By EditorDavid from Slashdot's under-the-hedge department
"The transition to internet protocol version 6 has opened up a whole new range of threat vectors that allow attackers to set up undetectable communications channels across networks, researchers have found."
Slashdot reader Bismillah summarizes a report from IT News.
Researchers at NATO's Cooperative Cyber Defence Centre of Excellence and Estonia's University of Tallinn have worked out how to set up communications channels using IPv6 transition mechanisms, to exfiltrate data and for systems control over IPv4-only and dual-stack networks -- without being spotted by network intrusion detection systems.
The article argues that "Since IPv6 implementations and security solutions are relatively new and untested, and systems engineers aren't fully aware of them, the new protocol can become a network backdoor attackers can exploit undetected." The researchers' paper is titled "Hedgehog In The Fog."Read Replies (0)
By EditorDavid from Slashdot's Cathedral-and-the-bizarre department
An anonymous reader writes:
Open source guru Eric S. Raymond has announced public brainstorming on a "gallery of hacker archetypes to help motivate newbies" by defining several different psychologies commonly found among programmers. He's unveiled an initial list developed with a friend, along with some interesting commentary. (Algorithmicists often have poor social skills and "a tendency to fail by excessive cleverness. Never let them manage anyone!")
Raymond cautions that "No hacker is only one of these" -- though apparently most of the hackers he knows appear to be two of them, "an indication that we are, even if imperfectly, zeroing in on real traits." But the blog post ends by asking "What archetypes, if any, are we missing?"
It'll be interesting to see if Slashdot readers if they recognize themselves in any of the archetypes. But the blog post also answers the inevitable question. What archetype is Eric S. Raymond? "Mostly Architect with a side of Algorithmicist and a touch of Jack-of-All-Trades."Read Replies (0)
By EditorDavid from Slashdot's asking-Ask department
"The Ask.com search engine went through some sort of technical issue late Friday night, as its servers were exposing the internal Apache server status page, revealing recently processed search queries," reports BleepingComputer. An anonymous reader writes:
The issue is now fixed, but a copy of the server status page with some search queries can still be viewed in Google's search engine cache. "Some of the weirdest search queries were collected by users in a Hacker News thread," reports BleepingComputer, adding "As you'd expect, the server page included plenty of searches for porn."
The issue also affected localized Ask.com servers, such as uk.ask.com/server-status, us.ask.com/server-status, and de.ask.com/server-status, but no user data was exposed, as the search queries passed through load balancers and already hid user IPs.Read Replies (0)
By EditorDavid from Slashdot's messing-with-Texas department
"I had the displeasure of being awoken at midnight to the sounds of civil-defense/air-raid sirens," writes very-long-time Slashdot reader SigIO, blaming "some schmuck with a twisted sense of humor." The Dallas News reports:
Rocky Vaz, director of Dallas' Office of Emergency Management, said that all 156 of the city's sirens were activated more than a dozen times... Dallas officials blame computer hacking for setting off emergency sirens throughout the city early Saturday... It took until about 1:20 a.m. to silence them for good because the emergency system had to be deactivated. The system remained shut down Saturday while crews safeguarded it from another hack.
The city has figured out how the emergency system was compromised and is working to prevent it from happening again, he said... The city said the system should be restored Sunday or Monday.
City officials reported 4,400 calls to their 9-1-1 emergency phone number in the first four hours of Saturday morning, with over 800 occurring in that first 15 minutes when all 156 sirens started going off simultaneously.Read Replies (0)
By EditorDavid from Slashdot's fond-of-FidoNet department
Ars Technica reports on vintage computing hobbyists "resurrecting digital communities that were once thought lost to time...some still running on original 8-bit hardware." Sometimes using modern technology like Raspberry Pi and TCPser (which emulates a Hayes modem for Telnet connections), they're reviving decades-old dial-up bulletin board systems (or BBSes) as portals "to places that have been long forgotten." An anonymous reader writes:
One runs the original software on a decades-old Commodore 128DCR. Another routes telnet connections across a real telephone circuit that connects to a Hayes modem. And after 23 years, the Dura-Europos BBS is back in business, using an Apple IIe running its original GBBS Pro software -- augmented with a modern CFFA3000 compact flash drive, and a Raspberry Pi running TCPser. [It's at dura-bbs.net, using port 6359.] Ars Technica blames "the meteoric rise of the World Wide Web and the demise of protocols that came before it" for the death of BBSes. "Owners of older 8-bit machines had little reason to maintain their hardware as their userbase migrated to the open pastures of the Web, and the number of bulletin board systems plummeted accordingly...
