By EditorDavid from Slashdot's one-Mississippi-two-Mississippi department
schwit1 quotes The Independent: Criminals can work out the card number, expiration date, and security code for a Visa debit or credit card in as little as six seconds using guesswork, researchers have found...
Fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud, and this may have been the method used in the recent Tesco Bank hack...
According to a study published in the academic journal IEEE Security & Privacy, fraudsters could use computers to systematically fire different variations of security data at hundreds of websites simultaneously. Within seconds, by a process of elimination, the criminals could verify the correct card number, expiration date and the three-digit security number on the back of the card.
One of the researchers explained this attack combines two weaknesses into one powerful attack. "Firstly, current online payment systems do not detect multiple invalid payment requests from different websites... Secondly, different websites ask for different variations in the card data fields to validate an online purchase. This means it's quite easy to build up the information and piece it together like a jigsaw puzzle."Read Replies (0)
By EditorDavid from Slashdot's building-for-builders department
Bre PettisâS once said MakerBot gave you a superpower -- "You can make anything you need." But four years later, mirandakatz writes that though MakerBot promised to revolutionize society, "That never happened."
At Backchannel, Andrew Zaleski has the definitive, investigative account of why the 3D printing revolution hasn't yet come to pass, culled from interviews with industry observers, current MakerBot leadership, and a dozen former MakerBot employees. As he tells it, "In the span of a few years, MakerBot had to pull off two very different coups. It had to introduce millions of people to the wonders of 3D printing, and then convince them to shell out more than $1,000 for a machine. It also had to develop the technology fast enough to keep its customers happy. Those two tasks were too much for the fledgling company."Read Replies (0)
By EditorDavid from Slashdot's forking-the-road department
Long-time Slashdot reader Billly Gates writes, "For all the systemd haters who want a modern distro feel free to rejoice. The Debian fork called Devuan is almost done, completing a daunting task of stripping systemd dependencies from Debian." From The Register:
Devuan came about after some users felt [Debian] had become too desktop-friendly. The change the greybeards objected to most was the decision to replace sysvinit init with systemd, a move felt to betray core Unix principles of user choice and keeping bloat to a bare minimum.
Supporters of init freedom also dispute assertions that systemd is in all ways superior to sysvinit init, arguing that Debian ignored viable alternatives like sinit, openrc, runit, s6 and shepherd. All are therefore included in Devuan.
Devuan.org now features an "init freedom" logo with the tagline, "watching your first step. Their home page now links to the download site for Devuan Jessie 1.0 Beta2, promising an OS that "avoids entanglement".Read Replies (0)
By EditorDavid from Slashdot's not-finding-your-iPhone department
An anonymous reader quotes ComputerWorld:
Two researchers claim to have found a way to bypass the activation lock feature in iOS that's supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner... One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. [Security researcher] Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.
The researcher claims that, after awhile, the screen froze, and he used the iPad smart cover sold by Apple to put the tablet to sleep and then reopen it... "After 20-25 seconds the Add Wifi Connection screen crashed to the iPad home screen, thereby bypassing the so-called Find My iPhone Activation Lock," he said in a blog post.
There's also a five-minute video on YouTube which purports to show a newer version of the same attack.Read Replies (0)
By EditorDavid from Slashdot's this-is-your-brain-on-fake-news department
An anonymous reader quotes the Washington Post:
Congressional negotiators on Wednesday approved an initiative to track and combat foreign propaganda amid growing concerns that Russian efforts to spread "fake news" and disinformation threaten U.S. national security. The measure, part of the National Defense Authorization Act approved by a conference committee, calls on the State Department to lead government-wide efforts to identify propaganda and counter its effects. The authorization is for $160 million over two years...
The Senate Intelligence Committee, meanwhile, has approved language in the fiscal year 2017 intelligence authorization bill calling for new executive branch efforts to combat what it characterized as "active measures" by Russia to manipulate people and governments through front groups, covert broadcasting or "media manipulation." "There is definitely bipartisan concern about the Russian government engaging in covert influence activities of this nature," Sen. Ron Wyden, D-Ore., a member of the Senate Intelligence Committee, said in a statement. "If you read section 501 of this year's intelligence authorization bill, it directs the President to set up an interagency committee to 'counter active measures by Russia to exert covert influence over peoples and governments.'"
Several senators on the intelligence committee also asked President Obama to declassify any information relating to the Russian government and the U.S. election.Read Replies (0)
By EditorDavid from Slashdot's rise-of-the-virtual-machines department
An anonymous reader writes:
One IBM runtime developer called it "a concrete step toward the strategic end goal of VM neutrality," and the Node.js Foundation believes that the API will ultimately result in "more modules to choose from, and more stability with modules without the need to continually upgrade."Read Replies (0)
By EditorDavid from Slashdot's content-management-systems department
An anonymous reader writes:
The organization team for a regional Drupal event apologized Thursday for distributing copies of Playboy to attendees. The magazines were distributed in welcome bags, according to a statement from the organizers of DrupalCamp Munich, and "were provided by Burda, a major German publisher, who also provided other technical magazines as part of their sponsorship. These magazines were approved for inclusion by the camp organizers.
"At the time, we thought it would be a good idea, as playboy.de was one of the first major Drupal 8 websites ever released. Upon reflection, this wasn't the best idea, and the magazines have been removed... It was a decision made in poor taste, and we regret it.
The inclusion of the magazine had attracted criticism on Twitter from both male and female developers, with one writing sarcastically, "Dunno about you, but I only read playboy.de for the Drupal code."Read Replies (0)
By EditorDavid from Slashdot's tracking-without-cookies department
AnonymousCube shares this quote about China's new 'Social Credit Score' law from an insurance industry magazine:
"Companies are also required to give government investigators complete access to their data if there is suspected wrong-doing, and Internet operators must cooperate in any national security or crime-related investigation." Note that China has an extremely flexible definition of "national security".
Additionally computer equipment will need to undergo mandatory certification, that could involve giving up source code, encryption keys, or even proprietary intellectual data, as Microsoft has been doing for some time.
The article suggests businesses like insurers "will likely see the cost of complying with this new action as a disincentive to conducting business in China."Read Replies (0)
By EditorDavid from Slashdot's Flash-in-the-can department
An anonymous reader quotes Bleeping Computer: Chrome 55, released earlier this week, now blocks all Adobe Flash content by default, according to a plan set in motion by Google engineers earlier this year... While some of the initial implementation details of the "HTML5 By Default" plan changed since then, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome. Google's plan is to turn off Flash and use HTML5 for all sites. Where HTML5 isn't supported, Chrome will prompt users and ask them if they want to run Flash to view multimedia content. The user's option would be remembered for subsequent visits, but there's also an option in the browser's settings section, under Settings > Content Settings > Flash > Manage Exceptions, where users can add the websites they want to allow Flash to run by default.
Exceptions will also be made automatically for your more frequently-visited sites -- which, for many users, will include YouTube. And Chrome will continue to ship with Flash -- as well as an option to re-enable Flash on all sites.Read Replies (0)
By EditorDavid from Slashdot's breaking-the-codes department
Coisiche found a disturbing article from The Register about the U.K.'s new "Snoopers' Charter" law that has implications for tech companies around the world:
Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the U.K. government to undermine encryption and demand surveillance backdoors... As per the final wording of the law, comms providers on the receiving end of a "technical capacity notice" will be obliged to do various things on demand for government snoops -- such as disclosing details of any system upgrades and removing "electronic protection" on encrypted communications. Thus, by "technical capability," the government really means backdoors and deliberate security weaknesses so citizens' encrypted online activities can be intercepted, deciphered and monitored... At the end of the day, will the U.K. security services be able to read your email, your messages, your posts and private tweets, and your communications if they believe you pose a threat to national security? Yes, they will.
The bill added the Secretaries of State as a required signatory to the "technical capacity" notices, which "introduces a minor choke-point and a degree of accountability." But the article argues the law ultimately anticipates the breaking of encryption, and without customer notification. "The U.K. government can certainly insist that a company not based in the U.K. carry out its orders -- that situation is specifically included in the new law -- but as to whether it can realistically impose such a requirement, well, that will come down to how far those companies are willing to push back and how much they are willing to walk away from the U.K. market."Read Replies (0)
By BeauHD from Slashdot's eleven-percent department
On the campaign trail last year, President-elect Donald Trump said he would consider requiring Muslim-Americans to register with a government database. While he has back-stepped on a number of campaign promises after being elected president, Trump and his transition team have recently resurfaced the idea to create a national Muslim registry. In response, The Intercept contacted nine of the "most prominent" technology companies in the United States "to ask if they would sell their services to help create a national Muslim registry." Twitter was the only company that responded with "No." The Intercept reports: Even on a purely hypothetical basis, such a project would provide American technology companies an easy line to draw in the sand -- pushing back against any effort to track individuals purely (or essentially) on the basis of their religious beliefs doesn't take much in the way of courage or conviction, even by the thin standards of corporate America. We'd also be remiss in assuming no company would ever tie itself to such a nakedly evil undertaking: IBM famously helped Nazi Germany computerize the Holocaust. (IBM has downplayed its logistical role in the Holocaust, claiming in a 2001 statement that "most [relevant] documents were destroyed or lost during the war.") With all this in mind, we contacted nine different American firms in the business of technology, broadly defined, with the following question: "Would [name of company], if solicited by the Trump administration, sell any goods, services, information, or consulting of any kind to help facilitate the creation of a national Muslim registry, a project which has been floated tentatively by the president-elect's transition team?" After two weeks of calls and emails, only three companies provided an answer, and only one said it would not participate in such a project. A complete tally is below. Facebook: No answer. Twitter: "No," and a link to this blog post, which states as company policy a prohibition against the use, by outside developers, of "Twitter data for surveillance purposes. Period." Microsoft: "We're not going to talk about hypotheticals at this point," and a link to a company blog post that states that "we're committed to promoting not just diversity among all the men and women who work here, but [...] inclusive culture" and that "it will remain important for those in government and the tech sector to continue to work together to strike a balance that protects privacy and public safety in what remains a dangerous time." Google: No answer. Apple: No answer. IBM: No answer. Booz Allen Hamilton: Declined to comment. SRA International: No answer.Read Replies (0)
By BeauHD from Slashdot's most-admired department
First Round Capital conducted a poll of 700 tech company founders and found Elon Musk to be the most admired leader in the technology industry. Elon Musk received 23 percent of the votes; 10 percent said Amazon's Jeff Bezos, 6 percent said Facebook founder and CEO Mark Zuckerberg and 5 percent wrote in Steve Jobs. First Round writes: "We launched State of Startups to capture what it means to be an entrepreneur. We asked the leaders of venture-backed companies about everything from the fundraising environment to their working relationships with their co-founders to their office's price per square foot. [...] Once again, we asked founders to write in which current tech leader they admire the most and we tallied 125 names. The Tesla and SpaceX leader held firm at the top spot (23%)..." Teslarati reports: While the survey did not ask respondents to explain their choice, it is safe to assume that Elon's propensity for setting lofty and visionary goals, and then being able to execute on them, is one trait admired most by tech founders. Most recently, Musk moved the scheduled start of production for the upcoming Model 3 midsize sedan forward by a full two years. Tesla also recently celebrated a record-setting third quarter and has been moving aggressively to close the second half of this year with 50,000 cars delivered. The company has announced a series of sweeteners to motivate people to order and take delivery of new vehicles before the end of the year. Unlimited Supercharger access for long distance travel and a, then, upcoming price hike on its entry level Model S 60, announced by the Palo Alto-based electric car maker and energy company, were incentives to stimulate sales. With plans to increase annual vehicle production by a factor of ten to twenty-fold by the end of the decade, send humans to mars and transform the energy sector, Musk's innovative solutions to rewrite humanity as we know it joins an elite rank held by few genius inventors and industrialists who have gone on to change the world.Read Replies (0)
By BeauHD from Slashdot's cloud-atlas department
sciencehabit writes: There's an abundant new swath of cosmic real estate that life could call home -- and the views would be spectacular. Floating out by themselves in the Milky Way galaxy are perhaps a billion cold brown dwarfs, objects many times as massive as Jupiter but not big enough to ignite as a star. According to a new study, layers of their upper atmospheres sit at temperatures and pressures resembling those on Earth, and could host microbes that surf on thermal updrafts. The idea expands the concept of a habitable zone to include a vast population of worlds that had previously gone unconsidered. "You don't necessarily need to have a terrestrial planet with a surface," says Jack Yates, a planetary scientist at the University of Edinburgh in the United Kingdom, who led the study. Atmospheric life isn't just for the birds. For decades, biologists have known about microbes that drift in the winds high above Earth's surface. And in 1976, Carl Sagan envisioned the kind of ecosystem that could evolve in the upper layers of Jupiter, fueled by sunlight. You could have sky plankton: small organisms he called "sinkers." Other organisms could be balloonlike "floaters," which would rise and fall in the atmosphere by manipulating their body pressure. In the years since, astronomers have also considered the prospects of microbes in the carbon dioxide atmosphere above Venus's inhospitable surface. Yates and his colleagues set out to update Sagan's calculations and to identify the sizes, densities, and life strategies of microbes that could manage to stay aloft in the habitable region of an enormous atmosphere of predominantly hydrogen gas. On such a world, small sinkers like the microbes in Earth's atmosphere or even smaller would have a better chance than Sagan's floaters, the researchers will report in an upcoming issue of The Astrophysical Journal. But a lot depends on the weather: If upwelling winds are powerful on free-floating brown dwarfs, as seems to be true in the bands of gas giants like Jupiter and Saturn, heavier creatures can carve out a niche. In the absence of sunlight, they could feed on chemical nutrients. Observations of cold brown dwarf atmospheres reveal most of the ingredients Earth life depends on: carbon, hydrogen, nitrogen, and oxygen, though perhaps not phosphorous.Read Replies (0)
By BeauHD from Slashdot's cease-and-desist department
The mayors of four major global cities -- Paris, Mexico City, Madrid and Athens -- announced plans to stop the use of all diesel-powered cars and trucks by 2025. The leaders made their commitments in Mexico at a biennial meeting of city leaders. BBC reports: At the C40 meeting of urban leaders in Mexico, the four mayors declared that they would ban all diesel vehicles by 2025 and "commit to doing everything in their power to incentivize the use of electric, hydrogen and hybrid vehicles." "It is no secret that in Mexico City, we grapple with the twin problems of air pollution and traffic," said the city's mayor, Miguel Angel Mancera. "By expanding alternative transportation options like our Bus Rapid Transport and subway systems, while also investing in cycling infrastructure, we are working to ease congestion in our roadways and our lungs." Paris has already taken a series of steps to cut the impact of diesel cars and trucks. Vehicles registered before 1997 have already been banned from entering the city, with restrictions increasing each year until 2020. The use of diesel in transport has come under increasing scrutiny in recent years, as concerns about its impact on air quality have grown. The World Health Organization (WHO) says that around three million deaths every year are linked to exposure to outdoor air pollution. Diesel engines contribute to the problem in two key ways -- through the production of particulate matter (PM) and nitrogen oxides (NOx). Very fine soot PM can penetrate the lungs and can contribute to cardiovascular illness and death. Nitrogen oxides can help form ground level ozone and this can exacerbate breathing difficulties, even for people without a history of respiratory problems. The diesel ban is hugely significant. Carmakers will look at this decision and know it's just a matter of time before other city mayors follow suit.Read Replies (0)
By BeauHD from Slashdot's alternative-energy department
An anonymous reader quotes a report from ValueWalk: Nikola Motor Company just unveiled a huge class 8 truck which will run on hydrogen fuel cells. Nikola claimed that the truck's operational range will be as much as 1,200 miles (1,900 km), and it will be released in 2020. Nikola designed the Nikola One for long-haul transport across a large landmass. The truck will deliver over 1,000 horsepower and 2,000 foot-pounds of torque. Provided these claims are true, the vehicle will provide nearly double the power of the current-gen diesel-powered semis/articulated lorries, notes Ars Technica. The leasing cost of the trucks will include the fuel price, servicing costs and warranty, but exactly how the lease will work is not known now, notes Ars Technica. The company says it has already accepted nearly $3 billion in future orders. A fully-electric drivetrain which gets power from high-density lithium batteries runs the vehicle, and a hydrogen fuel cell charges the batteries on the go. Its reach is presently limited, as hydrogen fueling stations currently exist in only small numbers. This made Nikola decide to construct a network of 364 hydrogen fueling stations across the U.S. and Canada, just like Tesla with its network of Superchargers. Milton claims it will come with a smart dashboard which has the capability of picking the most cost-efficient route for drivers. Also one or two full-size beds will be included inside the vehicle's enormous cab. It will have other luxuries and necessities as well, such as Wi-Fi, a refrigerator, 4G LTE connectivity, freezer, a 40-inch curved 4K TV with Apple TV and a microwave.Read Replies (0)
By BeauHD from Slashdot's snap-crackle-pop department
New submitter npslider writes: The "USB Killer," a USB stick that fries almost everything that it is plugged into, has been mass produced -- available online for about $50. Ars Technica first wrote about this diabolical device that looks like a fairly humdrum memory stick a year ago. From the report: "The USB Killer is shockingly simple in its operation. As soon as you plug it in, a DC-to-DC converter starts drawing power from the host system and storing electricity in its bank of capacitors (the square-shaped components). When the capacitors reach a potential of -220V, the device dumps all of that electricity into the USB data lines, most likely frying whatever is on the other end. If the host doesn't just roll over and die, the USB stick does the charge-discharge process again and again until it sizzles. Since the USB Killer has gone on sale, it has been used to fry laptops (including an old ThinkPad and a brand new MacBook Pro), an Xbox One, the new Google Pixel phone, and some cars (infotainment units, rather than whole cars... for now). Notably, some devices fare better than others, and there's a range of possible outcomes -- the USB Killer doesn't just nuke everything completely." You can watch a video of EverythingApplePro using the USB Killer to fry a variety of electronic devices. It looks like the only real defense from the USB Killer is physically capping your ports.Read Replies (0)