By EditorDavid from
Slashdot's rooting-routers department:
"Back in the days, Cisco fixed the vulnerability, but we are not sure about all other router vendors and models because there are too many of them," writes the DefenseCode team. Orome1 quotes a new report from Help Net Security:
Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco Linksys (now Belkin) routers. The flaw was actually found in Broadcom's UPnP implementation used in popular routers, and ultimately the researchers extended the list of vulnerable routers to encompass devices manufactured by the likes of ASUS, D-Link, Zyxel, US Robotics, TP-Link, Netgear, and others. Since there were millions of vulnerable devices out there, the researchers refrained from publishing the exploit they created for the flaw, but now, four years later, they've released their full research again, and this time they've also revealed the exploit.
The researchers pointed out that most users don't update their router's firmware -- meaning many routers may still be vulnerable.
Read Replies (0)
By BeauHD from
Slashdot's easy-as-1-2-3 department:
The Qualcomm Foundation, along with the XPRIZE Foundation, "announced the winning team of its nearly four-year-long global competition to develop a functional, easily usable tricorder," reports Vocativ. The Pennsylvania-based Final Frontier Medical Devices team was the first place winner, receiving the top prize of $2.6 million, while Boston-based Dynamical Biomarkers nabbed $1 million. From the report: Led by Dr. Basil Harris, a Philadelphia emergency room physician, the team was mostly made out of family and friends Harris coaxed into volunteering their free time on the weekend. By contrast, Dynamical Biomarkers had 50 scientists and programmers, mostly paid, and was sponsored by the Taiwanese government and Taiwan-based cellphone company HTC. The device kit developed by Final Frontier, called DxtER, uses non-invasive sensors that collect data from the user and combines that with an AI frontloaded with information in the field of clinical emergency medicine to come with a diagnosis. The device currently operates on an iPad tablet, but future versions should work equally fine on a smartphone as well. The device, ideally, would allow patients to then send their readings to their doctors so they could collaborate on their health care. According to an interview Harris held with the Washington Post, DxtER can diagnose up to 34 medical conditions in its present design. The device developed by Dynamical Biomarkers could reach up to 50, team leader and Harvard Medical School professor Chung-Kang Peng, told the Post, given it surpasses the five-pound weight limit imposed by the competition guidelines.
Read Replies (0)
By BeauHD from
Slashdot's open-book department:
DeathByLlama writes: The single board computer market, broken wide-open just a few years ago by the Raspberry Pi Foundation, continues to flourish today as FriendELEC releases their $40 NanoPi K2 board. This SBC packs a 1.5 GHz 64-bit quad core Amlogic S905 processor, and paired with 2GB of DDR3 RAM and the Mali-450MP GPU, it is able to stream 4K at 60 FPS. Add in gigabit ethernet, onboard Wi-Fi, Bluetooth, IR (and a remote!), eMMC compatibility, a familiar GPIO header, and a $40 price tag, and you end up with some stiff competition for other market leaders like Hardkernel's ODROID-C2 and Raspberry Pi's flagship Pi 3. The release is clearly in early phases with Ubuntu images and house-sold eMMC modules still on their way. It's amazing to see such strong competition in this market -- and with so many sub-$100, incredibly capable SBC options, which will choose?
Read Replies (0)
By BeauHD from
Slashdot's open-book department:
DeathByLlama writes: The single board computer market, broken wide-open just a few years ago by the Raspberry Pi Foundation, continues to flourish today as FriendELEC releases their $40 NanoPi K2 board. This SBC packs a 1.5 GHz 64-bit quad core Amlogic S905 processor, and paired with 2GB of DDR3 RAM and the Mali-450MP GPU, it is able to stream 4K at 60 FPS. Add in gigabit ethernet, onboard Wi-Fi, Bluetooth, IR (and a remote!), eMMC compatibility, a familiar GPIO header, and a $40 price tag, and you end up with some stiff competition for other market leaders like Hardkernel's ODROID-C2 and Raspberry Pi's flagship Pi 3. The release is clearly in early phases with Ubuntu images and house-sold eMMC modules still on their way. It's amazing to see such strong competition in this market -- and with so many sub-$100, incredibly capable SBC options, which will choose?
Read Replies (0)
By BeauHD from
Slashdot's old-switcheroo department:
ewhac writes: Earlier this week, Burger King released a broadcast television ad that opened with an actor saying, "Ok, Google, what is the Whopper?" thereby triggering any Google Home device in hearing range to respond to the injected request with the first line from the Whopper's Wikipedia page. Google very properly responded to the injection attack by fingerprinting the sound sample and blocking it from triggering responses. However, it seems Burger King and/or its ad agency are either unwilling or congenitally incapable of getting the hint, and has released an altered version of the ad to evade Google's block. According to spokesperson Dara Schopp, BK regards the ad as a success, as it has increased the brand's "social conversation" on Twitter by some 300%. It seems that Burger King thinks that malware-laden advertising infesting webpages is a perfectly wonderful idea (in principle, at least), and has taken it to the next level by reaching through your TV speakers and directly messing with your digital devices. You may wish to consider alternate vendors for your burger needs.
Read Replies (0)
By BeauHD from
Slashdot's take-a-deep-breath department:
chicksdaddy quotes a report from The Security Ledger: The U.S. Food and Drug Administration issued a letter of warning to medical device maker Abbott on Wednesday, slamming the company for what it said was a pattern of overlooking security and reliability problems in its implantable medical devices at its St. Jude Medical division and describing a range of the company's devices as "adulterated," in violation of the U.S. Federal Food, Drug and Cosmetic Act, the Security Ledger reports. In a damning warning letter, the FDA said that St. Jude Medical knew about serious security flaws in its implantable medical devices as early as 2014, but failed to address them with software updates or by replacing those devices. The government found that St. Jude, time and again, failed to adhere to internal security and product quality guidelines, a lapse that resulted in at least one patient death. St. Jude Medical, which is now wholly owned by the firm Abbott, learned of serious and exploitable security holes in the company's "high voltage and peripheral devices" in an April, 2014 "third party assessment" commissioned by the company. But St. Jude "failed to accurately incorporate the findings of that assessment" in subsequent risk assessments for the affected products, including Merlin@home, a home-based wireless transmitter that is used to provide remote care for patients with implanted cardiac devices, the FDA revealed. Among the security flaws: a "hardcoded universal unlock code" for the company's implantable, high voltage devices. The report casts doubt on a defamation lawsuit St. Jude filed against the firm MedSec Holdings Ltd over its August, 2016 report that warned of widespread security flaws in St. Jude products, including Merlin@home. The MedSec report on St. Judes technology was released in conjunction with a report by the investment firm Muddy Waters Research, which specializes in taking "short" positions on firms. At the time, MedSec said that the security of the company's medical devices and support software was "grossly inadequate compared with other leading manufacturers," and represents "unnecessary health risks and should receive serious notice among hospitals, regulators, physicians and cardiac patients." St. Judes has called the MedSec allegations false, but it now appears that the company had heard similar warnings raised by its own third-party security auditor more than a year prior.
Read Replies (0)
By msmash from
Slashdot's plans-for-tomorrow department:
Lippincott, a global creative consultancy, asked 2,000 "leading edge" consumers in the U.S. whether they were excited to welcome our robot overlords or terrified of them. A report on FastCompany adds: Some of their findings go against conventional wisdom, like the belief that consumers are scared about the future. Turns out 80 percent said they are excited about changes in technology. Some 78 percent feel more powerful and in control of their lives thanks to the support from smart machines, artificial intelligence, and robotics. There is some anxiety about the incursion of tech into our lives, with over 40 percent reporting that they are scared about changes to the economy, society, culture, and the government. Despite that, 64 percent of them still expect that the world will be better in 10 years than it is today.
Read Replies (0)
By msmash from
Slashdot's LinkedIn-competitor? department:
Google is quietly testing "Google Hire," a job applicant tracking system that appears to rival services like Greenhouse and Lever, Axios is reporting. From the report: The service lets employers post job listings, then accept and manage applications, according to job listing links spotted by Axios reader Colin Heilbut. So far, several tech companies seem to be using (or testing) Google Hire, including Medisas, Poynt, DramaFever, SingleHop, and CoreOS.
Read Replies (0)
By msmash from
Slashdot's what's-next department:
Microsoft has begun experimenting with browser tabbing experience on all apps in Windows 10, including File Explorer. From a report on WindowsCentral: According to sources familiar with the matter, Microsoft is currently experimenting internally with a new feature called "Tabbed Shell", which brings the familiar browser tabbing module to all app windows in Windows 10, including the File Explorer. Per our sources, Tabbed Shell is a feature being worked on at an OS level, and doesn't require work from app developers to take advantage of it. By default, Tabbed Shell works with any app window, whether it be Photoshop, File Explorer, or Microsoft Word. Any UWP, Win32 or Centennial app will work. Much like in Edge, you'll find a tabbed interface at the top of a window where you can switch between instances of the same app.
Read Replies (0)