You are here

Feed aggregator

Tools Coming To Def Con For Hacking RFID Access Doors

Slashdot - Wed, 07/29/2015 - 21:26
jfruh writes: Next month's Def Con security conference will feature, among other things, new tools that will help you hack into the RFID readers that secure doors in most office buildings. RFID cards have been built with more safeguards against cloning; these new tools will bypass that protection by simply hacking the readers themselves. ITWorld reports that Francis Brown, a partner at the computer security firm Bishop Fox, says: "...his aim is to make it easier for penetration testers to show how easy it is to clone employee badges, break into buildings and plant network backdoors—without needing an electrical engineering degree to decode the vagaries of near-field communication (NFC) and RFID systems."

Read more of this story at Slashdot.

Categories: Tech/Science News

What Federal Employees Really Need To Worry About After the Chinese Hack

Slashdot - Wed, 07/29/2015 - 20:43
HughPickens.com writes: Lisa Rein writes in the Washington Post that a new government review of what the Chinese hack of sensitive security clearance files of 21 million people means for national security is in — and some of the implications are quite grave. According to the Congressional Research Service, covert intelligence officers and their operations could be exposed and high-resolution fingerprints could be copied by criminals. Some suspect that the Chinese government may build a database of U.S. government employees that could help identify U.S. officials and their roles or that could help target individuals to gain access to additional systems or information. National security concerns include whether hackers could have obtained information that could help them identify clandestine and covert officers and operations (PDF). CRS says that if the fingerprints in the background investigation files are of high enough quality, "depending on whose hands the fingerprints come into, they could be used for criminal or counterintelligence purposes." Fingerprints also could be trafficked on the black market for profit — or used to blow the covers of spies and other covert and clandestine officers, the research service found. And if they're compromised, fingerprints can't be reissued like a new credit card, the report says, making "recovery from the breach more challenging for some." vivaoporto Also points out that these same hackers are believed to be responsible for hacking United Airlines.

Read more of this story at Slashdot.

Categories: Tech/Science News

Interviews: Ask Richard Stallman a Question

Slashdot - Wed, 07/29/2015 - 20:00
RMS founded the GNU Project, the Free Software Foundation, and remains one of the most important and outspoken advocates for software freedom. He now spends much of his time fighting excessive extension of copyright laws, digital restrictions management, and software patents. RMS has agreed to answer your questions about GNU/Linux, how GNU relates to Linux the kernel, free software, why he disagrees with the idea of open source, and other issues of public concern. As usual, ask as many as you'd like, but please, one question per post.

Read more of this story at Slashdot.

Categories: Tech/Science News

Ask Slashdot: Why Is the Caps Lock Key Still So Prominent On Keyboards?

Slashdot - Wed, 07/29/2015 - 19:18
Esther Schindler writes: The developers at .io are into tracking things, I guess. In any case, a few weeks back they decided to track team performance in terms of keyboard and mouse activity during the working day. They installed a simple Chrome plugin on every Macbook and collected some statistics. For instance, developers have fewer keypresses than editors and managers—around 4k every day. Managers type more than 23k characters per day. And so on. Some pretty neat statistics. But the piece that jumped out at me was this: "What's curious—the least popular keys are Capslock and Right Mouse Button. Somewhere around 0.1% of all keypresses together. It's time to make some changes to keyboards." I've been whining about this for years. Why is it that the least-used key on my keyboard is not just in a prominent position, but also bigger than most other keys? I can I invest in a real alternate keyboard with a different layout (my husband's a big fan of the Kinesis keyboards, initially to cope with carpal tunnel). But surely it's time to re-visit the standard key layout? What keys would you eliminate or re-arrange?

Read more of this story at Slashdot.

Categories: Tech/Science News

Sprked Tries To Solve Valve's Paid Mods Scandal

Slashdot - Wed, 07/29/2015 - 18:36
SlappingOysters writes: This article takes a closer look at the emerging crowdfunding platform Sprked, which aims to follow the Patreon support model, but exclusively for video game modders. The service is currently in its early stages, but by crafting a system of appreciation and support that acknowledges the loyalty of the modding community, Sprked has the potential to promote and foster the creativity that is so integral to modding, instead of hampering it with the murky baggage of a mandatory economy. Valve's attempt to let modders make some money for their efforts backfired within the community — there are four demons the paid mods plan must slay to actually work.