"Despite the threat of extinction, however, it turns out that some sysops never quite gave up on the BBS," and for many modern-day users, "it's simply a matter of 'dialing' the BBS using a domain name and port number instead of a phone number in their preferred terminal software." There they'll find primitive BBS games like STARTREK, Chess, and Blackjack, but also "old conversation threads dating back decades were available verbatim... It's like a buried digital time capsule."
< article continued at Slashdot's fond-of-FidoNet department
>Read Replies (0)
By EditorDavid from Slashdot's supplying-the-office-stores department
Are there any Slashdot readers who are doing their work in co-working spaces? An anonymous reader writes:
Staples office-supply stores is aggressively repositioning its brand to entice new customers like tech entrepreneurs and small businesses, reports The New York Times. "A case in point: Staples' partnership with Workbar, a Boston-based co-working company founded in 2009... Workbar attracts the coveted millennial generation, as well as entrepreneurs, a potential pipeline for new small business customers." Three co-working spaces have now been added to Staples stores, including their original flagship store in Boston, and the Times spotted funky art, skylights, an artificial putting green, as well as gourmet coffee "and -- on some nights -- happy hours with beer and wine."
"This blend of old and new shows how Staples Inc. is digging up its roots as one of the first, and most successful, big-box retailers. Under Shira Goodman, the company's new chief executive officer, Staples hopes it can reverse its years of declining sales, unlike so many other retailers left for dead in the internet age."
The company also reports online orders already make up 60% of their sales, which they hope to push to 80% by 2020, according to the Motley Fool. "Selling products, 50% of which are outside of traditional office supply categories, to businesses large and small has proven to be a resilient business for Staples."Read Replies (0)
By EditorDavid from Slashdot's very-high-speed-rail department
An anonymous reader writes:
Thursday Hyperloop One executives announced that they've finished constructing their 1,640-foot-long "DevLoop" test track in the desert outside Las Vegas. But they also revealed possible U.S. routes for their high-speed transportation solution "to initiate a nationwide conversation about the future of American transportation" -- five of them suggested by state transportation department officials from Texas, Florida, Colorado, Nevada and Missouri.
Last May the company invited pitches for routes to various cities, and Thursday's 11 pitches were chosen from 2,600 participants. These 11 pitches will compete with 24 other pitches from around the globe to be one of the three chosen to "work closely with Hyperloop One engineering and business development teams to explore project development and financing." And Thursday they also announced that "by year's end the company will have a team of 500 engineers, fabricators, scientists and other employees dedicated to bringing the technology to life."
Click through for more information, and the list of the 11 U.S. cities being suggested for hyperloop destinations.Read Replies (0)
By msmash from Slashdot's what's-happening department
Hacker group 'The Shadow Brokers', which last year allegedly released top-secret tools that the National Security Agency had used to break into the networks of foreign governments and other espionage targets, today said it is disappointed with President Donald Trump, and released more such alleged tools. From a report on Motherboard: On Saturday, The Shadow Brokers, a hacker or group of hackers that has previously dumped NSA hacking tools, released more alleged exploits. The group published a password for an encrypted cache of files they distributed last year. "Be considering this our form of protest," the group wrote in a rambling, politically loaded rant published on Medium. Back in August, The Shadow Brokers released a number of exploits stolen from the NSA. Many of these affected hardware firewalls, from companies such as Cisco and Juniper. At the time, the group also dumped another cache allegedly containing more hacking tools, and said they would release the corresponding password to the winner of a bitcoin auction. That fund-raising effort was ultimately unsuccessful, and The Shadow Brokers claimed they were calling the whole thing off in January. But now, anyone can unlock the auction data dump. (Motherboard confirmed that the password did indeed decrypt the original auction file). In a series of tweets, Edward Snowden said, "NSA just lost control of its Top Secret arsenal of digital weapons; hackers leaked it. 1) https://github.com/x0rz/EQGRP 2) For those who have never heard of the hacker group behind today's leak of NSA's cyberweapons, last year's story." He adds, "quick review of the ShadowBrokers leak of Top Secret NSA tools reveals it's nowhere near the full library, but there's still so much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can't, it's a scandal."Read Replies (0)
By EditorDavid from Slashdot's back-to-school department
"Hackers accessed the data of up to 100,000 people through a tool that helps students get financial aid," writes CNN. An anonymous reader quotes their report:
IRS Commissioner John Koskinen testified before the Senate Finance Committee Thursday that a breach had been discovered in the fall. In September, he said, his agency discovered that fraudsters could use someone's personal data to fill out a financial aid application, and the "Data Retrieval Tool" would populate the application with tax information. That information could be used to file false tax returns. The commissioner said fewer than 8,000 of these returns were processed, and refunds were issued totaling $30 million...
In October, the IRS told the Department of Education that the system could be abused by criminals, but because up to 15 million people use the system for convenience, they kept it available. However, in February, the agency witnessed a pattern of fraudulent activity, and it shut down the automated tool in March.
Now financial aid seekers will have to manually enter their parents' reported income from previous tax years -- at least until a new version of the tool comes online next October. In the meantime, the IRS is alerting 100,000 users who started an application but didn't finish it, warning them that their tax information may have been compromised.Read Replies (0)
By EditorDavid from Slashdot's don't-be-evil department
"Linux and open-source software have had to contend with intellectual property legal challenges for years," writes ZDNet. "Now, Google has started a new effort to bring peace to potential Android IP sore points: PAX... a royalty-free, community-patent cross-license."
PAX is starting with nine members: Google, Samsung Electronics, LG Electronics, HTC, Foxconn Technology Group, Coolpad, BQ, HMD Global, and Allview. These companies own more than 230,000 global patents. PAX's purpose is to create a "community-driven [patent] clearinghouse, developed together with our Android partners, [that] ensures that innovation and consumer choice -- not patent threats -- will continue to be key drivers of our Android ecosystem. PAX is free to join and open to anyone."
Slashdot reader Andy Updegroved writes:
The question is why? The announcement and the related website are extremely brief, and although everyone is invited to get a copy of the cross license, Google reserves the right to decide first whether your motives are pure and you can keep a secret. And so far, the only members of the "PAX Community" listed are existing Google business partners. Is Google aware of some new patent tempest brewing just over the horizon, about to burst into public view? And will any other company names and logos be added to the PAX Community Web page? We'll just have to stay tuned to find out.
Andy Updegrove tells ZDNet it does involve "formal cross-licenses between participants, and therefore enforceable rights, but not an infrastructure to do more (at least insofar as one can tell from the initial announcement)."Read Replies (0)
By BeauHD from Slashdot's do-you-want-to-play-a-game department
An anonymous reader quotes a report from Ars Technica: Rensenware" forces players to get a high score in a difficult PC shoot-em-up to decrypt their files. As Malware Hunter Team noted yesterday, users on systems infected with Rensenware are faced with the usual ransomware-style warning that "your precious data like documents, musics, pictures, and some kinda project files" have been "encrypted with highly strong encryption algorithm." The only way to break the encryption lock, according to the warning, is to "score 0.2 billion in LUNATIC level" on TH12 ~ Undefined Fantastic Object. That's easier said than done, as this gameplay video of the "bullet hell" style Japanese shooter shows. As you may have guessed from the specifics here, the Rensenware bug was created more in the spirit of fun than maliciousness. After Rensenware was publicized on Twitter, its creator, who goes by Tvple Eraser on Twitter and often posts in Korean, released an apology for releasing what he admitted was "a kind of highly-fatal malware." The apology is embedded in a Rensenware "forcer" tool that Tvple Eraser has released to manipulate the game's memory directly, getting around the malware's encryption without the need to play the game (assuming you have a copy installed, that is). While the original Rensenware source code has been taken down from the creator's Github page, a new "cut" version has taken its place, showing off the original joke without any actually malicious forced encryption.Read Replies (0)
By BeauHD from Slashdot's unforeseen-consequences department
sciencehabit quotes a report from Science Magazine: It happened thousands of years ago, and it may be happening again: Wolves in various parts of the world may have started on the path to becoming dogs. That's the conclusion of a new study, which finds that the animals are increasingly dining on livestock and human garbage instead of their wild prey, inching closer and closer to the human world in some places. But given today's industrialized societies, this closeness might also bring humans and wolves into more conflict, with disastrous consequences for both. To find out how gray wolves might be affected by eating more people food, Thomas Newsome, an evolutionary biologist at the Deakin University in Melbourne, Australia, and his colleagues examined studies of what's happened to other large carnivores that live close to people. Newsome's 2014 study of a dingo population in Australia's Tanami Desert showed that the wild dogs' habit of dining almost exclusively on junk food at a waste management facility had made them fat and less aggressive. They were also more likely to mate with local dogs and had become "cheeky," says Newsome, daring to run between his legs as he set out traps for them. Most intriguingly, the dumpster dingoes' population formed a genetic cluster distinct from all other dingoes -- indicating that they were becoming genetically isolated, a key step in forming a new species. Is this happening to gray wolves? The conditions are ripe for it, says Newsome, noting that human foods already make up 32% of gray wolf diets around the world. The animals now mostly range across remote regions of Eurasia and North America, yet some are returning to developed areas. The paper has been published in the journal Bioscience.Read Replies (0)
By BeauHD from Slashdot's hot-and-steamy department
Artem Tashkinov quotes a report from Washington Post: There are a lot of good reasons to be captivated by the exoplanet GJ 1132b. Located in the constellation Vela, it's a mere 39 light-years from Earth -- just a hop, skip and a jump in galactic terms. It's similar to Earth in terms of size and mass, and it dances in a close-in orbit around its star, a dimly burning red dwarf. And, astronomers recently discovered, it has an atmosphere. The finding, published in the Astronomical Journal, is the first detection of an atmosphere around a terrestrial "Earth-like" planet orbiting a red dwarf star -- and it suggests there could be millions more. Although the researchers call the planet "Earth-like," the term is only applicable in its broadest sense. GJ 1132b is so close to its sun that it more likely resembles Venus than Earth. Astronomers estimate its average temperature to be about 700 degrees Fahrenheit, and that's without taking into account the potential greenhouse effect of its atmosphere. It is also probably tidally locked, meaning that gravity keeps one side of the planet constantly facing the star, while the other is cast in permanent shadow. GJ 1132b would not make a cozy home for life -- at least, not life as we know it.Read Replies (0)
By BeauHD from Slashdot's equality-for-all department
The U.S. Department of Labor is accusing Google of discriminating against its female employees and violating federal employment laws with its salaries for women. "We found systemic compensation disparities against women pretty much across the entire workforce," Janette Wipper, a Department of Labor regional director, testified in court in San Francisco on Friday. The Guardian reports: Google strongly denied the accusations of inequities, claiming it did not have a gender pay gap. The allegations emerged at a hearing in federal court as part of a lawsuit the DoL filed against Google in January, seeking to compel the company to provide salary data and documents to the government. Google is a federal contractor, which means it is required to allow the DoL to inspect and copy records and information about its its compliance with equal opportunity laws. Last year, the department's office of federal contract compliance programs requested job and salary history for Google employees, along with names and contact information, as part of the compliance review. Google, however, repeatedly refused to hand over the data, which was a violation of its contractual obligations with the federal government, according to the DoL's lawsuit. Labor officials detailed the government's discrimination claims against Google at the Friday hearing while making the case for why the company should be forced to comply with the DoL's requests for documents. Wipper said the department found pay disparities in a 2015 snapshot of salaries and said officials needed earlier compensation data to evaluate the root of the problem and needed to be able to confidentially interview employees.Read Replies (0)