By EditorDavid from Slashdot's impermanent-storage department
An anonymous reader writes: NAND flash memory chips, the building blocks of solid-state drives (SSDs), include what could be called "programming vulnerabilities" that can be exploited to alter stored data or shorten the SSD's lifespan. According to research published earlier this year, the programming logic powering of MLC NAND flash memory chips (the tech used for the latest generation of SSDs), is vulnerable to at least two types of attacks. The first is called "program interference," and takes place when an attacker manages to write data with a certain pattern to a target's SSD. Writing this data repeatedly and at high speeds causes errors in the SSD, which then corrupts data stored on nearby cells. This attack is similar to the infamous Rowhammer attack on RAM chips. The second attack is called "read disturb" and in this scenario, an attacker's exploit code causes the SSD to perform a large number of read operations in a very short time, which causes a phenomenon of "read disturb errors," that alters the SSD ability to read data from nearby cells, even long after the attack stops.Read Replies (0)
By EditorDavid from Slashdot's data-about-distros department
An anonymous reader quotes DistroWatch:
Natanael Copa has announced the release of Alpine Linux 3.6.0. Alpine Linux is an independent, minimal operating system that is well suited to running servers, routers and firewalls. Version 3.6.0 introduces support for 64-bit POWER machines, 64-bit IBM z Systems computers and features many up to date packages, including PHP 7.1, LLVM 4.0 and version 6.3 of the GNU Compiler.
"Noteworthy new packages" include Rust 1.17.0 and Cargo 0.18.0, as well as Julia 0.5.2, as we ll as "significant updates" like Go 1.8, Python 3.6, and Ruby 2.4. And in addition, "MD5 and SHA-1 hashes have been removed from APKBUILDs, being obsoleted by SHA-512."Read Replies (0)
By BeauHD from Slashdot's spare-change department
theodp writes: Fortune reports that LinkedIn co-founder Reid Hoffman is "leading a $30 million funding round in Change.org, a for-profit petition and fundraising website focused on social and political change." Joining Hoffman in this round, as well as an earlier $25 million round in 2014, is Bill Gates. Change.org, Hoffman explained in a Friday LinkedIn post, "helps enable a world where you don't need to hire a lobbyist to have real impact on the issues and policies that matter to you." He added, "In its decade of existence, Change.org petitions have resulted in more than 21,000 victories, i.e., instances in which a government agency, corporation, or other entity has changed a regulation or a policy in the face of a Change.org petition urging it to do so." Last year, Hoffman joined Gates and some of the biggest names in tech and corporate America who threw their weight behind a Change.org petition that tried to get Congress to fund K-12 Computer Science education. The Change.org petition fell short of its 150,000-signature goal despite claims of support from 90% of the parents of the nation's 58 million K-12 schoolchildren (based on a Google-funded survey of 1,685 parents), widespread press coverage (including a full-page ad in petition signer Jeff Bezos's Washington Post), lobbying efforts by the tech coalition that organized the petition (which counts LinkedIn and Microsoft among its members), and even some free PR from Change.org.Read Replies (0)
By EditorDavid from Slashdot's Kiwi-combustion department
"Rocket Lab: We have lift-off!" wrote long-time Slashdot reader ClarkMills on Wednesday. "History made as Electron launches successfully from Mahia." The New Zealand Herald reports:
Rocket Lab engineers have started analyzing data from yesterday's historic launch from the Mahia Peninsula that took the company to space but not able to complete its orbital mission. Lift-off at 4.20 pm was the first orbital-class rocket launched from a private launch site in the world. New Zealand became the 11th country with potential to launch cargo into space, joining superpowers and tech heavyweights. The Government hailed the lift-off as a major milestone for the country's space industry...
"We didn't quite reach orbit and we'll be investigating why, however reaching space in our first test puts us in an incredibly strong position to accelerate the commercial phase of our program," said founder and chief executive Peter Beck.
Beck added they'd developed their rocket "from scratch" in under four years, and the company's official Twitter feed is now proudly tweeting photos and videos from the launch.Read Replies (0)
By EditorDavid from Slashdot's talking-dead department
An anonymous reader writes:
Fight for the Future has found another issue with the fake comments submitted to the FCC opposing net neutrality. "The campaign group says that some of the comments were posted using the names and details of dead people," according to the BBC. The exact same comment was also submitted more than 7,000 times using addresses in Colorado, where a reporter discovered that contacting the people at those addresses drew reactions which included "I have never seen this before in my life" and "No, I did not post this comment. In fact, I disagree with this comment." Fight for the Future also knocked on doors in Tampa, Florida, where the few people who answered "were shocked to hear that their name and address were publicly listed alongside a political message they did not necessarily understand or agree with." An alleged commenter in Montana told a reporter she didn't even know what net neutrality was.
14 people have already signed Fight for the Future's official complaint to the FCC, which calls for notification of all people affected, an investigation, and the immediate removal of all fake comments from the public docket. "Based on numerous media reports, nearly half a million Americans may have been impacted by whoever impersonated us," states the letter, "in a dishonest and deceitful campaign to manufacture false support for your plan to repeal net neutrality protections."
< article continued at Slashdot's talking-dead department
>Read Replies (0)
By BeauHD from Slashdot's spoonful-of-honey department
A third of the honeybees in the United States were lost over the last year, part of a decade-long die-off experts said may threaten our food supply. USA Today reports: The annual survey of roughly 5,000 beekeepers showed the 33% dip from April 2016 to April 2017. The decrease is small compared to the survey's previous 10 years, when the decrease hovered at roughly 40%. From 2012 to 2013, nearly half of the nation's colonies died. The death of a colony doesn't necessarily mean a loss of bees, explains vanEngelsdorp, a project director at the Bee Informed Partnership. A beekeeper can salvage a dead colony, but doing so comes at labor and productivity costs. That causes beekeepers to charge farmers more for pollinating crops and creates a scarcity of bees available for pollination. It's a trend that threatens beekeepers trying to make a living and could lead to a drop-off in fruits and nuts reliant on pollination, vanEngelsdor said. So what's killing the honeybees? Parasites, diseases, poor nutrition, and pesticides among many others. The chief killer is the varroa mite, a "lethal parasite," which researchers said spreads among colonies.Read Replies (0)
By BeauHD from Slashdot's better-late-than-never department
An anonymous reader writes: "Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password that will act as a key for storing FTP login credentials in an encrypted format," reports BleepingComputer. "This feature is scheduled to arrive in FileZilla 3.26.0, but you can use it now if you download the 3.26.0 (unstable) release candidate from here." By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text. The move is extremely surprising, at least for the FileZilla user base. Users have been requesting this feature for a decade, since 2007, and they have asked it many and many times since then. All their requests have fallen on deaf ears and met with refusal from FileZilla maintainer, Tim Kosse. In November 2016, a user frustrated with Koose's stance forked the FileZilla FTP client and added support for a master password via a spin-off app called FileZilla Secure.Read Replies (0)
By BeauHD from Slashdot's take-a-deep-breath department
Two studies are warning of thousands of vulnerabilities found in pacemakers, insulin pumps and other medical devices. "One study solely on pacemakers found more than 8,000 known vulnerabilities in code inside the cardiac devices," reports BBC. "The other study of the broader device market found only 17% of manufacturers had taken steps to secure gadgets." From the report: The report on pacemakers looked at a range of implantable devices from four manufacturers as well as the "ecosystem" of other equipment used to monitor and manage them. Researcher Billy Rios and Dr Jonathan Butts from security company Whitescope said their study showed the "serious challenges" pacemaker manufacturers faced in trying to keep devices patched and free from bugs that attackers could exploit. They found that few of the manufacturers encrypted or otherwise protected data on a device or when it was being transferred to monitoring systems. Also, none was protected with the most basic login name and password systems or checked that devices they were connecting to were authentic. Often, wrote Mr Rios, the small size and low computing power of internal devices made it hard to apply security standards that helped keep other devices safe. In a longer paper, the pair said device makers had work to do more to "protect against potential system compromises that may have implications to patient care." The separate study that quizzed manufacturers, hospitals and health organizations about the equipment they used when treating patients found that 80% said devices were hard to secure. Bugs in code, lack of knowledge about how to write secure code and time pressures made many devices vulnerable to attack, suggested the study.Read Replies (0)
By BeauHD from Slashdot's specific-functions department
According to Bloomberg, Apple is working on a processor devoted specifically to AI-related tasks. "The chip, known internally as the Apple Neural Engine, would improve the way the company's devices handle tasks that would otherwise require human intelligence -- such as facial recognition and speech recognition," reports Bloomberg, citing a person familiar with the matter. From the report: Engineers at Apple are racing to catch their peers at Amazon.com Inc. and Alphabet Inc. in the booming field of artificial intelligence. While Siri gave Apple an early advantage in voice-recognition, competitors have since been more aggressive in deploying AI across their product lines, including Amazon's Echo and Google's Home digital assistants. An AI-enabled processor would help Cupertino, California-based Apple integrate more advanced capabilities into devices, particularly cars that drive themselves and gadgets that run augmented reality, the technology that superimposes graphics and other information onto a person's view of the world. Apple devices currently handle complex artificial intelligence processes with two different chips: the main processor and the graphics chip. The new chip would let Apple offload those tasks onto a dedicated module designed specifically for demanding artificial intelligence processing, allowing Apple to improve battery performance.Read Replies (0)
By BeauHD from Slashdot's exe.coli department
Earlier this year, Chipotle announced that the their payment processing system was hacked. Today, the company has released more information about the hack, identifying the malware that was responsible and releasing a new tool to help customers check whether the restaurant they visited was involved. The company did not say how many restaurants were affected, but it did tell The Verge that "most" locations nationwide may have been involved. The Verge reports: "The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device," Chipotle said in a statement. "There is no indication that other customer information was affected." We browsed through the tool and found that every state Chipotle operates in had restaurants that were breached, including most major cities. The restaurants were vulnerable in various time frames between March 24th and April 18th, 2017. Chipotle also operates another chain called Pizzeria Locale, which was affected by the hack as well. (The list of identified restaurants can be found here, which includes locations in Kansas, Missouri, Colorado, and Ohio.) Chipotle noted that not all locations have been identified, but it's a starting guide to check whether your visit lines up with the breached period.Read Replies (0)