Read more of this story at Slashdot.

Categories: Tech/Science News

Maliciously Crafted MKV Video Files Can Be Used To Crash Android Phones

Slashdot - Wed, 07/29/2015 - 17:55
itwbennett writes: Just days after publication of a flaw in Android's Stagefright, which could allow attackers to compromise devices with a simple MMS message, researchers have found another Android media processing flaw. The latest vulnerability is located in Android's mediaserver component, more specifically in how the service handles files that use the Matroska video container (MKV), Trend Micro researchers said. "When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system). The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data."

Read more of this story at Slashdot.

Categories: Tech/Science News

Kentucky Man Arrested After Shooting Down Drone

Slashdot - Wed, 07/29/2015 - 17:12
McGruber writes: Hillview, Kentucky resident William H. Merideth describes his weekend: "Sunday afternoon, the kids – my girls – were out on the back deck, and the neighbors were out in their yard. And they come in and said, 'Dad, there's a drone out here, flying over everybody's yard.'" Merideth's neighbors saw it too. "It was just hovering above our house and it stayed for a few moments and then she finally waved and it took off," said neighbor Kim VanMeter. Merideth grabbed his shotgun and waited to see if the drone crossed over his property. When it did, he took aim and shot it out of the sky. The owners showed up shortly, and the police right after. He was arrested and charged with first degree criminal mischief and first degree wanton endangerment before being released the next day. Merideth says he will pursue legal action against the drone's owner, "He didn't just fly over. If he had been moving and just kept moving, that would have been one thing -- but when he come directly over our heads, and just hovered there, I felt like I had the right. You know, when you're in your own property, within a six-foot privacy fence, you have the expectation of privacy. We don't know if he was looking at the girls. We don't know if he was looking for something to steal. To me, it was the same as trespassing."

Read more of this story at Slashdot.

Categories: Tech/Science News

Hacking a 'Smart' Sniper Rifle

Slashdot - Wed, 07/29/2015 - 16:30
An anonymous reader writes: It was inevitable: as soon as we heard about computer-aimed rifles, we knew somebody would find a way to compromise their security. At the upcoming Black Hat security conference, researchers Runa Sandvik and Michael Auger will present their techniques for doing just that. "Their tricks can change variables in the scope's calculations that make the rifle inexplicably miss its target, permanently disable the scope's computer, or even prevent the gun from firing." In one demonstration they were able to tweak the rifle's ballistic calculations by making it think a piece of ammunition weighed 72 lbs instead of 0.4 ounces. After changing this value, the gun tried to automatically adjust for the weight, and shot significantly to the left. Fortunately, they couldn't find a way to make the gun fire without physically pulling the trigger.

Read more of this story at Slashdot.

Categories: Tech/Science News

Newfound Bacteria Expand Tree of Life

Slashdot - Wed, 07/29/2015 - 15:47
An anonymous reader writes: It used to be that to find new forms of life, all you had to do was take a walk in the woods. Now it's not so simple. The most conspicuous organisms have long since been cataloged and fixed on the tree of life, and the ones that remain undiscovered don't give themselves up easily. You could spend all day by the same watering hole with the best scientific instruments and come up with nothing. Maybe it's not surprising, then, that when discoveries do occur, they sometimes come in torrents. Find a different way of looking, and novel forms of life appear everywhere. A team of microbiologists based at the University of California, Berkeley, recently figured out one such new way of detecting life. At a stroke, their work expanded the number of known types — or phyla — of bacteria by nearly 50 percent, a dramatic change that indicates just how many forms of life on earth have escaped our notice so far.

Read more of this story at Slashdot.

