You are here

Tech/Science News

Google Discloses An Unpatched Windows Bug (Again)

Slashdot - Sun, 02/19/2017 - 23:34
An anonymous reader writes: "For the second time in three months, Google engineers have disclosed a bug in the Windows OS without Microsoft having released a fix before Google's announcement," reports BleepingComputer. "The bug in question affects the Windows GDI (Graphics Device Interface) (gdi32.dll)..." According to Google, the issue allows an attacker to read the content of the user's memory using malicious EMF files. The bad news is that the EMF file can be hidden in other documents, such as DOCX, and can be exploited via Office, IE, or Office Online, among many. "According to a bug report filed by Google's Project Zero team, the bug was initially part of a larger collection of issues discovered in March 2016, and fixed in June 2016, via Microsoft's security bulletin MS16-074. Mateusz Jurczyk, the Google engineer who found the first bugs, says the MS16-074 patches were insufficient, and some of the issues he reported continued to remain vulnerable." He later resubmitted the bugs in November 2016. The 90-days deadline for fixing the bugs expired last week, and the Google researcher disclosed the bug to the public after Microsoft delayed February's security updates to next month's Patch Tuesday, for March 15. Microsoft has described Google's announcements of unpatched Windows bugs as "disappointing".

Read more of this story at Slashdot.

Categories: Tech/Science News

Some Recyclers Give Up On Recycling Old Monitors And TVs

Slashdot - Sun, 02/19/2017 - 22:12
An anonymous reader writes: "In many cases, your old TV isn't recycled at all and is instead abandoned in a warehouse somewhere, left for society to deal with sometime in the future," reports Motherboard, describing the problem of old cathode-ray televisions and computer monitors with "a net negative recycling value" (since their component parts don't cover the cost of dismantling them). An estimated 705 million CRT TVs were sold in the U.S. since 1980, and many now sit in television graveyards, "an environmental and economic disaster with no clear solution." As much as 100,000 tons of potentially hazardous waste are stockpiled in two Ohio warehouses of the now-insolvent recycler Closed Loop, plus "at least 25,000 tons of glass and unprocessed CRTs in Arizona...much of it is sitting in a mountainous pile outside one of the warehouses." One EPA report found 23,000 tons of lead-containing CRT glass abandoned in four different states just in 2013.

Read more of this story at Slashdot.

Categories: Tech/Science News

Self-Driving Car Speed Race Ends With A Crash

Slashdot - Sun, 02/19/2017 - 20:38
An anonymous reader writes:On a professional track in Buenos Aires, fans watched the first Formula E auto race with self-driving electric cars. "Roborace's two test vehicles battled it out on the circuit at a reasonably quick 115MPH," reports Engadget, "but one of the cars crashed after it took a turn too aggressively. The racing league was quick to tout the safety advantages of crashing autonomous cars ('no drivers were harmed'), but it's clear that the tech is still rough around the edges." Electrek is reporting that the cars "still have a cabin for a driver but neither car's cabin was occupied during the event." The ultimate goal is to have several teams racing the exact same self-driving car, while letting each team customize its car's driving software. An Argentinian journalist shared footage of the race cars on Twitter, and apparently at one point a dog wandered out in front of an oncoming race car. But the real question is how the fans are going to feel about watching a speed race between cars with no drivers?

Read more of this story at Slashdot.

Categories: Tech/Science News

Krebs: 'Men Who Sent SWAT Team, Heroin to My Home Sentenced'

Slashdot - Sun, 02/19/2017 - 19:34
An anonymous reader quotes KrebsOnSecurity: On Thursday, a Ukrainian man who hatched a plan in 2013 to send heroin to my home and then call the cops when the drugs arrived was sentenced to 41 months in prison for unrelated cybercrime charges. Separately, a 19-year-old American who admitted to being part of a hacker group that sent a heavily-armed police force to my home in 2013 was sentenced to three years probation. Sergey Vovnenko, a.k.a. "Fly," "Flycracker" and "MUXACC1," pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud. Prosecutors said Vovnenko operated a network of more than 13,000 hacked computers, using them to harvest credit card numbers and other sensitive information... A judge in New Jersey sentenced Vovnenko to 41 months in prison, three years of supervised released and ordered him to pay restitution of $83,368. Separately, a judge in Washington, D.C. handed down a sentence of three year's probation to Eric Taylor, a hacker probably better known by his handle "Cosmo the God." Taylor was among several men involved in making a false report to my local police department at the time about a supposed hostage situation at our Virginia home. In response, a heavily-armed police force surrounded my home and put me in handcuffs at gunpoint before the police realized it was all a dangerous hoax known as "swatting"... Taylor and his co-conspirators were able to dox so many celebrities and public officials because they hacked a Russian identity theft service called ssndob[dot]ru. That service in turn relied upon compromised user accounts at data broker giant LexisNexis to pull personal and financial data on millions of Americans.

Read more of this story at Slashdot.

Categories: Tech/Science News

New Free O'Reilly Ebook: 'Open Source In Brazil'

Slashdot - Sun, 02/19/2017 - 18:34
An anonymous reader writes: Andy Oram, who's been an editor at O'Reilly since 1992, has written a new free report about how open source software is everywhere in Brazil. The country's IT industry is booming in Brazil -- still Latin America's most vibrant economy -- with open source software popular in both startups and in cloud infrastructure. Oram attributes this partly to the government's support of open source software, which over the last 15 years has built public awareness about its power and potential. And says the Brazil now has a thriving open source community, and several free software movements. Even small towns have hacker spaces for collaboration and training, and the country has several free software movements.

Read more of this story at Slashdot.

Categories: Tech/Science News

Used Cars Can Still Be Controlled By Their Previous Owners' Apps

Slashdot - Sun, 02/19/2017 - 17:34
An IBM security researcher recently discovered something interesting about smart cars. An anonymous reader quotes CNN: Charles Henderson sold his car several years ago, but he still knows exactly where it is, and can control it from his phone... "The car is really smart, but it's not smart enough to know who its owner is, so it's not smart enough to know it's been resold," Henderson told CNNTech. "There's nothing on the dashboard that tells you 'the following people have access to the car.'" This isn't an isolated problem. Henderson tested four major auto manufacturers, and found they all have apps that allow previous owners to access them from a mobile device. At the RSA security conference in San Francisco on Friday, Henderson explained how people can still retain control of connected cars even after they resell them. Manufacturers create apps to control smart cars -- you can use your phone to unlock the car, honk the horn and find out the exact location of your vehicle. Henderson removed his personal information from services in the car before selling it back to the dealership, but he was still able to control the car through a mobile app for years. That's because only the dealership that originally sold the car can see who has access and manually remove someone from the app. It's also something to consider when buying used IoT devices -- or a smart home equipped with internet-enabled devices.

Read more of this story at Slashdot.

Categories: Tech/Science News

A Source Code Typo Allowed An Attacker To Steal $592,000 In Cryptocurrency

Slashdot - Sun, 02/19/2017 - 16:34
An anonymous reader writes: "A typo in the Zerocoin source code allowed an attacker to steal 370,000 Zerocoin, which is about $592,000 at today's price," reports BleepingComputer. According to the Zcoin team, one extra character left inside Zerocoin's source code was the cause of the bug. The hacker exploited the bugs for weeks, by initiating a transaction and receiving the money many times over. "According to the Zcoin team, the attacker (or attackers) was very sophisticated and took great care to hide his tracks," reports the site. "They say the attacker created numerous accounts at Zerocoin exchanges and spread transactions across several weeks so that traders wouldn't notice the uneven transactions volume... The Zcoin team says they worked with various exchanges to attempt and identify the attacker but to no avail. Out of the 370,000 Zerocoin he stole, the attacker has already sold 350,000. The Zcoin team estimates the attacker made a net profit of 410 Bitcoin ($437,000)."

Read more of this story at Slashdot.

Categories: Tech/Science News

Alaska Gets 'Artificial Aurora' As HAARP Antenna Array Listens Again

Slashdot - Sun, 02/19/2017 - 15:34
Freshly Exhumed quotes Hackaday: The famous HAARP antenna array is to be brought back into service for experiments by the University of Alaska. Built in the 1990s for the US Air Force's High Frequency Active Auroral Research Program, the array is a 40-acre site containing a phased array of 180 high-frequency antennas and their associated high-power transmitters. Its purpose is to conduct research on charged particles in the upper atmosphere, but that hasn't stopped an array of bizarre conspiracy theories. A university space physics researcher will actually create an artificial aurora starting Sunday (and continuing through Wednesday) to study how yjr atmosphere affects satellite-to-ground communications, and "observers throughout Alaska will have an opportunity to photograph the phenomenon," according to the University. "Under the right conditions, people can also listen to HAARP radio transmissions from virtually anywhere in the world using an inexpensive shortwave radio."

Read more of this story at Slashdot.

Categories: Tech/Science News

Fans Choose A New Football Team's Plays With Their Smartphones

Slashdot - Sun, 02/19/2017 - 13:34
A new arena-league football team plays on a 50-yard field and uses a mobile app that allows fans to vote on the team's next play. An anonymous reader writes: Slate describes a receiver tackled for a short gain after the audience instructed the quarterback to throw a quick pass -- as "shouts and cheers exploded from the stands, with phones raised triumphantly in the air." The quarterback is informed of the chosen plays through an earphone in his helmet, and after one touchdown, one of the players even thanked a fan in the seats for picking a good play. "Then noses immediately returned to screens...the coach and QB were antsy, peering upward, waiting for the fans' next call as the play clock ticked down again..." The team eventually lost 78-47, but to at least make things more interactive, the players all have their Twitter handles sewn on the backs of their jerseys. Fans can also be "virtual general managers" for a small fee, dialing in to a weekly phone call to give feedback to the team's president, and fans also selected the team's head coach from online resumes and some YouTube videos of interviews. In fact, the article says the fans even picked the team's name, with the name "Screaming Eagles" finally winning out over "Teamy McTeamface" and "Spaghetti Monsters."

Read more of this story at Slashdot.

Categories: Tech/Science News

Techdirt Asks Judge To Dismiss Another Lawsuit By That Guy Who Didn't Invent Email

Slashdot - Sun, 02/19/2017 - 09:34
Three months ago Shiva Ayyadurai won a $750,000 settlement from Gawker (after they'd already gone bankrupt). He'd argued Gawker defamed him by mocking Ayyadurai's claim he'd invented email, and now he's also suing Techdirt founder Michael Masnick -- who is not bankrupt, and is fighting back. Long-time Slashdot reader walterbyrd quotes Ars Technica: In his motion, Masnick claims that Ayyadurai "is seeking to use the muzzle of a defamation action to silence those who question his claim to historical fame." He continues, "The 14 articles and 84 allegedly defamatory statements catalogued in the complaint all say essentially the same thing: that Defendants believe that because the critical elements of electronic mail were developed long before Ayyadurai's 1978 computer program, his claim to be the 'inventor of e-mail' is false"... The motion skims the history of e-mail and points out that the well-known fields of e-mail messages, like "to," "from," "cc," "subject," "message," and "bcc," were used in ARPANET e-mail messages for years before Ayyadurai made his "EMAIL" program. Ayyadurai focuses on statements calling him a "fake," a "liar," or a "fraud" putting forth "bogus" claims. Masnick counters that such phrases are "rhetorical hyperbole" meant to express opinions and reminds the court that "[t]he law provides no redress for harsh name-calling." The motion calls the lawsuit "a misbegotten effort to stifle historical debate, silence criticism, and chill others from continuing to question Ayyadurai's grandiose claims." Ray Tomlinson has been dead for less than a year, but in this fascinating 1998 article recalled testing the early email protocols in 1971, remembering that "Most likely the first message was QWERTYIOP."

Read more of this story at Slashdot.

Categories: Tech/Science News

Slashdot Asks: Are Remote Software Teams More Productive?

