You are here

Feed aggregator

American Samoa Domain Registry Was Exposing Client Data Since the Mid-1990s

Slashdot - Thu, 04/28/2016 - 15:01
An anonymous reader quotes a report from Softpedia: A British security researcher that goes online only by the name of InfoSec Guy revealed today that American Samoa domain registry ASNIC was using an outdated domain name management system that contained a bug allowing anyone to view the personal details of any .as domain owner. The researcher also claims that anyone knowing of this bug would have been able to edit and delete any .as domain, just by altering the ASNIC domain info URL. Some of the big brands that own .as domains include Opera, Flickr, Twitter, McDonald's, British Gas, Bose, Adidas, the University of Texas, and many link shortening services. This flawed system has been online since the mid-1990s. The researcher contacted ASNIC after discovering the flaw at the end of January 2016, but email exchanges with the domain registry were scarce and confusing, with the registry issuing a statement today denying the incident and calling the allegations "inaccurate, misleading and sexed-up to the max," after previously acknowledging and fixing the security flaws.

Read more of this story at Slashdot.

Categories: Tech/Science News

CodeSOD: Interned Sort

The Daily WTF - Thu, 04/28/2016 - 12:30

Caleb scored his first intership at a small, family-owned print-shop. Much to his surprise, the day before he started, their primary web-developer left for a bigger, more lucrative job. His predecssor was an experienced programmer, but came at solving problems in his own unique way. This meant no comments, no functions, no classes, SQL injection vulnerabilities everywere, and cryptic 500-character one-liners stuffed into the value attribute of an input tag.

Caleb spent his first day just trying to get the code running on his dev machine. On the second day, he sat down with a more experienced co-worker to try and understand some of the queries. For example, there was one query that needed to return product details sorted in some meaningful fashion- like by name. Weirdly, though, the page wasn’t sorting them by name, except when it was- no one who used the product search understood the sort order.

Cabel dug in, expecting to see some variation on this:

SELECT `id`, `name`, `description` FROM products WHERE `name` LIKE '%{$keyword}% ' ORDER BY `name`;

Instead, he saw this:

# $keyword is a PHP variable that was interpolated into the concatenated PHP string. # It is the search term the user entered, preserved here for clarity. SELECT T1.product.id AS product_id, T1.slug, T1.name, description, details, T2.media_id, url, T1.order FROM ( SELECT product.id AS product_id, slug, name, description, product.details, text CASE WHEN name LIKE '$keyword' THEN 0 WHEN name LIKE '$keyword%' THEN 1 WHEN name LIKE '%$keyword' THEN 2 WHEN name LIKE '%$keyword%' THEN 3 WHEN product.details LIKE '%$keyword%' THEN 4 WHEN description LIKE '%$keyword% ' THEN 5 WHEN text LIKE '$keyword' THEN 6 WHEN text LIKE '$keyword%' THEN 7 WHEN text LIKE '%$keyword' THEN 8 WHEN text LIKE '%$keyword%' THEN 9 ELSE 10 END AS `order` FROM `product_option`, `product` WHERE `product_option`.`product_id` = `product`.`id` AND product.parent_id=0 AND ( name LIKE '%$keyword%' OR description LIKE '%$keyword%' OR product.details LIKE '%$keyword%' OR text LIKE '%$keyword%' ) ORDER BY `order`, name ) AS T1 LEFT JOIN ( SELECT * FROM product_media WHERE product_media.order = 1) AS T2 ON T1.product_id=T2.product_id LEFT JOIN media ON T2.media_id=media_id )

He sat down with a more experienced developer, trying to understand what on Earth this was supposed to do. In the end, they couldn’t figure it out, so they just replaced it with the straightforward ORDER BY name, and left some TODO comments confessing they don’t know what they just replaced.

Caleb’s boss stopped by after they released this change, complimenting him on how much better the product search page worked.

hljs.initHighlightingOnLoad(); [Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!
Categories: Fun/Other

Intel Wants To Eliminate The Headphone Jack And Replace It With USB-C

Slashdot - Thu, 04/28/2016 - 12:02
An anonymous reader writes: With rumors circulating about how Apple may do away with the 3.5 mm headphone jack on its upcoming iPhone 7, Intel has shared a similar desire, citing "industry singling a strong desire to move from analog to digital." Intel believes USB-C is the future audio jack. They believe USB-C has more potential than the 3.5mm audio jack as it allows users to add additional smart features to headphones in the future. For instance, a future pair of headphones could monitor one's pulse or inner-ear temperature for fitness tracking, something that could only be possible if the headphones were connected to a smartphone via a USB-C cable. What's also worth mentioning [quoted from 9to5Mac]: USB-C already supports analog audio transfer through sideband pins simplifying the engineering steps necessary to swap 3.5mm with USB-C in device designs. In the second quarter, Intel should have a finalized USB-C standard for digital audio transfer. Intel does note that the transition from analog to digital will be expensive as the headphones have to include amplifiers and DACs, but scale will offset the early costs over time.

Read more of this story at Slashdot.

Categories: Tech/Science News

Child Porn Suspect Jailed Indefinitely For Refusing To Decrypt Hard Drives

Slashdot - Thu, 04/28/2016 - 09:00
An anonymous reader quotes a report from Ars Technica: A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order. The government successfully cited a 1789 law known as the All Writs Act to compel (PDF) the suspect to decrypt two hard drives it believes contain child pornography. The All Writs Act was the same law the Justice Department asserted in its legal battle with Apple.

Read more of this story at Slashdot.

Categories: Tech/Science News

Dyson Launches New 'Supersonic' Hair Dryer To Revolutionize Hair Care

Slashdot - Thu, 04/28/2016 - 05:14
An anonymous reader writes: Dyson has a launched a hair dryer with a design language similar to that of its bladeless fans. The $399 hair dryer is four years in the making, involving 103 engineers, over 1,000 miles of test hair, and a $71 million investment -- the Dyson Supersonic is being touted as "the hairdryer rethought" by its inventor Sir James Dyson. "We realized that hair dryers can cause extreme heat damage to hair," said Dyson in a press release. "So I challenged Dyson engineers to really understand the science of hair and develop our version of a hair dryer, which we think solves these problems." The hair dryer can be reserved online and will be sold exclusively at Sephora for $399 this fall.

Read more of this story at Slashdot.

Categories: Tech/Science News

With Carly Fiorina As Running Mate, Cruz's H-1B Stance Now In Question

Slashdot - Thu, 04/28/2016 - 03:44
dcblogs quotes a report from Computerworld: In 2013, Sen. Ted Cruz emerged as one of the Senate's top H-1B visa supporters, and argued for a 500% visa cap increase. But during his bid for the Republican presidential nomination, Cruz had a conversion. Cruz's presidential platform proposed a $110,000 minimum wage for visa workers, among other restrictions, as a way of ending their use as low-cost labor. The move marked a complete turnabout on the H-1B issue. Cruz's decision Wednesday to add former Hewlett-Packard CEO Carly Fiorina as his running mate if he wins the nomination, may make his newly found H-1B beliefs a hard sell. At HP, Fiorina was a prominent supporter of the offshore outsourcing model, said Ron Hira, an associate professor of public policy at Howard University. "To pump up profits, she was an early adopter of the practice, which given HP's status as a leading Silicon Valley firm, pushed other firms to adopt offshoring," said Hira. As offshoring gained, Fiorina played a leading role in defending globalization. To make her point, in 2004, Fiorina said: "There is no job that is America's God-given right anymore," reported the San Francisco Chronicle.

Read more of this story at Slashdot.

Categories: Tech/Science News

Microsoft Buys Into DNA Data Storage

Slashdot - Thu, 04/28/2016 - 03:01
the_newsbeagle writes: More than 2.5 exabytes of data is created every day, and some experts estimate that 90% of all data in the world today was created in the last two years. Clearly, storing all this data is becoming an issue. One idea is DNA data storage, in which digital files are converted into the genetic code of four nucleotides (As, Cs, Gs, and Ts). Microsoft just announced that it's testing out this idea, getting synthetic bio company Twist Bioscience to produce 10 million strands of DNA that encode some mystery file the company provided. Using DNA for long-term data storage is attractive because it's durable and efficient. For example, scientists can read the genome from a woolly mammoth hair dating from 20,000 years ago.

Read more of this story at Slashdot.

Categories: Tech/Science News

Comcast Is Raising Its Data Caps From 300GB To 1TB

Slashdot - Thu, 04/28/2016 - 02:17
An anonymous reader writes: Comcast has announced today it will be raising its monthly data cap of 300GB to 1TB beginning June 1st. They will however charge more to customers who want unlimited data. After June 1st, less people will need to buy unlimited data from the company. Previously, users were charged an extra $30 to $35 a month for unlimited data but now they will have to pay an additional $50 for unlimited data. "All of the data plans in our trial markets will move from a 300 gigabyte data plan to a terabyte by June 1st, regardless of the speed," Comcast's announcement today said. The reason for the change? Customers are exceeding the 300GB cap. In late 2013, Comcast said only 2 percent of its customers used more than 300GB of data a month. That number was up to 8 percent in late 2015.

Read more of this story at Slashdot.

Categories: Tech/Science News

House Passes Email Privacy Act, Requiring Warrants For Obtaining Emails

Slashdot - Thu, 04/28/2016 - 01:33
An anonymous reader quotes a report from TechCrunch: The U.S. House of Representatives has passed H.R. 699, the Email Privacy Act, sending it on to the Senate and from there, hopefully anyhow, to the President. The yeas were swift and unanimous. The bill, which was introduced in the House early last year and quickly found bipartisan support, updates the 1986 Electronic Communications Privacy Act, closing a loophole that allowed emails and other communications to be obtained without a warrant. It's actually a good law, even if it is arriving a couple of decades late. "Under current law, there are more protections for a letter in a filing cabinet than an email on a server," said Congresswoman Suzan Delbene during the debate period. An earlier version of the bill also required that authorities disclose that warrant to the person it affected within 10 days, or 3 if the warrant related to a government entity. That clause was taken out in committee -- something trade groups and some of the Representatives objected to as an unpleasant compromise.

Read more of this story at Slashdot.

Categories: Tech/Science News

Former Tor Developer Created Malware To Hack Tor Users For The FBI

Slashdot - Thu, 04/28/2016 - 00:49
Patrick O'Neill writes: Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago. Since then, he's developed potent malware used by law enforcement to unmask Tor users. It's been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases. The Tor Project has confirmed this report in a statement after being contacted by the Daily Dot, "It has come to out attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware." Maybe Tor users will now be less likely to anonymously check Facebook each month...

Read more of this story at Slashdot.

Categories: Tech/Science News

There Will Be A Huge New 'Panama Papers' Data Dump

Slashdot - Thu, 04/28/2016 - 00:05
An anonymous reader writes: The International Consortium of Investigative Journalists said in an email that on May 9 it would "publish what will likely be the largest-ever release of information about secret offshore companies and the people behind them," based on data from the Panama Papers investigation. "The searchable database will include information about more than 200,000 companies, trusts, foundations, and funds incorporated in 21 tax havens, from Hong Kong to Nevada in the United States." The ICIJ said in the email, "The impact of Panama Papers has been epic." The investigation has caused Icelandic Prime Minister Sigmundur David Gunnlaugsson to resign following revelations about his personal finances. It has caused Putin to point fingers at the West, accusing the U.S. of trying to weaken Russia. It has even created drama in the UK with calls for Prime Minister David Cameron to resign after his connections to offshore companies became evident. In addition, the ICIJ said, "[The Panama Papers investigation] sparked a new sense of urgency among lawmakers and regulators to close loopholes and make information about the owners of shell companies public."

Read more of this story at Slashdot.

Categories: Tech/Science News

Half Of Americans Think Presidential Nominating System 'Rigged'

Slashdot - Wed, 04/27/2016 - 23:23
An anonymous reader quotes a report from Huffington Post: More than half of American voters believe that the system U.S. political parties use to pick their candidates for the White House is "rigged" and more than two-thirds want to see the process changed. The results echo complaints from Republican front-runner Donald Trump and Democratic challenger Bernie Sanders that the system is stacked against them in favor of candidates with close ties to their parties -- a critique that has triggered a nationwide debate over whether the process is fair. The United States is one of just a handful of countries that gives regular voters any say in who should make it onto the presidential ballot. But the state-by-state system of primaries, caucuses and conventions is complex. The contests historically were always party events, and while the popular vote has grown in influence since the mid-20th century, the parties still have considerable sway. Just the other day, a poll was conducted by Harvard University showing a majority of young people do not support capitalism. Are the times they are a changin' or are people starting to wake up?

Read more of this story at Slashdot.

Categories: Tech/Science News

Uber's New Policy Fines Riders Who Are Two Minutes Late

Slashdot - Wed, 04/27/2016 - 22:39
Uber says it has revised some of its policies to better compensate its drivers. As part of which, the company is testing charging customers a fee if they make a driver wait for more than two minutes (current waiting time is five minutes). Furthermore, the taxi aggregator says it is changing the ride cancellation grace period from five minutes to two minutes, adding that the fees can range from $5 to $10, depending on your city. Our very own Logan Abbott aka Whipslash faced this issue today. Though he tells us that the company refunded his money after he emailed and filed a complaint. The Verge reports:The feature was built in response to drivers' complaints about waiting for passengers, Uber said. In a statement released to The Verge and TechCrunch, Uber noted that these updated terms would ensure that "the whole system runs more smoothly and the Uber experience improves for everyone." Reduced wait times and the ability to charge for idle time, as well as compensation if riders cancel after two minutes, obviously benefit drivers, earning them a few extra dollars and allowing them to move onto the next fare sooner. But how this will make the passenger experience smoother is unclear. Traffic, wrong turns, and faulty GPS all contribute to making pick-up times unreliable. This can leave passengers out in the cold, waiting for drivers to arrive. Uber explained that if a driver is more than five minutes late for an estimated arrival, users can cancel the ride with no penalty.

Read more of this story at Slashdot.

Categories: Tech/Science News

Intel Declares Independence From PC, Prioritizes Cloud, IoT and 5G Efforts

Slashdot - Wed, 04/27/2016 - 22:00
A week after announcing 12,000 job cuts, Intel CEO Brian Krzanich has shared vision for the company, hinting a shift in its prime focus away from PC business. In a blog post, Krzanich said that the company will be actively growing its data center business. The chip maker also plans to focus on chips and technologies for IoT devices. "The biggest opportunity in the Internet of Things is that it encompasses just about everything in our lives today-- it's ubiquitous," Krzanich said. The company also plans to boost its memory chips business and make a push towards utilizing them in data centers and various cloud services. Intel said that it has made several investments in this field, noting the $16 billion acquisition of Altera last year. The company says it will be playing a big role in the move to 5G connectivity. "Connectivity is fundamental to every one of the cloud-to-thing segments we will drive," he writes. Over the years, Intel has failed to keep up with Moore's Law, an axiom that semiconductor density will double about every two years. The company previously extended the timeframe to 2.5 years, but Krzanich assures customers that the they are working to make further advances in order to meet the goal. "Moore's Law is fundamentally a law of economics, and Intel will confidently continue to harness its value," Krzanich said. PCWorld has extensively reported on this.

Read more of this story at Slashdot.

Categories: Tech/Science News

German Nuclear Plant Infected With Computer Virus

Slashdot - Wed, 04/27/2016 - 21:20
archatheist shares a Reuters report: A nuclear power plant in Germany has been found to be infected with computer viruses, but they appear not to have posed a threat to the facility's operations because it is isolated from the Internet, the station's operator said on Tuesday. The Gundremmingen plant, located about 120 km (75 miles) northwest of Munich, is run by the German utility RWE. The viruses, which include "W32.Ramnit" and "Conficker", were discovered at Gundremmingen's B unit in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods, RWE said.

Read more of this story at Slashdot.

Categories: Tech/Science News

Smartphone Shipments Flat For the First Time, Says IDC

Slashdot - Wed, 04/27/2016 - 20:42
An anonymous reader writes: Smartphone vendors shipped a total of 334.9 million smartphones worldwide last quarter. This figure is up just 0.2 percent from the 334.3 million units in Q1 2015, marking the smallest year-over-year growth on record. We saw hints of this in yesterday's Apple earnings report, when the company reported an iPhone sales drop for the first time. Despite the poor state of the worldwide smartphone market, Samsung continues to dominate. In Q1 2016, the South Korean company once again shipped more smartphones than any other vendor.

