By EditorDavid from Slashdot's serious-replies-only department
An anonymous Slashdot reader writes:
The National Institute of Standards and Technology has its own "Commission on Enhancing National Cybersecurity," and this week they issued a call for public comments on "current and future challenges" involving critical infrastructure cybersecurity, the concept of cybersecurity insurance, public awareness, and the internet of things (among other topics) for both the private and public sector.
Long-time Slashdot reader Presto Vivace quotes The Hill: it is specifically asking for projections on policies, economic incentives, emerging technologies, useful metrics and other current and potential solutions throughout the next decade... Comments will be due by 5 p.m. on September 9.
Internet services "have come under attack in recent years in the form of identity and intellectual property theft, deliberate and unintentional service disruption, and stolen data," writes NIST. "Steps must be taken to enhance existing efforts to increase the protection and resilience of the digital ecosystem, while maintaining a cyber environment that encourages efficiency, innovation, and economic prosperity." Separately, NIST is also requesting comments on a new process to "solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms... If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere... NIST plans to specify preliminary evaluation criteria for quantum-resistant public key cryptography standards."Read Replies (0)
By EditorDavid from Slashdot's we-are-still-alone department
Long-time Slashdot reader sehlat shares "a highly accessible summary" of a new theory about why we haven't yet find life on other planets -- that "we're not latecomers, but very, very early." From Lab News:
The universe is 13.8 billion years old, with Earth forming less than five billion years ago. One school of thought among scientists is that there is life billions of years older than us in space. But this recent study in the Journal of Cosmology and Astroparticle Physics argues otherwise... "We find that the chance of life grows much higher in the distant future..."
Stars larger than approximately three times the Sun's mass will perish before life has a chance to evolve... The smallest stars weigh less than a tenth as much as the sun and will glow for 10 trillion years, meaning life has lot of time to begin on those planets orbiting them in the 'habitable zone'. The probability of life increases over time so the chance of life is many times higher in the distant future than now.
The paper ultimately concludes that life "is most likely to exist near 0.1 solar-mass stars ten trillion years from now."Read Replies (0)
By EditorDavid from Slashdot's 73-years-after-the-original department
An anonymous reader quotes The Verge:
GoldenEye: Source received its first update in more than three years this week. It's free to download and it features 25 recreated maps, 10 different multiplayer modes, and redesigned versions of the original game's 28 weapons. It was created using Valve's Source engine, the same set of tools used to create Counter Strike and Half-Life games. So it's a massive step up in both visuals and performance for one of the more drastically dated gaming masterpieces of the last 20 years...
GoldenEye 007, the beloved N64 first-person shooter, has been recreated in high-definition glory by a team of dedicated fans over the course of 10 years...the attention to detail and the amount of effort that went into GoldenEye: Source make it one of the most polished HD remakes of a N64 classic.
With 8 million copies sold, Wikipedia calls it the third best-selling Nintendo 64 game of all-time (although this version doesn't recreate its single-player campaigns). Anyone have fond memories of playing Goldeneye 007?Read Replies (0)
By EditorDavid from Slashdot's another-Android-exploit department
Trailrunner7 quotes a report from OnTheWire:
: Researchers from an Austrian university have developed techniques that allow them to perform cache attacks on non-rooted Android phones that can monitor the keystrokes, screen taps, and even observe code execution inside the ARM processor's TrustZone secure execution environment. The attacks the team developed are complex and rely on a number of individual building blocks. The techniques are similar to some used against Intel x86 processor-based systems, but the team from Graz University of Technology in Austria shows that they can be used on ARM-based systems, such as Android phones, as well. "Based on our techniques, we demonstrate covert channels that outperform state-of-the-art covert channels on Android by several orders of magnitude. Moreover, we present attacks to monitor tap and swipe events as well as keystrokes, and even derive the lengths of words entered on the touchscreen," the researchers wrote in their paper, which was presented at the USENIX Security Symposium this week.