Slashdot - Sun, 02/19/2017 - 05:34
A recruiter with 20 years of experience recently reported on the research into whether remote software teams perform better. One study of 10,000 coding sessions concluded it takes 10-15 minutes for a programmer to resume work after an interruption. Another study actually suggests unsupervised workers are more productive, and the founders of the collaboration tool Basecamp argue the bigger danger is burnout when motivated employees overwork themselves. mikeatTB shares his favorite part of the article: One interesting take on the issues is raised by ThoughtWorks' Martin Fowler: Individuals are more productive in a co-located environment, but remote teams are often more productive than co-located teams. This is because a remote team has the advantage of hiring without geographic boundaries, and that enables employers to assemble world-class groups. The article shares some interesting anecdotes from remote workers, but I'd be interested to hear from Slashdot's readers. Leave your own experiences in the comments, and tell us what you think. Are remote software teams more productive?

Read more of this story at Slashdot.

Categories: Tech/Science News

Web Comic 'Pokey The Penguin' Celebrates Its 19th Anniversary

Slashdot - Sun, 02/19/2017 - 03:34
It's one of the longest-running comics on the internet. (Slashdot is approaching its 20th anniversary, and in its first year ran two stories about Pokey.) Open source developer Steve Havelka of Portland, Oregon created the truly bizarre strip back in 1998 -- one legend says it was originally a parody of another comic drawn with Microsoft Paint -- and he's since sporadically cranked out 637 strips. Since 2010 he's also been publishing the cartoons in printed books, and this year launched an equally surreal page on Patreon identifying himself as "Steve Havelka, THE AUTHORS of Pokey the Penguin," offering supporters a "mystery item in the mail". Pokey has lots of fans -- he earned a shout-out in the videogame Hitman: Blood Money -- and very-long-time Slashdot reader 198348726583297634 informs us that on this 19th anniversary Pokey "is celebrating on Twitter!" where he's apparently accosting other web cartoonists and touting a new birthday strip. (Not to be confused with that truly horrible Pokey-goes-to-a-party movie created in Adobe Flash.) I'd like to hear from any Slashdot readers who remember Pokey the Penguin -- but I'm also curious to hear from Slashdot readers who have never read the strip. ComixTalk called it "one of those webcomics that really only exist because of the Internet -- it would be hard to see something like this in any other medium... there's just something about Pokey the Penguin that fits online."

Read more of this story at Slashdot.

Categories: Tech/Science News

Should International Travelers Leave Their Phones At Home?

Slashdot - Sun, 02/19/2017 - 01:34
Long-time Slashdot reader Toe, The sums up what he learned from freeCodeCamp's Quincy Larson: "Before you travel internationally, wipe your phone or bring/rent/buy a clean one." Larson's article is titled "I'll never bring my phone on an international flight again. Neither should you." All the security in the world can't save you if someone has physical possession of your phone or laptop, and can intimidate you into giving up your password... Companies like Elcomsoft make 'forensic software' that can suck down all your photos, contacts -- even passwords for your email and social media accounts -- in a matter of minutes.... If we do nothing to resist, pretty soon everyone will have to unlock their phone and hand it over to a customs agent while they're getting their passport swiped... And with this single new procedure, all the hard work that Apple and Google have invested in encrypting the data on your phone -- and fighting for your privacy in court -- will be a completely moot point. The article warns Americans that their constitutional protections don't apply because "the U.S. border isn't technically the U.S.," calling it "a sort of legal no-man's-land. You have very few rights there." Larson points out this also affects Canadians, but argues that "You can't hand over a device that you don't have."

Read more of this story at Slashdot.

Categories: Tech/Science News

RSA Conference Attendees Get Hacked

Slashdot - Sun, 02/19/2017 - 00:34
The RSA Conference "is perhaps the world's largest security event, but that doesn't mean that it's necessarily a secure event," reports eSecurityPlanet. Scanning the conference floor revealed rogue access points posing as known and trusted networks, according to security testing vendor Pwnie Express. storagedude writes: What's worse, several attendees fell for these dummy Wi-Fi services that spoof well-known brands like Starbucks. The company also found a number of access points using outdated WEP encryption. So much for security pros... At least two people stayed connected to a rogue network for more than a day, according to the article, and Pownie Express is reminding these security pros that connecting to a rogue network means "the attacker has full control of all information going into and out of the device, and can deploy various tools to modify or monitor the victim's communication."

Read more of this story at Slashdot.

Categories: Tech/Science News

Software Goes Through Beta Testing. Should Online College Courses?

Slashdot - Sat, 02/18/2017 - 23:34
"Testing online courses is not standard practice at traditional colleges," points out a new article at EdSurge -- though beta-testing is part of the process for other online learning sites. jyosim summarizes their report: Coursera has recruited a volunteer corp of more than 2,500 beta testers to try out MOOCs before they launch. Other free online course providers have set up systems that catch things like mistakes in tests, or just whether videos are confusing. Traditional colleges have shied away from checking online course content before going live, citing academic freedom. But some colleges are developing checklists to judge course design and accessibility. "It would be lovely if universities would consider ways of adopting the practice of beta testing," says Phillip Long, chief innovation officer and associate vice provost for learning sciences at the University of Texas at Austin. One factor, though, is cost. "How do you scale that at a university that has thousands of courses being taught," he asks... How much beta testing makes sense for courses, and what's the best way to do it? A senior instructional designer at the State University of New York says "On most campuses, instructional designers have their hands full and don't have time to review the courses before they go live... We're still trying to find the magic bullet that motivates people to review other people's courses when they're not being paid."

Read more of this story at Slashdot.

Categories: Tech/Science News

German Government Tells Parents: Destroy This WiFi-Connected Doll

Slashdot - Sat, 02/18/2017 - 22:34
It's illegal in Germany now to sell a talking doll named "My Friend Cayla," according to a story shared by Slashdot reader Bruce66423. And that's just the beginning. The Verge reports: A German government watchdog has ordered parents to "destroy" an internet-connected doll for fear it could be used as a surveillance device. According to a report from BBC News, the German Federal Network Agency said the doll (which contains a microphone and speaker) was equivalent to a "concealed transmitting device" and therefore prohibited under German telecom law... In December last year, privacy advocates said the toy recorded kids' conversations without proper consent, violating the Children's Online Privacy Protection Act. Cayla uses a microphone to listen to questions, sending this audio over Wi-Fi to a third-party company that converts it to text. This is then used to search the internet, allowing the doll to answer basic questions, like "What's a baby kangaroo called?" as well as play games. In addition to privacy concerns over data collection, security researchers found that Cayla can be easily hacked. The doll's insecure Bluetooth connection can be compromised, letting a third party record audio via the toy, or even speak to children using its voice. The Electronic Privacy Information Center has said toys like this "subject young children to ongoing surveillance...without any meaningful data protection standards." One researcher pointed out that the doll was accessible from up to 33 feet away -- even through walls -- using a bluetooth-enabled device.

Read more of this story at Slashdot.

Categories: Tech/Science News

SAP License Fees Also Due For Indirect Users, Court Rules

Slashdot - Sat, 02/18/2017 - 21:34
SAP's licensing fees "apply even to related applications that only offer users indirect visibility of SAP data," according to a Thursday ruling by a U.K. judge. Slashdot reader ahbond quotes Network World: The consequences could be far-reaching for businesses that have integrated their customer-facing systems with an SAP database, potentially leaving them liable for license fees for every customer that accesses their online store. "If any SAP systems are being indirectly triggered, even if incidentally, and from anywhere in the world, then there are uncategorized and unpriced costs stacking up in the background," warned Robin Fry, a director at software licensing consultancy Cerno Professional Services, who has been following the case... What's in dispute was whether the SAP PI license fee alone is sufficient to allow Diageo's sales staff and customers to access the SAP data store via the Salesforce apps, or whether, as SAP claims, those staff and customers had to be named as users and a corresponding license fee paid. On Thursday, the judge sided with SAP on that question.

Read more of this story at Slashdot.

Categories: Tech/Science News

New Kit Turns A Raspberry Pi Into A Robot Arm

Slashdot - Sat, 02/18/2017 - 20:34
An anonymous reader writes: A new kit turns your Raspberry Pi into a robotic arm. It's controlled by an on-board joystick, or even a web browser, and "because it's connected to the Pi you can program it through any of the various programming languages that already run on the Pi," according to its creators. "There's also free software available which lets you program it through a web interface using drag and drop programming environments like Scratch and Blockly or with Python and Javascript for the more experienced." They explain in a video on Kickstarter that "Our mission is to get children excited about technology through building and programming their own robots," and they've already raised three times their original $12,411 fundraising goal. The Raspberry Pi blog describes it as "a great kit for anyone wanting to step into the world of digital making." Long-time Slashdot reader bjpirt adds that "It's completely open source and hackable."

Read more of this story at Slashdot.

Categories: Tech/Science News

SpaceX's Next Launch Carries Colonies Of A Drug-Resistant Superbug

Slashdot - Sat, 02/18/2017 - 19:34
An anonymous reader quotes Business Insider: SpaceX is preparing to launch a lethal, antibiotic-resistant superbug into orbit...to live its days in the microgravity environment of the International Space Station. The idea is not to weaponize space with MRSA -- a bacterium that kills more Americans every year than HIV/AIDS, Parkinson's disease, emphysema, and homicide combined -- but to send its mutation rates into hyperdrive, allowing scientists to see the pathogen's next moves well before they appear on Earth. The NASA-funded study will see SpaceX's Falcon 9 rocket launch colonies of MRSA into space, to be cultivated in the US National Laboratory on the International Space Station. "We will leverage the microgravity environment on the ISS to accelerate the Precision Medicine revolution here on Earth," lead researcher Anita Goel, CEO of biotech company Nanobiosym, told Yahoo News... "Our ability to anticipate drug-resistant mutations with Gene-RADAR will lead to next generation antibiotics that are more precisely tailored to stop the spread of the world's most dangerous pathogens," says Goel. That launch was scheduled for today, but postponed it to "take a closer look at positioning of the second stage engine nozzle." Two more externally-mounted payloads will conduct other experiments, with one monitoring lightning strikes on earth and the other measuring chemicals in the earth's atmosphere. In addition, there's also 21 science experiments that were submitted by high school students Meanwhile, Slashdot reader tomhath brings news that researchers have discovered the red berries of a U.S. weed can help fight superbugs. The researchers found "extracts from the Brazilian peppertree, which traditional healers in the Amazon have used for hundreds of years to treat skin and soft-tissue infections, have the power to stop methicillin-resistant MRSA infections in mice." One of the researchers said the extract "weakens the bacteria so the mouse's own defenses work better."

Read more of this story at Slashdot.

Categories: Tech/Science News

Lost Package Derails Project To Preserve Super Nintendo Games

Slashdot - Sat, 02/18/2017 - 18:34
A developer's quest to preserve (and validate) every game ROM for the Super Nintendo Entertainment System has hit a glitch -- thanks to the U.S. postal service. Byuu, the creator of the Higan SNES emulator, had been expecting a package with 100 games from the PAL region (covering most of Europe, Africa, South America, and Oceania). wertigon writes: As it turns out, someone at the USPS thought it was a good idea to lose the package, thereby robbing the project of roughly $5000 and the sad hopes of ever seeing a full indexing, like the one done to the U.S set. Byuu writes... "I do still want to dump and scan the Japanese games I already purchased. But we will never have a complete PAL set. Kotaku reports the games were worth up to £8,000, and though Byuu says the sender never requested reimbursement, it's going to happen "because I can't live with myself if it doesn't." He's asking for donations on Patreon, adding "If the package ultimately arrives, I will be refunding all donations." In that Thursday update, Byuu writes that the post office had finally shipped him the label from the package "and nothing else, claiming the machine ate it." They've launched an investigation, reports Byuu, adding "It's still an incredibly long shot that they'll find anything, but we'll see. I really, really hope that they do."

Read more of this story at Slashdot.

Categories: Tech/Science News

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer