News reports:
Rocky Vaz, director of Dallas' Office of Emergency Management, said that all 156 of the city's sirens were activated more than a dozen times... Dallas officials blame computer hacking for setting off emergency sirens throughout the city early Saturday... It took until about 1:20 a.m. to silence them for good because the emergency system had to be deactivated. The system remained shut down Saturday while crews safeguarded it from another hack.
The city has figured out how the emergency system was compromised and is working to prevent it from happening again, he said... The city said the system should be restored Sunday or Monday.
City officials reported 4,400 calls to their 9-1-1 emergency phone number in the first four hours of Saturday morning, with over 800 occurring in that first 15 minutes when all 156 sirens started going off simultaneously.Read Replies (0)
By EditorDavid from Slashdot's fond-of-FidoNet department
Ars Technica reports on vintage computing hobbyists "resurrecting digital communities that were once thought lost to time...some still running on original 8-bit hardware." Sometimes using modern technology like Raspberry Pi and TCPser (which emulates a Hayes modem for Telnet connections), they're reviving decades-old dial-up bulletin board systems (or BBSes) as portals "to places that have been long forgotten." An anonymous reader writes:
One runs the original software on a decades-old Commodore 128DCR. Another routes telnet connections across a real telephone circuit that connects to a Hayes modem. And after 23 years, the Dura-Europos BBS is back in business, using an Apple IIe running its original GBBS Pro software -- augmented with a modern CFFA3000 compact flash drive, and a Raspberry Pi running TCPser. [It's at dura-bbs.net, using port 6359.] Ars Technica blames "the meteoric rise of the World Wide Web and the demise of protocols that came before it" for the death of BBSes. "Owners of older 8-bit machines had little reason to maintain their hardware as their userbase migrated to the open pastures of the Web, and the number of bulletin board systems plummeted accordingly...
"Despite the threat of extinction, however, it turns out that some sysops never quite gave up on the BBS," and for many modern-day users, "it's simply a matter of 'dialing' the BBS using a domain name and port number instead of a phone number in their preferred terminal software." There they'll find primitive BBS games like STARTREK, Chess, and Blackjack, but also "old conversation threads dating back decades were available verbatim... It's like a buried digital time capsule."
< article continued at Slashdot's fond-of-FidoNet department
>Read Replies (0)
By EditorDavid from Slashdot's supplying-the-office-stores department
Are there any Slashdot readers who are doing their work in co-working spaces? An anonymous reader writes:
Staples office-supply stores is aggressively repositioning its brand to entice new customers like tech entrepreneurs and small businesses, reports The New York Times. "A case in point: Staples' partnership with Workbar, a Boston-based co-working company founded in 2009... Workbar attracts the coveted millennial generation, as well as entrepreneurs, a potential pipeline for new small business customers." Three co-working spaces have now been added to Staples stores, including their original flagship store in Boston, and the Times spotted funky art, skylights, an artificial putting green, as well as gourmet coffee "and -- on some nights -- happy hours with beer and wine."
"This blend of old and new shows how Staples Inc. is digging up its roots as one of the first, and most successful, big-box retailers. Under Shira Goodman, the company's new chief executive officer, Staples hopes it can reverse its years of declining sales, unlike so many other retailers left for dead in the internet age."
The company also reports online orders already make up 60% of their sales, which they hope to push to 80% by 2020, according to the Motley Fool. "Selling products, 50% of which are outside of traditional office supply categories, to businesses large and small has proven to be a resilient business for Staples."Read Replies (0)
By EditorDavid from Slashdot's very-high-speed-rail department
An anonymous reader writes:
Thursday Hyperloop One executives announced that they've finished constructing their 1,640-foot-long "DevLoop" test track in the desert outside Las Vegas. But they also revealed possible U.S. routes for their high-speed transportation solution "to initiate a nationwide conversation about the future of American transportation" -- five of them suggested by state transportation department officials from Texas, Florida, Colorado, Nevada and Missouri.
Last May the company invited pitches for routes to various cities, and Thursday's 11 pitches were chosen from 2,600 participants. These 11 pitches will compete with 24 other pitches from around the globe to be one of the three chosen to "work closely with Hyperloop One engineering and business development teams to explore project development and financing." And Thursday they also announced that "by year's end the company will have a team of 500 engineers, fabricators, scientists and other employees dedicated to bringing the technology to life."
Click through for more information, and the list of the 11 U.S. cities being suggested for hyperloop destinations.Read Replies (0)
By msmash from Slashdot's what's-happening department
Hacker group 'The Shadow Brokers', which last year allegedly released top-secret tools that the National Security Agency had used to break into the networks of foreign governments and other espionage targets, today said it is disappointed with President Donald Trump, and released more such alleged tools. From a report on Motherboard: On Saturday, The Shadow Brokers, a hacker or group of hackers that has previously dumped NSA hacking tools, released more alleged exploits. The group published a password for an encrypted cache of files they distributed last year. "Be considering this our form of protest," the group wrote in a rambling, politically loaded rant published on Medium. Back in August, The Shadow Brokers released a number of exploits stolen from the NSA. Many of these affected hardware firewalls, from companies such as Cisco and Juniper. At the time, the group also dumped another cache allegedly containing more hacking tools, and said they would release the corresponding password to the winner of a bitcoin auction. That fund-raising effort was ultimately unsuccessful, and The Shadow Brokers claimed they were calling the whole thing off in January. But now, anyone can unlock the auction data dump. (Motherboard confirmed that the password did indeed decrypt the original auction file). In a series of tweets, Edward Snowden said, "NSA just lost control of its Top Secret arsenal of digital weapons; hackers leaked it. 1) https://github.com/x0rz/EQGRP 2) For those who have never heard of the hacker group behind today's leak of NSA's cyberweapons, last year's story." He adds, "quick review of the ShadowBrokers leak of Top Secret NSA tools reveals it's nowhere near the full library, but there's still so much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can't, it's a scandal."Read Replies (0)
By EditorDavid from Slashdot's back-to-school department
"Hackers accessed the data of up to 100,000 people through a tool that helps students get financial aid," writes CNN. An anonymous reader quotes their report:
IRS Commissioner John Koskinen testified before the Senate Finance Committee Thursday that a breach had been discovered in the fall. In September, he said, his agency discovered that fraudsters could use someone's personal data to fill out a financial aid application, and the "Data Retrieval Tool" would populate the application with tax information. That information could be used to file false tax returns. The commissioner said fewer than 8,000 of these returns were processed, and refunds were issued totaling $30 million...
In October, the IRS told the Department of Education that the system could be abused by criminals, but because up to 15 million people use the system for convenience, they kept it available. However, in February, the agency witnessed a pattern of fraudulent activity, and it shut down the automated tool in March.
Now financial aid seekers will have to manually enter their parents' reported income from previous tax years -- at least until a new version of the tool comes online next October. In the meantime, the IRS is alerting 100,000 users who started an application but didn't finish it, warning them that their tax information may have been compromised.Read Replies (0)
By EditorDavid from Slashdot's don't-be-evil department
"Linux and open-source software have had to contend with intellectual property legal challenges for years," writes ZDNet. "Now, Google has started a new effort to bring peace to potential Android IP sore points: PAX... a royalty-free, community-patent cross-license."
PAX is starting with nine members: Google, Samsung Electronics, LG Electronics, HTC, Foxconn Technology Group, Coolpad, BQ, HMD Global, and Allview. These companies own more than 230,000 global patents. PAX's purpose is to create a "community-driven [patent] clearinghouse, developed together with our Android partners, [that] ensures that innovation and consumer choice -- not patent threats -- will continue to be key drivers of our Android ecosystem. PAX is free to join and open to anyone."
Slashdot reader Andy Updegroved writes:
The question is why? The announcement and the related website are extremely brief, and although everyone is invited to get a copy of the cross license, Google reserves the right to decide first whether your motives are pure and you can keep a secret. And so far, the only members of the "PAX Community" listed are existing Google business partners. Is Google aware of some new patent tempest brewing just over the horizon, about to burst into public view? And will any other company names and logos be added to the PAX Community Web page? We'll just have to stay tuned to find out.
Andy Updegrove tells ZDNet it does involve "formal cross-licenses between participants, and therefore enforceable rights, but not an infrastructure to do more (at least insofar as one can tell from the initial announcement)."Read Replies (0)