It's a proof-of-concept attack. But interestingly, another recently-discovered Android vulnerability also required the user to install a malicious app -- and then allowed attackers to take full control of the device.Read Replies (0)
By EditorDavid from Slashdot's bookkeepers-know-all department
Skully raised $2.4 million on Indiegogo in 2014 to manufacture motorcycle helmets with built-in Augmented Reality. Now they're filing for bankruptcy, and informing customers that refunds are unlikely on their $1,500 pre-ordered helmets. But a lawsuit filed by Skully bookkeeper Isabelle Faithhauer "claims the Wellers used the funds raised by the Indiegogo campaign and a secondary $11 million round of funding in 2015 as their personal 'piggy banks' to buy several motorcycles, two Dodge Vipers, groceries, and so on," according to a Digital Trends article shared by KingGypsy:
The Wellers took trips to Bermuda and Hawaii using company funds, she said, went to strip clubs, rented a Lamborghini, and paid for personal housekeeping services on the company credit card, as well as paying out funds ranging from $500 to $80,000. Lastly, she claims that the Wellers asked her to fudge the books to obscure the expenses. Faithhauer claims that when accountants came calling with questions about the expenses, she was up front about what was going on. She says that when she took a pre-approved vacation to Disneyland in December of 2015, she was fired upon her return and offered a severance package, which the suit calls "hush money." She declined the offer.
"Following her termination at Skully, Faithhauer claims that when she found a new job, her new employer contacted the Wellers at Skully and were told she could not be trusted with confidential information. She was fired from that job as well."Read Replies (0)
By BeauHD from Slashdot's mysterious-operating-systems department
An anonymous reader writes: Google is working on a new operating system dubbed Fuchsia OS for smartphones, computers, and various other devices. The new operating system was spotted in the Git repository, where the description reads: "Pick + Purple == Fuchsia (a new Operating System). Hacker News reports that Travis Geiselbrech, who worked on NewOS, BeOS, Danger, Palm's webOS and iOS, and Brian Swetland, who also worked on BeOS and Android will be involved in this project. Magenta and LK kernel will be powering the operating system. "LK is a kernel designed for small systems typically used in imbedded applications," reads the repository. "On the other hand, Magenta targets modern phones and modern personal computers with fast processors, non-trivial amounts of RAM with arbitrary peripherals doing open-ended computation." It's too early to tell exactly what this OS is meant for. Whether it's for an Android and Chrome OS merger or something completely new, it's exciting nonetheless.Read Replies (0)
By BeauHD from Slashdot's tense-times department
schwit1 quotes a report from Space.com: A powerful solar storm nearly heated the Cold War up catastrophically a half century ago, a new study suggests. The U.S. Air Force began preparing for war on May 23, 1967, thinking that the Soviet Union had jammed a set of American surveillance radars. But military space-weather forecasters intervened in time, telling top officials that a powerful sun eruption was to blame, according to the study. "Had it not been for the fact that we had invested very early on in solar and geomagnetic storm observations and forecasting, the impact [of the storm] likely would have been much greater," Delores Knipp, a space physicist at the University of Colorado Boulder and the study's lead author, said in a statement. "This was a lesson learned in how important it is to be prepared." Initially, it was assumed that the Soviet Union was to blame. Since radar jamming is considered an act of war, "commanders quickly began preparing nuclear-weapon-equipped aircraft for launch." Spoiler: Solar forecasters at the North American Aerospace Defense Command (NORAD) figured out it was a flare that caused the outages, not the Soviets. You can read the abstract of the paper for free here.Read Replies (0)
By BeauHD from Slashdot's 21st-century-space-race department