Categories: Tech/Science News

Windows 10 Launches

Slashdot - Wed, 07/29/2015 - 15:05
An anonymous reader writes: Today Microsoft officially released Windows 10 in 190 countries as a free upgrade for anyone with Windows 7 or later. Major features include Continuum (which brings back the start menu and lets you switch between a keyboard/mouse UI and a touch UI without forcing you into one or the other), the Cortana digital assistant, the Edge browser, virtual desktops, DirectX 12 support, universal apps, an Xbox app, and security improvements. Reviews of the operating system generally consider it an improvement over Windows 8.1, despite launch-day bugs. Peter Bright writes, "Windows 8 felt unfinished, but it was an unfinished thought. ... Windows 10 feels unfinished, but in a different way. The concept of the operating system is a great deal better than its predecessor. It's better in fact than all of its predecessors. ... For all my gripes, it's the right idea, and it's implemented in more or less the right way. But I think it's also buggier than Windows 8.1, 8, 7, or Vista were on their respective launch days." Tom Warren draws similar conclusions: "During my testing on a variety of hardware, I've run into a lot of bugs and issues — even with the version that will be released to consumers on launch day. ... Everything about Windows 10 feels like a new approach for Microsoft, and I'm confident these early bugs and issues will be addressed fairly quickly."

Read more of this story at Slashdot.

Categories: Tech/Science News

US Military Stepping Up Use of Directed Energy Weapons

Slashdot - Wed, 07/29/2015 - 14:22
An anonymous reader writes: At a conference on Tuesday, U.S. officials explained that all branches of the military would be increasing their use of lasers and other directed energy weapons. Lieutenant General William Etter said, "Directed energy brings the dawn of an entirely new era in defense." The Navy's laser deployment test has gone well, and they're working on a new prototype laser in the 100-150 kilowatt range. "[Navy Secretary Ray] Mabus said Iran and other countries were already using lasers to target ships and commercial airliners, and the U.S. military needed to accelerate often cumbersome acquisition processes to ensure that it stayed ahead of potential foes."

Read more of this story at Slashdot.

Categories: Tech/Science News

MPEG LA Announces Call For DASH Patents

Slashdot - Wed, 07/29/2015 - 13:39
An anonymous reader writes: The MPEG LA has announced a call for patents essential to the Dynamic Adaptive Streaming over HTTP (or DASH) standard. According to the MPEG LA's press release, "Market adoption of DASH technology standards has increased to the point where the market would benefit from the availability of a convenient nondiscriminatory, nonexclusive worldwide one-stop patent pool license." The newly formed MPEG-DASH patent pool's licensing program will allegedly offer the market "efficient access to this important technology."

Read more of this story at Slashdot.

Categories: Tech/Science News

What's The Password?

The Daily WTF - Wed, 07/29/2015 - 12:30

"So, first day, huh?"

"Yeah." Jake loosened his tie nervously and straightened his suit. Standing in a room full of geeky-looking guys in T-shirts and hoodies, he felt like a time traveller from centuries past.

"Don't worry, a few days and you'll get a grip of how we do things around here." Steve, Jake's superior and tour guide, couldn't suppress a sly smile at the expense of the new guy. "Anyway, that's our office, here's your desk." He pointed to one of the open plan seats, quickly swiping an empty Coke can off of it. "And remind me, you're the back-end guy, aren't you?"

"Well, my strong suit is database work, but I know Ruby and PHP too," Jake said. "Also some basic HTML and CSS, if there's a need."

"Nah, don't worry, we have lots of people doing this. Speaking of people, let's go around and say hi to everybody, then we can grab a coffee and breakfast — there's a nice vegan cafeteria downstairs — and by 11:00 all your accounts should be set up and we can get you some real work to do."

"Sounds good to me," Jake replied as they walked toward the other end of the office. "So, can you tell me what you guys are doing here?"

Two hours later, after making all his acquaintances, discussing the upcoming project, and eating what appeared to be a piece of cardboard coated in sea salt, Jake finally ended up in front of his shiny, triple-monitor workstation.

"Okay, our SVN is at https://svn.initrode.com." Steve took a free seat nearby. "The account should be there already. You know how to connect to it, right?"

"Sure, but I'll need my credentials, right?" Jake asked.

"Oh, that's simple," Steve replied. "See, since we were tired of people going around asking for passwords, we developed this little tool called PassMan. It's sort of a keyring, keeps all your passwords together. Just open the command prompt and type 'passman'."

Hearing that, something in Jake's brain instantly threw a red flag, but he kept his mouth shut. After all, the first day at a new job was not the best time to question the company's processes. For now, he decided to oblige.

C:\Users\jakesmith>passman USAGE: passman <first name> <last name> <system name> Available systems: db financial ftp intranet jira joshua lync mail prodsrv svn testsrv tfs webadmin C:\Users\jakesmith>

Huh. I guess I'll get the password via e-mail or something when I request it, Jake thought. Here we go…

C:\Users\jakesmith>passman Jake Smith svn Your login is: jsmith Your password is: 1qazxsw2 C:\Users\jakesmith>

Jake's jaw dropped.

"See?" Steve seemed much more impressed by the solution. "Simple, efficient, and you no longer need to go through all the paperwork just to get a password! Now get your project, have a look at it, and ping me when you're ready." He got up and walked away, leaving Jake stumped and speechless.

After setting the repository to download, Jake decided to play around with the PassMan...

C:\Users\jakesmith>passman Jake Smith webadmin Your login is: admin Your password is: hunter2 C:\Users\jakesmith>passman Jake Smith db Your login is: dbadmin Your password is: dbadmin C:\Users\jakesmith>passman Jake Smith joshua SHALL WE PLAY A GAME? ^C^C^X^C^CC:\Users\jakesmith>

A thought struck him like a bolt of lightning. Oh God. They do verify the user names, right? With throbbing heart, he typed in Steve's name:

C:\Users\jakesmith>passman Steve Williams svn Your login is: swilliams Your password is: i<3tswift

Jake had to pinch himself before closing the command prompt to make sure he wasn't having a bad dream. Keyring? More like a master key up for grabs! Who thought this was a good idea?

Jake leaned his head against the office window to his side. Looking down from his seat, he could see all 14 stories of his building — a building that hosted of one of the largest ISPs in the country...

pre { padding-left:5%; background-color:#EEEEEE; } code { font-family: Consolas, monospace; } [Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!
Categories: Fun/Other

A Computer Umpires Its First Pro Baseball Game

Slashdot - Wed, 07/29/2015 - 11:11
An anonymous reader writes: Baseball has long been regarded as a "game of inches." Among the major professional sports it arguably requires the greatest amount of precision — a few extra RPMs can turn a decent curveball into an unhittable one, and a single degree's difference in the arc of a bat swing can change a lazy popup into a home run. As sensor technology has improved, it's been odd to see how pro baseball leagues have made great efforts to keep it away from the sport. Even if you aren't a fan of the game, you're probably familiar with the cultural meme of an umpire blowing a key call and altering the course of the game. Thus, it's significant that for the first time ever, sensors and a computer have called balls and strikes for a professional game. In a minor league game between the San Rafael Pacifics and the Vallejo Admirals, a three-camera system tracked the baseball's exact position as it crossed home plate, and a computer judged whether it was in the strike zone or not. The game went without incident, and it provided valuable data in a real-life example. The pitch-tracking system still has bugs to work out, though. Dan Brooks, founder of a site that tracks ball/strike accuracy for real umpires, said that for the new system to be implemented permanently, fans must be "willing to accept a much smaller amount of inexplicable error in exchange for a larger amount of explicable error."

Read more of this story at Slashdot.

Categories: Tech/Science News

UK Campaign Wants 18-Year-Olds To Be Able To Delete Embarrassing Online Past

Slashdot - Wed, 07/29/2015 - 08:07
An anonymous reader writes: People should be allowed to delete embarrassing social media posts when they reach adulthood, UK internet rights campaigners are urging. The iRights coalition has set out five rights which young people should expect online, including being able to easily edit or delete content they have created, and to know who is holding or profiting from their information. Highlighting how campaigners believe adults should not have to bear the shame of past immaturity, iRights also wants children to be protected from illegal or distressing pages; to be digitally literate; and be able to make informed and conscious choices.

Read more of this story at Slashdot.

Categories: Tech/Science News

NVIDIA Tegra X1 Performance Exceeds Intel Bay Trail SoCs, AMD AM1 APUs

Slashdot - Wed, 07/29/2015 - 06:06
An anonymous reader writes: A NVIDIA SHIELD Android TV modified to run Ubuntu Linux is providing interesting data on how NVIDIA's latest "Tegra X1" 64-bit ARM big.LITTLE SoC compares to various Intel/AMD/MIPS systems of varying form factors. Tegra X1 benchmarks on Ubuntu show strong performance with the X1 SoC in this $200 Android TV device, beating out low-power Intel Atom/Celeron Bay Trail SoCs, AMD AM1 APUs, and in some workloads is even getting close to an Intel Core i3 "Broadwell" NUC. The Tegra X1 features Maxwell "GM20B" graphics and the total power consumption is less than 10 Watts.

Read more of this story at Slashdot.

Categories: Tech/Science News

Honeywell Home Controllers Open To Any Hacker Who Can Find Them Online

Slashdot - Wed, 07/29/2015 - 04:00
Trailrunner7 writes: Security issues continue to crop up within the so-called "smart home." A pair of vulnerabilities have been reported for the Tuxedo Touch controller made by Honeywell, a device that's designed to allow users to control home systems such as security, climate control, lighting, and others. The controller, of course, is accessible from the Internet. Researcher Maxim Rupp discovered that the vulnerabilities could allow an attacker to take arbitrary actions, including unlocking doors or modifying the climate controls in the house.

Read more of this story at Slashdot.

Categories: Tech/Science News

Ask Slashdot: Everyone Building Software -- Is This the Future We Need?

Slashdot - Wed, 07/29/2015 - 01:58
An anonymous reader writes: I recently stumbled upon Apple's headline for version 2 of its Swift programming language: "Now everyone can build amazing apps." My question: is this what we really need? Tech giants (not just Apple, but Microsoft, Facebook, and more) are encouraging kids and adults to become developers, adding to an already-troubled IT landscape. While many software engineering positions are focused only on a business's internal concerns, many others can dramatically affect other people's lives. People write software for the cars we drive; our finances are in the hands of software, and even the medical industry is replete with new software these days. Poor code here can legitimately mess up somebody's life. Compare this to other high-influence professions: can you become surgeon just because you bought a state-of-art turbo laser knife? Of course not. Back to Swift: the app ecosystem is already chaotic, without solid quality control and responsibility from most developers. If you want simple to-do app, you'll get never-ending list of software artifacts that will drain your battery, eat memory, freeze the OS and disappoint you in every possible way. So, should we really be focusing on quantity, rather than quality?

Read more of this story at Slashdot.

Categories: Tech/Science News

Advertising Companies Accused of Deliberately Slowing Page-load Times For Profit

Slashdot - Wed, 07/29/2015 - 01:10
An anonymous reader writes: An industry insider has told Business Insider of his conviction that ad-serving companies deliberately prolong the 'auctioning' process for ad spots when a web-page loads. They do this to maximize revenue by allowing automated 'late-comers' to participate beyond the 100ms limit placed on the decision-making process. The unnamed source, a principal engineer at a global news company (whose identity and credentials were confirmed by Business Insider), concluded with the comment: "My entire team of devs and testers mostly used Adblock when developing sites, just because it was so painful otherwise." Publishers use 'daisy-chaining' to solicit bids from the most profitable placement providers down to the 'B-list' placements, and the longer the process is run, the more likely that the web-page will be shown with profitable advertising in place.

Read more of this story at Slashdot.

Categories: Tech/Science News

Amazon Proposes Dedicated Airspace For Drones

Slashdot - Wed, 07/29/2015 - 00:24
An anonymous reader writes: Amazon has published two new position papers which lay out its vision for future drone regulation. Under Amazon's plan, altitudes under 200ft would be reserved for basic hobbyist drones and those used for things like videography and inspection. Altitudes between 200ft and 400ft would be designated for "well-equipped vehicles" capable of operating autonomously out of line of sight. They would need sophisticated GPS tracking, a stable data uplink, communications capabilities with other drones, and sensors to avoid collisions. This, of course, is where Amazon would want to operate its drone delivery fleet. From 400ft to 500ft would be a no-fly zone buffer between the drone airspace and integrated airspace. Amazon's plan also makes room for "predefined low-risk areas," where hobbyists and other low-tech drones can fly higher than the 200ft ceiling. "Additionally, it is Amazon's view that air traffic management operations should follow a 'managed by exception' approach. This means operators are always aware of what the fleet is doing, yet they only intervene in significant off-nominal cases."

Read more of this story at Slashdot.

Categories: Tech/Science News

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer