By BeauHD from Slashdot's so-easy-a-caveman-can-do-it department
Willium Caput, a researcher for the firm Evolve Security, examined a stack of gift cards he obtained from a major Mexican restaurant chain and noticed a pattern: aside from the final four digits of the cards that appeared to be random, the rest remained constant except one digit that appeared to increase by one with every card he examined. Andy Greenberg explains how Caput plans to defraud the system in his report via WIRED (Warning: source may be paywalled; alternative source): "You take a small sample of gift cards from restaurants, department stores, movie theaters, even airlines, look at the pattern, determine the other cards that have been sold to customers and steal the value on them," says Caput. To pull off the trick, Caput says he has to obtain at least one of the target company's gift cards. Unactivated cards often sit out for the taking at restaurants and retailers, or he can just buy one. (Not all cards change by a value of one, as that first Mexican restaurant did. But Caput says obtaining two or three cards can help to determine the patterns of those that don't.) Then he simply visits the web page that the store or restaurant uses for checking a card's value. From there, he runs the bruteforcing software Burp Intruder to cycle through all 10,000 possible values for the four random digits at the end of the card's number, a process that takes about 10 minutes. By repeating the process and incrementing the other, predictable numbers, the site will confirm exactly which cards have how much value. "If you can find just one of their gift cards or vouchers, you can bruteforce the website," he says. Once a thief has determined those activated, value-holding card numbers, he or she can use them on the retailer's ecommerce page, or even in person; Caput's written them to a blank plastic card with a $120 magnetic-strip writing device available on Amazon, and found that most retailers accept his cards without questions. (Caput only asks the store or restaurant to check the card's balance, rather than spend any money from the cards belonging to actual victims.) "It's a pretty anonymous attack," Caput says. "I can go in, order food, and walk out. The person's card says it has $50 on it, and then it's gone." Caput said he plans to present his findings at the Toorcon hacker conference this weekend.Read Replies (0)
By BeauHD from Slashdot's join-the-club department
Samsung on Wednesday has obtained a permit from the California Department of Motor Vehicles to test autonomous cars on the streets of California. Samsung joins a group of other tech companies already on the list, including Apple, Uber, Nvidia and Alphabet's Waymo, as well as several automakers like Ford, BMW, Volkswagen and Tesla. CNET reports: Samsung confirmed the news, but said it doesn't plan to actually manufacture self-driving cars. "As a global leader in connectivity, memory, and sensor technology, Samsung Electronics looks forward to participating in California's Autonomous Vehicle Tester Program and joining in the pursuit of a smarter, safer transportation future," a Samsung spokesman said in a statement. "While we have no plans to enter the car-manufacturing business, we are excited to help develop and deliver the next generation of automotive innovation." The company received a permit from the South Korean government to test autonomous cars in that country in May. Last year, it bought a car tech company called Harman for $8 billion.Read Replies (0)
By BeauHD from Slashdot's record-breaking department
SanDisk has managed to cram 400GB into a microSD card, making it the largest microSD card currently on the market. The company said the capacity breakthrough was the result of Western Digital, the company that owns SanDisk, "leveraging its proprietary memory technology and design and production processes that allow for more bits per die." The nitty-gritty details weren't revealed beyond that. ExtremeTech reports: The speed appears to come with a tradeoff. SanDisk trumpets its A1 speed rating, saying: "Rated A1, the SanDisk Ultra microSD card is optimized for apps, delivering faster app launch and performance that provides a better smartphone experience." This is a generous reading of the A1's target performance specification. Last year, the SD Association released a report discussing the App Performance Class memory card specification and why the spec was created in the first place. When Android added support for running applications from an SD card, there was a need to make certain the cards people bought would be quick enough to run apps in the first place. The A1 is rated for 1500 read and 500 write IOPS, with a sequential transfer speed of 10MB/s. This SanDisk drive should run applications just fine. SanDisk claims it can be used for recording video, not just storing it. But it's not going to be fast enough for 4K data; Class 10 devices are limited to 10MB/s of sequential write performance. Obviously not all phones support shooting in 4K anyway, so whether this is a limitation will depend on what device you plan to plug it into. The 100MB/s speed trumpeted by Western Digital is a reference to read speeds; write speeds are lower and likely closer to the 10MB/s sequential target mentioned above. The microSD card is expected to retail for $250.Read Replies (0)
By msmash from Slashdot's reality-check department
The number of movie tickets sold in the U.S. this summer (425 million) is likely to be the lowest level since 1992, the L.A. Times reports. "Theaters, studios hit by summer box-office blues." The reason: Too many bad movies, including sequels, reboots and aging franchises that no one wanted to see. Some point to rising ticket prices, which hit a record high in the second quarter. From the report: Then there are long-term challenges, including competition from streaming services such as Netflix and the influence of the movie review site Rotten Tomatoes. How about all of the above? What is clear: This summer was marred with multiple high-profile films that flopped stateside, including "The Mummy," "Baywatch," "The Dark Tower" and "King Arthur: Legend of the Sword." Sequels in the "Alien," "Transformers" and "Pirates of the Caribbean" franchises also disappointed. The business is also reckoning with broader, longer-term threats that have kept Americans from flocking to theaters the way they used to. People now have more entertainment options than ever, and cinemas have struggled to keep up, despite efforts to adapt with improved technology and services, industry analysts say. The problem is exacerbated by an unforgiving social media environment in which bad movies are immediately punished by online word of mouth.Read Replies (0)
By BeauHD from Slashdot's expanding-and-contracting department
According to TechCrunch, Postmates has let go of all of its city managers, as it centralizes some of its operations at its headquarters in San Francisco. "The total number of people affected by the move is 15 across markets like Boston, Denver, Las Vegas, Nashville, New York, Philadelphia, St Louis, San Diego, and Washington, DC," reports TechCrunch. From the report: In a statement, Postmates said that general managers will take on city managers' responsibilities. "Postmates has grown rapidly over the last six years -- and continues to grow in more than 200 cities across the U.S. As part of that growth, we've decided to centralize some of our regional marketing efforts within our San Francisco headquarters," a spokesperson said in the emailed statement. "Centralizing these functions will enable us to execute more quickly -- and ultimately help us be more nimble and effective as we continue to aggressively scale the company. Our general managers will remain in place and continue to help lead our local efforts. We are thankful to our city managers for all their hard work, and we're confident that they will be successful in their future endeavors." One of the tipsters, an ex-city manager, said that employees were taken by surprise: Postmates had just earlier this month organized a retreat for the city managers, which they saw as a team building exercise. The tipster also added that the murmurs were that the cost-cutting was being done "as a precursor to an acquisition," but Postmates' spokesperson denied that this is the case, and also ruled out a merger and fundraising as reasons for the cuts.Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
At a press conference in Berlin, LG announced their newest flagship smartphone, the LG V30. The V30 doesn't feature a removable battery or a secondary display like its predecessor, but it does feature faster performance and a significantly redesigned build construction that puts in more in line with Samsung and Apple's offerings. PhoneDog reports: A bigger device with beefier specs, the LG's V series took more design cues from the G series this year more than ever. As expected, LG got rid of the secondary display in favor of a single 6-inch LG P-OLED display (not Super AMOLED, although practically the same with rich black and vibrant colors). The V30 switches out its secondary display for slimmer bezels, which may prove to be a smart move considering how popular the concept is this year. Specs look pretty solid, although there were reports that the device would feature 6GB of RAM rather than 4GB. The bread and butter of the V30 are its sophisticated audio and its dual rear camera set-up. Speaking of the back of the device, another small advantage that LG may have over the competition is the center placement of its rear fingerprint sensor, which has been a bit of a pain point for Samsung this year with the S8 and the Note 8. The LG V30 is set to release on September 21 in South Korea, with releases in North America, Asia, Africa, and Europe following shortly after. LG also has yet to announce a price for the V30, although rumors peg it to be around 800,000 KRW in South Korea (which equates to about $699 in the U.S.). For those interested, GSMArena has a full spec sheet available for the LG V30. Some of the noteworthy specs include a 6-inch LG P-OLED display with an 18:9 aspect ratio and QHD (1440 x 2880) resolution, Snapdragon 835 processor with 4GB RAM, dual 16-megapixel/13-megapixel rear-facing camera sensors, headphone jack, 32-bit/192kHz audio, wireless charging and Android 7.1.2 Nougat.Read Replies (0)
By BeauHD from Slashdot's call-to-action department
An anonymous reader quotes a report from Apple Insider: Apple has written to the U.S. Federal Communications Commission in support for the concept of net neutrality, with its four-page commentary arguing for the government agency to "retain strong, enforceable open internet protections" instead of rolling back the rules forbidding "fast lane" internet connections. "An open internet ensures that hundreds of millions of consumers get the experience they want, over the broadband connections they choose, to use the devices they love, which have become an integral part of their lives," starts the comment signed by Cynthia Hogan, Apple's Vice President of Public Policy for the Americas. Citing a "deep respect" for its customers' privacy, security, and control over personal information, Apple believes this extends to their internet connection choices as well. "What consumers do with those tools is up to them -- not Apple, and not broadband providers," the statement claims, before urging the FCC to keep advancing the key principles of net neutrality. Based on a belief of consumer choice with regards to connectivity, Apple insists broadband providers should not "block, throttle, or otherwise discriminate against lawful websites and services," and not create "paid fast lanes on the internet." Lifting current FCC bans on these restrictions could allow broadband providers to favor one service over another's, "fundamentally altering the internet as we know it today -- to the detriment of consumers, competition, and innovation." Allowing such fast lanes could result in an internet with heavily distorted competition, caused through online providers being forced to make deals or risk losing customers from providing a hampered service. Apple suggests the practice could "create artificial barriers to entry for new online services, making it harder for tomorrow's innovations to attract investment and succeed," effectively turning broadband providers into a king-maker based on its priorities.Read Replies (0)
By msmash from Slashdot's trapped department
A Canadian university transferred more than $11 million CAD (around $9 million USD) to a scammer that university staff believed to be a vendor in a phishing attack, a university statement published on Thursday states. From a report: Staff at MacEwan University in Edmonton, Alberta became aware of the fraud on Wednesday, August 23, the statement says. According to the university, the attacker sent a series of emails that convinced staff to change payment details for a vendor, and that these changes resulted in the transfer of $11.8 million CAD into bank accounts that the school has traced to Canada and Hong Kong. The school is working with authorities in Edmonton, Montreal, London, and Hong Kong, the statement reads. According to the university, its IT systems were not compromised and no personal or financial information was stolen. A phishing scam is not technically a "hack," it should be noted, and only requires the attacker to convince the victim to send money. The school's preliminary investigation found that "controls around the process of changing vendor banking information were inadequate, and that a number of opportunities to identify the fraud were missed."Read Replies (0)
By msmash from Slashdot's up-next department
In a 30-page report, Larry Miller, the head of New York University's Steinhart Music Business Program, argues that traditional radio has failed to engage with Generation Z -- people born after 1995 -- and that its influence and relevance will continue to be subsumed by digital services unless it upgrades. Key points made in the study include: Generation Z, which is projected to account for 40% of all consumers in the U.S. by 2020, shows little interest in traditional media, including radio, having grown up in an on-demand digital environment. AM/FM radio is in the midst of a massive drop-off as a music-discovery tool by younger generations, with self-reported listening to AM/FM radio among teens aged 13 and up declining by almost 50 percentage points between 2005 and 2016. Music discovery as a whole is moving away from AM/FM radio and toward YouTube, Spotify and Pandora, especially among younger listeners, with 19% of a 2017 study of surveyed listeners citing it as a source for keeping up-to-date with music -- down from 28% the previous year. Among 12-24 year olds who find music discovery important, AM/FM radio (50%) becomes even less influential, trailing YouTube (80%), Spotify (59%), and Pandora (53%). By 2020, 75% of new cars are expected to be "connected" to digital services, breaking radio's monopoly on the car dashboard and relegating AM/FM to just one of a series of audio options behind the wheel. According to the U.S. Department of Transportation, the typical car in the U.S. was 11.6 years old in 2016, which explains why radio has not yet faced its disruption event. However, drivers are buying new cars at a faster rate than ever, and new vehicles come with more installed options for digital music services.Read Replies (0)
By msmash from Slashdot's pushing-the-boundaries department
Saritha Rai, writing for Bloomberg: A teenage entrepreneur who became a millionaire by 20 before sharing a billion-dollar fortune at 36, Bhavin Turakhia isn't afraid to think big. Now he's putting $45 million of his own money into building a rival to Slack and other office messaging platforms. Flock, a cloud-based team collaboration service, has attracted 25,000 enterprise users and customers including Tim Hortons, Whirlpool and Princeton University. It's a market that has already drawn interest from global technology giants Facebook, Amazon.com and Microsoft. This time last year, few had heard of Bhavin and his younger brother Divyank. That changed when they sold their advertising technology company Media.net, with customers including Yahoo, CNN and the New York Times, to a Chinese consortium for $900 million. The all-cash deal catapulted the duo from mere millionaires into the ranks of the super-rich. "I want to make Flock bigger and better than anything I've built before," Bhavin Turakhia, wearing his signature dark Levi's T-shirt and Puma sweatpants, said at his Bangalore offices.Read Replies (0)
By BeauHD from Slashdot's new-and-shiny department
Today, AMD announced the global release and broad adoption of AMD Ryzen Pro desktop processors. At its launch event in New York City, the company touted three main pillars that define these chipsets: reliability, security, and performance. They support features like Trusted Platform Module 2.0, which integrates secure microcontrollers into devices, GuardMI technology, which enables silicon-level security to help protect against threats, and SenseMI technology, which consists of a collection of smart features that aims to fine-tune performance for most responsive applications. For the first time, AMD has partnered with the top three PC OEMs: HP, Dell and Lenovo. Brad Chacos for PCWorld provides a "rundown of the commercial-focused Ryzen Pro systems that are coming down the pipeline, straight from AMD":
-Dell Optiplex 5055 desktop PCs are expected to ship in the coming weeks.
-HP EliteDesk 705 desktop PCs are expected to ship in the coming weeks.
-Lenovo ThinkCentre M715 desktop PCs are expected to ship in the coming weeks.
-Lenovo ThinkPad A475 and A275 notebook PCs are expected in Q4 2017.
-Ryzen PRO mobile processors are scheduled for launch in the first half of 2018.
< article continued at Slashdot's new-and-shiny department
>Read Replies (0)
By msmash from Slashdot's bravo department
An anonymous reader shares a report: In the days before Harvey hit Texas, flight controllers at NASA's Johnson Space Center outside of Houston had a decision to make: should they evacuate or ride out the storm at the agency's Mission Control Center? The dilemma wasn't just about the safety of the flight controllers. These personnel are tasked with flying the International Space Station -- a round-the-clock job that can't be done just anywhere. If there's a gap in ground communication, it could put the astronauts in danger. [...] On August 22nd, three days before the storm hit, the mission team was briefed by the National Oceanic and Atmospheric Administration, and decided the best plan was to stay put. They realized that whatever hit Texas would likely hit Round Rock, too, which is located outside of Austin. Plus, Harvey's real danger looked to be the water rather than the winds. The building containing the Mission Control Center is designed to withstand flooding incredibly well. But the team also knew they had to prepare. "Where you don't want to find yourself is just a single flight controller in any position who can't leave because there's no one to replace them," says Scoville. So the flight controllers were told to come into work early and to make sure they had a way to both enter and leave the center safely. Many showed up Friday night with "big, monstrous climbing backpacks," says Scoville. Meanwhile, cots were set up in a nearby room and in a building that serves as an astronaut quarantine facility, where astronauts quarantine before launch to avoid getting sick in space. "We have training rooms that are a mere copy of the flight control room," says Scoville. "They have the same consoles and same screens, but we turned off the lights and put some cots in there. It was interesting to see these rooms usually lit up with all these screens blacked out for people to sleep." Throughout the weekend, Mission Control operated with the bare minimum essential personnel needed to keep the ISS working safely. Normally, flight controller teams work in nine-hour shifts, swapping out three times a day. During the storm, only about six flight controllers worked each shift, and some stretched their shifts to 12 hours. Because the flooding made the roads impassable, everyone had to spend a couple of nights at NASA.Read Replies (0)
By msmash from Slashdot's unravelling-mysteries department
An anonymous reader shares a report: On the night of March 11, 1437 A.D., in what is now modern-day Seoul, a new star appeared in the sky, seemingly out of nowhere. The newcomer shone for 14 days before fading into the darkness. Korean astronomers noted the mysterious star and its brief stint in the sky in their records. Centuries later, modern astronomers studying these records determined that what the Koreans had seen was a cosmic explosion called a nova. Novae occur in two-star systems, when a dead star, known as a white dwarf, starts eating away at its companion, a star like our sun. The white dwarf slowly builds a layer of hydrogen stolen from the other star over tens of thousands of years, and then ejects it all at once, producing an eruption of light 300,000 times brighter than the sun that can last for weeks. Michael Shara and his researcher colleagues have spent the last nearly 30 years looking for the star responsible for this nova. In a new paper published Wednesday in Nature, they say they've finally found it. "It's been like searching for a needle in a billion haystacks," Shara said. For most of their search, Shara, a curator in the American Museum of Natural History's department of astrophysics; Richard Stephenson, a historian of ancient astronomical records at Durham University; and Mike Bode, an astrophysicist at Liverpool John Moores University, focused on a part of the sky where they suspected the mystery star must lurk. The investigation was an on-again, off-again effort of "failure after failure after failure," one that they returned to when they had the time or a lead. Last year, Shara found some relevant files in his office that he hadn't looked at in nearly a decade, and decided to expand the search area in the sky. He started combing through digital databases of stars, looking for any interesting targets. In one astronomical catalog, he saw a well-known planetary nebula, a glowing shell of gas and dust. In a different catalog, he found an image of a binary star taken in 2016 in the same area. Then it hit him: That wasn't a planetary nebula. It was the leftover shell of a nova explosion, floating near the star system that produced it.Read Replies (0)
By BeauHD from Slashdot's fingers-crossed department