hackingbear quotes a report from Popular Science: While SpaceX is making news with its recoverable rockets, China announced that it is working on the next big thing in spaceflight: a hypersonic spaceplane. The China Aerospace Science and Technology Corporation is beginning advanced research on a high tech, more efficient successor to the retired Space Shuttle, with hybrid combined cycle engines combining turbofan, ramjet, scramjet and rocket engines, that can takeoff from an airport's landing strip and fly straight into orbit. CASTC's rapid research timeline also suggests that the reports in 2015 of a Mach 4 test flight for a recoverable drone testbed for a combined cycle ramjet/turbofan engine were accurate. And China also has the world's largest hypersonic wind tunnel, the Mach 9 JF-12, which could be used to easily test hypersonic scramjets without costly and potentially dangerous flight testing at altitude. Its nearest competitor, the British Skylon in contrast uses pre-cooled jet engines built by Reaction Engines Limited to achieve hypersonic atmospheric flight, as opposed to scramjets. Both spacecraft will probably first fly around the mid 2020s.Read Replies (0)
By BeauHD from Slashdot's give-me-your-lunch-money department
An anonymous reader quotes a report from Ars Technica: The 4th Circuit Court of Appeals ruled Friday in favor of the American government's seizure of a large number of Megaupload founder Kim Dotcom's overseas assets. Seized items include millions of dollars in various seized bank accounts in Hong Kong and New Zealand, multiple cars, four jet skis, the Dotcom mansion, several luxury cars, two 108-inch TVs, three 82-inch TVs, a $10,000 watch, and a photograph by Olaf Mueller worth over $100,000. After years of delay, in December 2015, Dotcom was finally ordered to be extradited to the United States to face criminal charges. But his appeal is set to be heard before the High Court in Auckland on August 29. In its court filings, prosecutors argued that because Dotcom had not appeared to face the charges against him in the United States, he is therefore susceptible to "fugitive disentitlement." That legal theory posits that if a defendant has fled the country to evade prosecution, he or she cannot make a claim to the assets that the government wants to seize under civil forfeiture. But as the Dotcom legal team claimed, the U.S. can neither use its legal system to seize assets abroad nor can Dotcom be considered a fugitive if he has never set foot in the United States. However, the 4th Circuit disagreed: "Because the statute must apply to people with no reason to come to the United States other than to face charges, a "sole" or "principal" purpose test cannot stand. The principal reason such a person remains outside the United States will typically be that they live elsewhere. A criminal indictment gives such a person a reason to make the journey, and the statute is aimed at those who resist nevertheless." Civil forfeiture in the United States allows law enforcement to seize one's assets if they are believed to be illegally acquired -- even without filing any criminal charges.Read Replies (0)
By BeauHD from Slashdot's paperwork department
An anonymous reader quotes a report from SiliconBeat: Data thieves used a massive "botnet" against professional networking site LinkedIn and stole member's personal information, a new lawsuit reveals. "LinkedIn members populate their profiles with a wide range of information concerning their professional lives, including summaries (narratives about themselves), job histories, skills, interests, educational background, professional awards, photographs and other information," said the company's complaint, filed in Northern California U.S. District Court (PDF). "During periods of time since December 2015, and to this day, unknown persons and/or entities employing various automated software programs (often referred to as 'bots') have extracted and copied data from many LinkedIn pages." It is unclear to what extent LinkedIn has been able to stymie the attack. A statement from the firm's legal team suggests one avenue of penetration has been permanently closed, but does not address other means of incursion listed in the lawsuit. "Their actions have violated the trust that LinkedIn members place in the company to protect their information," the complaint said. "LinkedIn will suffer ongoing and irreparable harm to its consumer goodwill and trust, which LinkedIn has worked hard for years to earn and maintain, if the conduct continues." LinkedIn says it has more than 128 million U.S. members and more than 400 million worldwide. According to the complaint, the hackers got around six LinkedIn cybersecurity systems, and also manipulated a cloud-services company that was on the company's "whitelist" of "popular and reputable service providers, search engines and other platforms" which interact with LinkedIn under less severe security measures than other third parties. The manipulation allowed the hackers to send requests to LinkedIn servers. "This was not an attack or data breach where confidential data was stolen," LinkedIn's legal team said in a statement. "This suit is about unknown entities using automated systems to scrape and copy data that members have made available on LinkedIn, violating the law and our Terms of Service."Read Replies (0)
By BeauHD from Slashdot's renewable-energy department
An anonymous reader quotes a report from Associated Press: The nation's first offshore wind farm is set to open off the coast of Rhode Island this fall, ushering in a new era in the U.S. for the industry. Developers, federal regulators and industry experts say the opening will move the U.S. industry from a theory to reality, paving the way for the construction of many more wind farms that will eventually provide power for many Americans. Deepwater Wind is building a five-turbine wind farm off Block Island, Rhode Island to power about 17,000 homes. The project costs about $300 million, according to the company. CEO Jeffrey Grybowski said the Block Island wind farm enables larger projects because it proves that wind farms can be built along the nation's coast. Offshore wind farms, which benefit from strong winds because of their location, are being proposed near population epicenters that lack the space to build on land. Indeed, several states are pushing ambitious clean energy goals, which include offshore wind. Among them is California, which has a target of generating 50 percent of its power from renewable sources by 2030. Vermont hopes to hit 55 percent by next year and Hawaii has called for 100 percent renewable power by 2045.Read Replies (0)
By BeauHD from Slashdot's money-as-an-incentive department
An anonymous reader writes from a report via Softpedia: "In the most innovative, weirdest, and stupidest idea of the month, two researchers from the University of Colorado Boulder and the University of Michigan have created a crypto-currency that rewards people for participating in DDoS attacks," reports Softpedia. "Called DDoSCoin, this digital currency rewards a person (the miner) for using their computer as part of a DDoS attack. Just like Bitcoin, DDoSCoin uses cryptographic data to provide a proof-of-work. In DDoSCoin's case, this proof-of-work is extracted from the TLS connection a miner establishes with the website they're supposed to attack." This means that DDoSCoin can be used only with DDoS attacks on TLS-enabled websites. Participating in DDoS attacks gives miners DDoSCoin, which can then be converted in Bitcoin or fiat currency. Furthermore, anyone can request a DDoS attack via the PAY_TO_DDOS transaction. The research paper that proposes DDoSCoin is only a theoretical exercise, and a DDoSCoin crypto-currency does not currently exist in the real world. For now.Read Replies (0)
By BeauHD from Slashdot's nowhere-to-go-but-up department
An anonymous reader writes from a report via Ars Technica: No Man's Sky, an indie "video game that promises 18 quintillion planets" from a "small development team," has launched today for Windows PC gamers via Steam or GOG. Unfortunately, the "worldwide simultaneous launch on all kinds of PCs" is off to a rocky start -- as evidenced by the "mostly negative" Steam reviews. Many gamers have complained about frame rate hitches and total system crashes. Ars Technica reports: "Even users with high-end solutions like the GTX 1080 or two GTX 980Ti cards in SLI mode are reporting major stutters -- on a game that runs on a comparatively so-so PS4 console with a mostly consistent 30 FPS refresh. The game's PC version defaults to a 30 FPS cap, which can be disabled in the normal options menus. But with this setting turned on, the game can't help but hitch down to an apparent 20 FPS on a regular basis, not to mention throw up frequent display hitches of half a second at a time. Removing that frame rate cap can get play up to a smooth 60 frames per second, and we enjoyed more consistent frame rates without the cap. But even those frame rates can bounce down to 30 or less at random intervals. The game also suffers from freezing hitches, even without apparent spikes in visible geometry like creatures or spaceships." Ars also mentions that the on-screen prompts don't update the button remapping accordingly. There's been some frustration among PC gamers who have had to learn the hard way that the game's floating-menu interface was built with joysticks in mind. Mouse scroll wheels don't seem to work to scroll through text and between menus, and players are required to hold-to-confirm every menu interaction in the game. What's more is that alt-tabbing out of the game is a "guaranteed crash." For those looking for more information about the game, The Atlantic has a captivating report describing the game as if it were like reading a book.Read Replies (0)