Read more of this story at Slashdot.

Categories: Tech/Science News

India Makes It Compulsory For Phones To Have a 'Panic Button'

Slashdot - Wed, 04/27/2016 - 20:01
Reader itwbennett writes: Starting in January 2017, all feature phones sold in India will need to have a panic button that will alert "police, designated friends and relatives, for immediate response in case of distress or security related issues," said Minister of Communications, Ravi Shankar Prasad, on Twitter late Tuesday. The measure is one of many responses by the Indian government to the growing women safety issues in the country. Furthermore, starting in January 2018, mobile phones will also be required to have GPS systems to help pinpoint the location of the affected person in the event of harassment or distress, said Prasad.Mashable has more details.

Read more of this story at Slashdot.

Categories: Tech/Science News

SpaceX Intends To Send a Red Dragon To Mars As Early As 2018

Slashdot - Wed, 04/27/2016 - 19:24
Reader MarkWhittington writes: SpaceX has announced that it intends to send a version of its Dragon spacecraft, called "Red Dragon," to Mars as early as 2018. The mission, to be launched on top of a Falcon Heavy rocket, would be the first to another planet conducted by a commercial enterprise. The flight of the Red Dragon would be the beginning of SpaceX CEO Elon Musk's long-term dream of building a settlement on Mars.Ars Technica reports: According to the company, these initial test missions will help demonstrate the technologies needed to land large payloads propulsively on Mars. This series of missions, to be launched on the company's not-yet-completed Falcon Heavy rocket, will provide key data for SpaceX as the company develops an overall plan to send humans to the Red Planet to colonize Mars. One of the biggest challenges in landing on Mars is the fact that its atmosphere is so thin it provides little braking capacity. To land the 900kg Curiosity rover on Mars, NASA had to devise the complicated sky crane system that led to its "Seven Minutes of Terror." A Dragon would weigh much more, perhaps about 6,000kg. To solve this problem, SpaceX plans to use an upgraded spacecraft, a Dragon2 powered by eight SuperDraco engines, to land using propulsion.

Read more of this story at Slashdot.

Categories: Tech/Science News

Chinese Security Robot Draws Dalek, Terminator Comparisons

Slashdot - Wed, 04/27/2016 - 18:45
An anonymous reader writes: China's first "intelligent security robot," which reportedly includes an "electrically charged riot control tool" and an SOS button for people to notify police, has been compared to the killer Dalek from Doctor Who after being shown off at a tech fair. Intelligence agency whistleblower Edward Snowden shared the news on Twitter with the caption: "Surely this will end well." The robot, unveiled at the 12th Chongqing Hi-Tech Fair, is 1.49 metres tall, weighs 78 kilograms, has a claimed top speed of 18 kilometres per hour and an operating duration of eight hours between charges, according to a report by People's Daily Online. Dubbed AnBot, it was built by the National Defence University in China and has "sensors that mimic the human brain, eyes and ears." The report said AnBot represented breakthroughs in "key technologies including low-cost autonomous navigation and intelligent video analysis" and would play an important role in anti-terrorism and anti-riot operations. AnBot has an SOS button for people to use to notify police of a problem, but it is unclear what criteria AnBot uses to assess threats autonomously.

Read more of this story at Slashdot.

Categories: Tech/Science News

Federal Judge Rules Amazon Must Refund Parents Duped By In-App Purchases

Slashdot - Wed, 04/27/2016 - 18:05
An anonymous reader shares a Gizmodo report: A federal judge has ruled Amazon is liable for billing unwitting parents after their children made unauthorized charges in apps. The court will decide exactly how much money Amazon owes customers in the coming months. The federal judge's decision asserts that Amazon received several complaints from customers about in-app purchases that they were unaware of, mostly incurred by children. The decision points out that Amazon promoted apps as free but failed to inform parents about in-app charges that could be incurred.

Read more of this story at Slashdot.

Categories: Tech/Science News

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer