By EditorDavid from Slashdot's car-alarm department
Long-time Slashdot reader chicksdaddy quotes a report from Security Ledger:
One of every five software vulnerabilities discovered in vehicles in the last three years are rated "critical" and are unlikely to be resolved through after the fact security fixes, according to an analysis by the firm IOActive. "These are the high priority 'hair on fire' vulnerabilities that are easily discovered and exploited and can cause major impacts to the system or component," the firm said in its report...
The bulk of vulnerabilities that were identified stemmed from a failure by automakers and suppliers to follow security best practices including designing in security or applying secure development lifecycle (SDL) practices to software creation... The result is that vehicle cybersecurity vulnerabilities are not solvable using "bolt-on" solutions, IOActive concluded...
The article argues we're years away from standards or regulations, while describing auto-makers as "wedded to the notion that keeping the details of their systems secret will ensure security."Read Replies (0)
By EditorDavid from Slashdot's memories-of-1993 department
An anonymous reader writes: Tim Gihring at MinnPost talks to the creators of what was, briefly, the biggest thing in the internet, Gopher. Gopher, for those who don't know or have forgotten, was the original linked internet application, allowing you to change pages and servers easily, though a hierarchical menu system. It was quick, it was easy to use, and important for this day and age, it didn't have Flash.
The article remembers Tim Berners-Lee describing the idea of a worldwide web at a mid-March, 1992 meeting of the Internet Engineering Task Force, at a time when Gopher "was like the Web but more straightforward, and it was already working."
Gopher became magnitudes more popular -- both MTV and the White House announced Gopher sites -- leading to GopherCons around the country. Just curious -- how many Slashdot readers today remember using Gopher?Read Replies (0)
By EditorDavid from Slashdot's do-not-pass-Go department
He grew up in San Jose, and at the age of 25 sold his second online advertising company to Yahoo for $300 million just nine years ago. Friday Gurbaksh Chahal was sentenced to one year in jail for violating his probation on 47 felony charges from 2013, according to an article in The Guardian submitted by an anonymous Slashdot reader:
Police officials said that a 30-minute security camera video they obtained showed the entrepreneur hitting and kicking his then girlfriend 117 times and attempting to suffocate her inside his $7 million San Francisco penthouse. Chahal's lawyers, however, claimed that police had illegally seized the video, and a judge ruled that the footage was inadmissible despite prosecutors' argument that officers didn't have time to secure a warrant out of fear that the tech executive would erase the footage.
Without the video, most of the charges were dropped, and Chahal, 34, pleaded guilty to two misdemeanor battery charges of domestic violence... In Silicon Valley, critics have argued that Chahal's case and the lack of serious consequences he faced highlight the way in which privileged and wealthy businessmen can get away with serious misconduct.. On September 17, 2014, prosecutors say he attacked another woman in his home, leading to another arrest. Friday Chahal was released on bail while his lawyer appeals the one-year jail sentence for violating his probation.Read Replies (0)
By EditorDavid from Slashdot's voting-twice-for-$15 department
An anonymous Slashdot reader quotes a report from CBS News:
For the hackers at Symantec Security Response, Election Day results could be manipulated by an affordable device you can find online. "I can insert it, and then it resets the card, and now I'm able to vote again," said Brian Varner, a principle researcher at Symantec, demonstrating the device...
Symantec Security Response director Kevin Haley said elections can also be hacked by breaking into the machines after the votes are collected. "The results go from that machine into a piece of electronics that takes it to the central counting place," Haley said. "That data is not encrypted and that's vulnerable for manipulation."
40 states are using a voting technology that's at least 10 years old, according to the article. And while one of America's national election official argues that "there are paper trails everywhere," CBS reports that only 60% of states conduct routine audits of their paper trails, while "not all states even have paper records, like in some parts of swing states Virginia and Pennsylvania, which experts say could be devastating."Read Replies (0)
By EditorDavid from Slashdot's Second-Generation-Robotic-Droid-Series-2 department
An anonymous Slashdot reader quotes The Guardian:
The British actor who played R2-D2 in the Star Wars films has died at the age of 81 after a long illness. Kenny Baker, who was 3-feet 8-inches tall, shot to fame in 1977 when he first played the robot character.
He went on to play the character in The Empire Strikes Back and Return of the Jedi, as well as the three Star Wars prequels from 1999 to 2005. He also appeared in a number of other much loved films in the 1980s, including The Elephant Man, Time Bandits and Flash Gordon.
Baker's niece told the newspaper that "He brought lots of happiness to people and we'll be celebrating the fact that he was well loved throughout the world..."Read Replies (0)
By EditorDavid from Slashdot's serious-replies-only department
An anonymous Slashdot reader writes:
The National Institute of Standards and Technology has its own "Commission on Enhancing National Cybersecurity," and this week they issued a call for public comments on "current and future challenges" involving critical infrastructure cybersecurity, the concept of cybersecurity insurance, public awareness, and the internet of things (among other topics) for both the private and public sector.
Long-time Slashdot reader Presto Vivace quotes The Hill: it is specifically asking for projections on policies, economic incentives, emerging technologies, useful metrics and other current and potential solutions throughout the next decade... Comments will be due by 5 p.m. on September 9.
Internet services "have come under attack in recent years in the form of identity and intellectual property theft, deliberate and unintentional service disruption, and stolen data," writes NIST. "Steps must be taken to enhance existing efforts to increase the protection and resilience of the digital ecosystem, while maintaining a cyber environment that encourages efficiency, innovation, and economic prosperity." Separately, NIST is also requesting comments on a new process to "solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms... If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere... NIST plans to specify preliminary evaluation criteria for quantum-resistant public key cryptography standards."Read Replies (0)
By EditorDavid from Slashdot's we-are-still-alone department
Long-time Slashdot reader sehlat shares "a highly accessible summary" of a new theory about why we haven't yet find life on other planets -- that "we're not latecomers, but very, very early." From Lab News:
The universe is 13.8 billion years old, with Earth forming less than five billion years ago. One school of thought among scientists is that there is life billions of years older than us in space. But this recent study in the Journal of Cosmology and Astroparticle Physics argues otherwise... "We find that the chance of life grows much higher in the distant future..."
Stars larger than approximately three times the Sun's mass will perish before life has a chance to evolve... The smallest stars weigh less than a tenth as much as the sun and will glow for 10 trillion years, meaning life has lot of time to begin on those planets orbiting them in the 'habitable zone'. The probability of life increases over time so the chance of life is many times higher in the distant future than now.
The paper ultimately concludes that life "is most likely to exist near 0.1 solar-mass stars ten trillion years from now."Read Replies (0)
By EditorDavid from Slashdot's 73-years-after-the-original department
An anonymous reader quotes The Verge:
GoldenEye: Source received its first update in more than three years this week. It's free to download and it features 25 recreated maps, 10 different multiplayer modes, and redesigned versions of the original game's 28 weapons. It was created using Valve's Source engine, the same set of tools used to create Counter Strike and Half-Life games. So it's a massive step up in both visuals and performance for one of the more drastically dated gaming masterpieces of the last 20 years...
GoldenEye 007, the beloved N64 first-person shooter, has been recreated in high-definition glory by a team of dedicated fans over the course of 10 years...the attention to detail and the amount of effort that went into GoldenEye: Source make it one of the most polished HD remakes of a N64 classic.
With 8 million copies sold, Wikipedia calls it the third best-selling Nintendo 64 game of all-time (although this version doesn't recreate its single-player campaigns). Anyone have fond memories of playing Goldeneye 007?Read Replies (0)
By EditorDavid from Slashdot's another-Android-exploit department
Trailrunner7 quotes a report from OnTheWire:
: Researchers from an Austrian university have developed techniques that allow them to perform cache attacks on non-rooted Android phones that can monitor the keystrokes, screen taps, and even observe code execution inside the ARM processor's TrustZone secure execution environment. The attacks the team developed are complex and rely on a number of individual building blocks. The techniques are similar to some used against Intel x86 processor-based systems, but the team from Graz University of Technology in Austria shows that they can be used on ARM-based systems, such as Android phones, as well. "Based on our techniques, we demonstrate covert channels that outperform state-of-the-art covert channels on Android by several orders of magnitude. Moreover, we present attacks to monitor tap and swipe events as well as keystrokes, and even derive the lengths of words entered on the touchscreen," the researchers wrote in their paper, which was presented at the USENIX Security Symposium this week.
It's a proof-of-concept attack. But interestingly, another recently-discovered Android vulnerability also required the user to install a malicious app -- and then allowed attackers to take full control of the device.Read Replies (0)
By EditorDavid from Slashdot's bookkeepers-know-all department
Skully raised $2.4 million on Indiegogo in 2014 to manufacture motorcycle helmets with built-in Augmented Reality. Now they're filing for bankruptcy, and informing customers that refunds are unlikely on their $1,500 pre-ordered helmets. But a lawsuit filed by Skully bookkeeper Isabelle Faithhauer "claims the Wellers used the funds raised by the Indiegogo campaign and a secondary $11 million round of funding in 2015 as their personal 'piggy banks' to buy several motorcycles, two Dodge Vipers, groceries, and so on," according to a Digital Trends article shared by KingGypsy:
The Wellers took trips to Bermuda and Hawaii using company funds, she said, went to strip clubs, rented a Lamborghini, and paid for personal housekeeping services on the company credit card, as well as paying out funds ranging from $500 to $80,000. Lastly, she claims that the Wellers asked her to fudge the books to obscure the expenses. Faithhauer claims that when accountants came calling with questions about the expenses, she was up front about what was going on. She says that when she took a pre-approved vacation to Disneyland in December of 2015, she was fired upon her return and offered a severance package, which the suit calls "hush money." She declined the offer.
"Following her termination at Skully, Faithhauer claims that when she found a new job, her new employer contacted the Wellers at Skully and were told she could not be trusted with confidential information. She was fired from that job as well."Read Replies (0)
By BeauHD from Slashdot's mysterious-operating-systems department
An anonymous reader writes: Google is working on a new operating system dubbed Fuchsia OS for smartphones, computers, and various other devices. The new operating system was spotted in the Git repository, where the description reads: "Pick + Purple == Fuchsia (a new Operating System). Hacker News reports that Travis Geiselbrech, who worked on NewOS, BeOS, Danger, Palm's webOS and iOS, and Brian Swetland, who also worked on BeOS and Android will be involved in this project. Magenta and LK kernel will be powering the operating system. "LK is a kernel designed for small systems typically used in imbedded applications," reads the repository. "On the other hand, Magenta targets modern phones and modern personal computers with fast processors, non-trivial amounts of RAM with arbitrary peripherals doing open-ended computation." It's too early to tell exactly what this OS is meant for. Whether it's for an Android and Chrome OS merger or something completely new, it's exciting nonetheless.Read Replies (0)
By BeauHD from Slashdot's tense-times department
schwit1 quotes a report from Space.com: A powerful solar storm nearly heated the Cold War up catastrophically a half century ago, a new study suggests. The U.S. Air Force began preparing for war on May 23, 1967, thinking that the Soviet Union had jammed a set of American surveillance radars. But military space-weather forecasters intervened in time, telling top officials that a powerful sun eruption was to blame, according to the study. "Had it not been for the fact that we had invested very early on in solar and geomagnetic storm observations and forecasting, the impact [of the storm] likely would have been much greater," Delores Knipp, a space physicist at the University of Colorado Boulder and the study's lead author, said in a statement. "This was a lesson learned in how important it is to be prepared." Initially, it was assumed that the Soviet Union was to blame. Since radar jamming is considered an act of war, "commanders quickly began preparing nuclear-weapon-equipped aircraft for launch." Spoiler: Solar forecasters at the North American Aerospace Defense Command (NORAD) figured out it was a flare that caused the outages, not the Soviets. You can read the abstract of the paper for free here.Read Replies (0)
By BeauHD from Slashdot's 21st-century-space-race department
hackingbear quotes a report from Popular Science: While SpaceX is making news with its recoverable rockets, China announced that it is working on the next big thing in spaceflight: a hypersonic spaceplane. The China Aerospace Science and Technology Corporation is beginning advanced research on a high tech, more efficient successor to the retired Space Shuttle, with hybrid combined cycle engines combining turbofan, ramjet, scramjet and rocket engines, that can takeoff from an airport's landing strip and fly straight into orbit. CASTC's rapid research timeline also suggests that the reports in 2015 of a Mach 4 test flight for a recoverable drone testbed for a combined cycle ramjet/turbofan engine were accurate. And China also has the world's largest hypersonic wind tunnel, the Mach 9 JF-12, which could be used to easily test hypersonic scramjets without costly and potentially dangerous flight testing at altitude. Its nearest competitor, the British Skylon in contrast uses pre-cooled jet engines built by Reaction Engines Limited to achieve hypersonic atmospheric flight, as opposed to scramjets. Both spacecraft will probably first fly around the mid 2020s.Read Replies (0)
By BeauHD from Slashdot's give-me-your-lunch-money department
An anonymous reader quotes a report from Ars Technica: The 4th Circuit Court of Appeals ruled Friday in favor of the American government's seizure of a large number of Megaupload founder Kim Dotcom's overseas assets. Seized items include millions of dollars in various seized bank accounts in Hong Kong and New Zealand, multiple cars, four jet skis, the Dotcom mansion, several luxury cars, two 108-inch TVs, three 82-inch TVs, a $10,000 watch, and a photograph by Olaf Mueller worth over $100,000. After years of delay, in December 2015, Dotcom was finally ordered to be extradited to the United States to face criminal charges. But his appeal is set to be heard before the High Court in Auckland on August 29. In its court filings, prosecutors argued that because Dotcom had not appeared to face the charges against him in the United States, he is therefore susceptible to "fugitive disentitlement." That legal theory posits that if a defendant has fled the country to evade prosecution, he or she cannot make a claim to the assets that the government wants to seize under civil forfeiture. But as the Dotcom legal team claimed, the U.S. can neither use its legal system to seize assets abroad nor can Dotcom be considered a fugitive if he has never set foot in the United States. However, the 4th Circuit disagreed: "Because the statute must apply to people with no reason to come to the United States other than to face charges, a "sole" or "principal" purpose test cannot stand. The principal reason such a person remains outside the United States will typically be that they live elsewhere. A criminal indictment gives such a person a reason to make the journey, and the statute is aimed at those who resist nevertheless." Civil forfeiture in the United States allows law enforcement to seize one's assets if they are believed to be illegally acquired -- even without filing any criminal charges.Read Replies (0)