Sorry, you need to enable JavaScript to visit this website.

Slashdot

Syndicate content Slashdot
News for nerds, stuff that matters
Updated: 18 min 58 sec ago

Broadband CEOs Admit Usage Caps Are Nothing More Than A Toll On Uncompetitive Markets

Tue, 07/06/2016 - 4:40pm
Though giant ISPs such as AT&T and Comcast continue to impose caps on users with several of their data plans, a crop of local ISPs is no longer hesitating from admitting that there is no justification for these caps as the cost to provide broadband services has only dropped in the past years. From a TechDirt article (condensed): "The cost of increasing [broadband] capacity has declined much faster than the increase in data traffic," says Dane Jasper, CEO of Sonic, an independent ISP based in Santa Rosa, Calif. [...] Frontier Communications CEO Dan McCarthy adds, "There may be a time when usage-based pricing is the right solution for the market, but I really don't see that as a path the market is taking at this point in time." Suddenlink CEO Jerry Kent said, "I think one of the things people don't realize [relates to] the question of capital intensity and having to keep spending to keep up with capacity. Those days are basically over, and you are seeing significant free cash flow generated from the cable operators as our capital expenditures continue to come down."

Read more of this story at Slashdot.

Password Re-user? Get Ready to Get Busy

Tue, 07/06/2016 - 4:00pm
Security reporter Brian Krebs writes: In the wake of megabreaches at some of the Internet's most-recognized destinations, don't be surprised if you receive password reset requests from numerous companies that didn't experience a breach: Some big name companies -- including Facebook and Netflix -- are in the habit of combing through huge data leak troves for credentials that match those of their customers and then forcing a password reset for those users. Netflix.com, for example, sent out a notification late last week to users who made the mistake of re-using their Netflix password at Linkedin, Tumblr or MySpace. All of three of those breaches are years old, but the scope of the intrusions (more than a half billion usernames and passwords leaked in total) only became apparent recently when the credentials were posted online at various sites and services.

Read more of this story at Slashdot.

Tech Firms Say FBI Wants Browsing History Without Warrant

Tue, 07/06/2016 - 3:21pm
Aaron Souppouris, reporting for Engadget: Tech companies and privacy advocates are warning against new legislation that would give the FBI the ability to access "electronic communication transactional records" (ECTRs) without a warrant in spy and terrorism cases. ECTRs include high-level information on what sites a person visited, the time spent on those sites, email metadata, location information and IP addresses. To gain access to this data, a special agent in charge of a bureau field office need only write a "national security letter" (NSL) that doesn't require a judge's approval. It's worth noting that ECTRs don't amount to a full browsing history. If a suspected terrorist were reading this article, the FBI would only see they read "engadget.com" and how long for, rather than the specific page links. Additionally, the ECTRs won't include the content of emails, search queries, or form content, but will feature metadata, so the FBI would know who someone is messaging and when.

Read more of this story at Slashdot.

Huge Vulnerabilities In Facebook Chat and Messenger Exploitable With Basic HTML

Tue, 07/06/2016 - 2:40pm
An anonymous reader writes: Check Point's security research team has discovered vulnerabilities in Facebook's standard online Chat function, as well as Messenger app. The vulnerabilities, if exploited, would allow anyone to essentially take control of any message sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques to outsmart security defences. To exploit the vulnerability, an attacker simply needed to identify the unique ID for the sent message he or she is targeting.According to the report, Facebook, in conjunction with Check Point's researchers, patched the vulnerability earlier this month.

Read more of this story at Slashdot.

Samsung To Launch Smartphones With Bendable Screens in 2017, Reports Bloomberg

Tue, 07/06/2016 - 1:59pm
Samsung plans to launch two smartphones with bendable screens. The South Korean technology conglomerate could showcase these two phones as early as the Mobile World Congress tradeshow next year, according to Bloomberg, which cites sources "familiar with the matter." The publication adds that one of the phones will fold in half like a makeup compact, whereas the other with a 5-inch display would fold out into a larger tablet-style device. From the report: The devices using organic light-emitting diodes could be unveiled as soon as early 2017. That would likely give it a head start on new Apple Inc. iPhones. The second Samsung model will have a 5-inch screen when used as a handset, that unfurls into a display that's as large as 8 inches, similar to a tablet, the people said.As for more immediate future plans, the Galaxy Note 6, which is expected to launch later this year, might ship with the moniker "Note 7". This would allow Samsung to put its flagship phablet's branding in line with its current smartphone numbering. Samsung launched the Galaxy S7 and S7 Edge earlier this year. (Editor's note: Bloomberg website, though very credible, has pop-up videos, which some of you may find annoying. Just in case, here's an alternate source.)

Read more of this story at Slashdot.

'Alarming' Rise In Ransomware Tracked

Tue, 07/06/2016 - 1:00pm
An anonymous reader quotes a report from BBC: Cyber-thieves are adopting ransomware in "alarming" numbers, say security researchers. There are now more than 120 separate families of ransomware, said experts studying the malicious software. Other researchers have seen a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns. The rise is driven by the money thieves make with ransomware and the increase in kits that help them snare victims. Ransomware was easy to use, low risk and offered a high reward, said Bart Parys, a security researcher who helps to maintain a list of the growing numbers of types of this kind of malware. Mr Parys and his colleagues have now logged 124 separate variants of ransomware. Some virulent strains, such as Locky and Cryptolocker, were controlled by individual gangs, he said, but others were being used by people buying the service from an underground market. A separate indicator of the growth of ransomware came from the amount of net infrastructure that gangs behind the malware had been seen using. The numbers of web domains used to host the information and payment systems had grown 35-fold, said Infoblox in its annual report which monitors these chunks of the net's infrastructure. A lot of ransomware reached victims via spear-phishing campaigns or booby-trapped adverts, he said, but other gangs used specialized "crypters" and "packers" that made files look benign. Others relied on inserting malware into working memory so it never reached the parts of a computer on which most security software keeps an eye. Ars Technica reports that drive-by attacks that install the TeslaCrypt crypto ransomware are now able to bypass Microsoft's EMET.

Read more of this story at Slashdot.

Password Autocorrect Without Compromising Security

Tue, 07/06/2016 - 10:00am
msm1267 quotes a report from Threatpost: Intuitively, auto-correcting passwords would seem to be a terrible idea, and the worst security-for-convenience tradeoff in technology history. But a team of academics from Cornell University, MIT and a Dropbox security engineer say that the degradation of security from the introduction of such an authentication mechanism is negligible. The team -- Rahul Chatterjee, Ari Juels and Thomas Ristenpart of Cornell University, Anish Athalye of MIT, and Devdatta Akhawe of Dropbox -- presented their findings in a paper called "pASSWORD tYPOS and How to Correct Them Securely" at the recent IEEE Symposium on Security and Privacy. The paper describes a framework for what the team calls typo-tolerant passwords that significantly enhances usability without compromising security. The paper focuses on three common types of password errors that users make while typing: engaging caps lock; inadvertently capitalizing the first letter of a password; or adding or omitting characters to the beginning or end of a password. By instituting an autocorrect scheme, the researchers said in their paper that they could reduce common mistakes and user frustrations with logins. Recently, an anonymous user asked Slashdot how one creates a highly secure password after a study from Carnegie Mellon issued a warning about common user misconceptions. You can engage in the conversation and/or read the witty responses here.

Read more of this story at Slashdot.