Slashdot

Slashdot
News for nerds, stuff that matters
Updated: 3 min 8 sec ago

Security Researcher Drops 15 Vulnerabilities for Windows and Adobe Reader

Wed, 24/06/2015 - 5:17pm
mask.of.sanity writes: Google Project Zero hacker Mateusz Jurczyk has dropped 15 remote code execution vulnerabilities, including a single devastating hack against Adobe Reader and Windows he reckons beats all exploit defenses. He said, "The extremely powerful primitive provided by the vulnerability, together with the fact that it affected all supported versions of both Adobe Reader and Microsoft Windows (32-bit) – thus making it possible to create an exploit chain leading to a full system compromise with just a single bug – makes it one of the most interesting security issues I have discovered so far." Jurczyk published a video demonstration of the exploit for 32-bit and 64-bit systems. His slides are here [PDF].

Read more of this story at Slashdot.

Judge Orders Dutch Government To Finally Take Action On Climate Promises

Wed, 24/06/2015 - 4:35pm
New submitter Errol backfiring writes: Although the Dutch government has promised to make sure carbon emissions are lowered considerably, they have consistently failed to take action. Dutch climate group Urgenda and Dutch citizens have gone to court to force the government to take action, and the verdict (linked page is in Dutch) is that the government must reduce emissions by at least 25% compared to 1990 leves. This 25% cut is seen as the minimum effort needed to keep the people safe from climate change dangers. 25% to 40% is the norm in international climate policy. The verdict is also important for similar climate groups in other countries.

Read more of this story at Slashdot.

Elon Musk Probably Won't Be the First Martian

Wed, 24/06/2015 - 3:53pm
pacopico writes: In a new biography on him, Elon Musk goes into gory details on his plans for colonizing Mars. The author of the book subsequently decided to run those plans by Andy Weir, the author of The Martian. Weir's book is famous for its technical acumen around getting to and from The Red Planet. His conclusion is that Musk's technology, which includes the biggest rocket ever built, is feasible — but that Musk will not be the first man on Mars. The interview also hits on the future of NASA and what we need to get to Mars. Good stuff. Weir says, "My estimate is that this will happen in 2050. NASA is saying more like 2035, but I don't have faith in Congress to fund them."

Read more of this story at Slashdot.

Building the Face of a Criminal From DNA

Wed, 24/06/2015 - 3:10pm
Dave Knott writes: It sounds like science fiction, but revealing the face of a criminal based on their genes may be closer than we think. In a process known as molecular photo fitting, scientists are experimenting with using genetic markers from DNA to build up a picture of an offender's face. Dr. Peter Claes, a medical imaging specialist at the University of Leuven, has amassed a database of faces and corresponding DNA. Armed with this information, he is able to model how a face is constructed based on just 20 genes (this number will soon be expanded to 200). At the moment, police couldn't publish a molecular photo-fit like this and hope to catch a killer. But that's not how Dr. Claes sees the technique being used in a criminal investigation. "If I were to bring this result to an investigator, I wouldn't necessarily give him the image to broadcast. I would talk to him and say okay, you're looking for a woman, with a very specific chin and eyebrow structure."

Read more of this story at Slashdot.

Google Takes Over NYC's Free WiFi Project

Wed, 24/06/2015 - 2:28pm
dkatana writes: Google's new Smart Cities venture Sidewalk Labs announced the purchase of Intersection, the new company behind the LinkNYC project. nGoogle wants to speed up the developing of free internet access to New York residents and visitors, as a way to gather more information about their activities. Users of the pylons will provide the company invaluable data about their habits, places they visit, and browsing activity. As part of the original LinkNYC plan, Intersection is scheduled to start deploying the new ad-supported, locally manufactured, WiFi 'pylons' this fall, reaching all five boroughs of the city. It will be the largest and fastest free municipal WiFi system in the world. After that, the company plans to start rolling out similar initiatives in other U.S. cities, but details have not been made public yet.

Read more of this story at Slashdot.

Learn-to-Code Program For 10,000 Low-Income Girls

Wed, 24/06/2015 - 1:47pm
theodp writes: In a press release Tuesday, the National Center for Women & Information Technology (NCWIT) announced it was teaming with Lifetime Partner Apple and the U.S. Department of Housing and Urban Development (HUD) on its Clinton Global Initiative (CGI) Commitment to engage 10,000 girls in learning computing concepts. "Currently, just 25 states and the District of Columbia allow computer science to count as a math or science graduation requirement," explained the press release. "Because boys get more informal opportunities for computing experience outside of school, this lack of formal computing education especially affects girls and many youth of color." HUD, the press release added, has joined the Commitment to Action to help extend the program's reach in partnership with public housing authorities nationwide and provide computing access to the 485,000 girls residing in public housing. "In this Information Age, opportunity is just a click on a keyboard away. HUD is proud to partner with NCWIT to provide talented girls with the skills and experiences they need to reach new heights and to achieve their dreams in the 21st century global economy," said HUD Secretary Julian Castro, who coincidentally is eyed as a potential running mate for Hillary Clinton, whose daughter Chelsea is the Clinton Foundation's point-person on computer science. Last year, Chelsea Clinton gave a keynote speech at the NCWIT Summit and appeared with now-U.S. CTO Megan Smith to help launch Google's $50 million girls-only Made With Code initiative.

Read more of this story at Slashdot.

Samsung Cripples Windows Update To Prevent Incompatible Drivers

Wed, 24/06/2015 - 1:05pm
jones_supa writes: A file called Disable_Windowsupdate.exe — probably malware, right? It's actually a "helper" utility from Samsung, for which their reasoning is: "When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates." Too bad that the solution means disabling all critical security updates as well. This isn't the first time an OEM has compromised the security of its users. From earlier this year, we remember the Superfish adware from Lenovo, and system security being compromised by the LG split screen software.

Read more of this story at Slashdot.

Car Hacking is 'Distressingly Easy'

Wed, 24/06/2015 - 12:24pm
Bruce66423 points out a piece from the Economist trying to rally support for pressuring legislators and auto manufacturers to step up security efforts on modern, computer-controlled cars. They say, Taking control remotely of modern cars, for instance, has become distressingly easy for hackers, given the proliferation of wireless-connected processors now used to run everything from keyless entry and engine ignition to brakes, steering, tyre pressure, throttle setting, transmission and anti-collision systems. Today's vehicles have anything from 20 to 100 electronic control units (ECUs) managing their various electro-mechanical systems. ... The problem confronting carmakers everywhere is that, as they add ever more ECUs to their vehicles, to provide more features and convenience for motorists, they unwittingly expand the "attack surface" of their on-board systems. In security terms, this attack surface—the exposure a system presents in terms of its reachable and exploitable vulnerabilities—determines the ease, or otherwise, with which hackers can take control of a system. ... There is no such thing as absolute security. [E]ven firms like Microsoft and Google have been unable to make a web browser that cannot go a few months without needing some critical security patch. Cars are no different.

Read more of this story at Slashdot.

Aussie Telco Caught Handing Over User Mobile Numbers To Websites Without Consent

Wed, 24/06/2015 - 11:42am
AlbanX writes: Australian telco Optus has been nabbed passing its customers' mobile phone numbers to third-party websites without the customers' knowledge or consent. The practice, known as HTTP header enrichment, aims to streamline the process of direct billing for customers, but they're not happy. The discovery was made by a user on the telco forum Whirlpool, and Optus confirmed it. They said, "Optus adds our customers' mobile number to the information in select circumstances where we have a commercial relationship with owners of particular websites."

Read more of this story at Slashdot.

The Town That Banned Wi-Fi

Wed, 24/06/2015 - 9:14am
An anonymous reader sends a story from The Guardian about Green Bank, West Virginia, a small town housing the National Radio Astronomy Observatory. There are other telescopes nearby, too. Because the telescopes are so sensitive, stray electromagnetic signals are strictly regulated in the surrounding area, which is called the National Radio Quiet Zone. But the town is running into a problem: its population was around 120 when this began, and by now about 40 people have moved there because they want to get away from radio waves and Wi-Fi signals and other types of electromagnetic radiation. There have been reports of tensions in the town: tales of threats and abuse unfitting to a sleepy mountain village. And it is all the stranger when you consider that no serious scientific study has been able to establish that electrosensitivity exists. ... Where the locals might have been happy to tolerate one or two of the sensitives, the mass migration was beyond the pale. ... People would walk towards [one woman] with concealed electronics, in an effort to provoke a reaction. A meeting she and her husband organised to help educate the others about electrosensitivity descended into a slanging match.

Read more of this story at Slashdot.

Ask Slashdot: Is C++ the Right Tool For This Project?

Wed, 24/06/2015 - 6:13am
ranton writes: I am about to start a personal project which I believe should be done in C/C++. The main reasons I have for this are the needs to manage memory usage and disk access at a very granular level and a desire to be cross-platform. Performance is also important but I am unlikely to spend enough time optimizing to be much faster than core libraries of higher level languages. On the other hand, network access is also a critical part of the project and I am worried about the effort it takes to make cross platform code for both network and disk access. I have been working in the Java / C# world for the past decade and things like TCP/IP and SSL have just been done for me by core libraries. Do libraries like Boost or Asio do a good job of abstracting these aspects away? Or are there other options for doing granular memory and disk management with more high level languages that have better cross-platform library support? I am willing to brush up on my C/C++ skills if necessary but want to spend as much time as possible developing the unique and potentially innovative parts of my project. Thanks for any advice you can provide.

Read more of this story at Slashdot.

WikiLeaks: NSA Eavesdropped On the Last Three French Presidents

Wed, 24/06/2015 - 4:10am
Earthquake Retrofit writes: The NY Times is reporting that WikiLeaks has released "material which appeared to capture officials in Paris talking candidly about Greece's economy, relations with Germany — and, ironically, American espionage." The information was leaked "a day before the French Parliament is expected to definitively pass a controversial security bill legalizing broad surveillance, particularly of terrorism suspects."

Read more of this story at Slashdot.

Your Next Allstate Inspector Might Be a Drone

Wed, 24/06/2015 - 2:05am
New submitter cameronag writes: Following on the heels of EasyJet's plan to inspect planes with drones, insurance giant Allstate has received FAA clearance to test drones for insurance inspections. The company plans to use drones to inspect roofing, weather damage, and collapsed structures, among other things, and says the technology will ultimately speed up claims processing.

Read more of this story at Slashdot.

Who Owns Your Overtime?

Wed, 24/06/2015 - 12:06am
HughPickens.com writes: Fran Sussner Rodgers writes in the NY Times that a little-noticed change in the American workplace is about to occur. Later this month the Department of Labor is expected to announce an adjustment to the Fair Labor Standards Act raising the salary threshold for overtime from $23,660 per year to at least double that threshold. In 1975, the last year the threshold was significantly raised, 60 percent of salaried workers fell within the requirement for overtime pay while today, only 8 percent do. The new requirement should be a welcome change for millions of American workers. But the change also speaks to an issue that affects everyone, whether eligible for overtime or not — the clash between the finite amount of time employees actually have versus the desire of employers to treat time as an inexhaustible resource. Employees in the United States currently work more hours than workers in any of the world's 10 largest economies except Russia. When everything over 40 hours is free to the employer, the temptation to demand more is almost irresistible. But for most employees, the ones exempt from overtime rules, their managers have little incentive to look for ways to use their time more efficiently. "We are a tired, stressed and overworked nation, which has many negative consequences for our personal health and the care of our children. As a nation, we work harder and longer than almost all of our competitors, and much of that work is uncompensated," writes Rodgers. "Time is our personal currency. We parcel it out, hour by hour, to meet the demands placed on us. We all pay a steep price, as individuals and as a nation, when we can't meet our most important obligations."

Read more of this story at Slashdot.

Study: Major ISPs Slowing Traffic Across the US

Tue, 23/06/2015 - 11:24pm
An anonymous reader writes: A study based on test results from 300,000 internet users "found significant degradations on the networks of the five largest internet service providers" in the United States. This group includes Time Warner Cable, Verizon, and AT&T. "The study, supported by the technologists at Open Technology Institute's M-Lab, examines the comparative speeds of Content Delivery Networks (CDNs), which shoulder some of the data load for popular websites. ... In Atlanta, for example, Comcast provided hourly median download speeds over a CDN called GTT of 21.4 megabits per second at 7pm throughout the month of May. AT&T provided speeds over the same network of of a megabit per second. " These findings arrive shortly after the FCC's new net neutrality rules took effect across the U.S.

Read more of this story at Slashdot.

After 6-Year Beta Test, All Gmail Users Get 'Undo Send'

Tue, 23/06/2015 - 10:47pm
jones_supa writes: Since 2009, Google has been beta testing a feature in Gmail called "Undo Send." It allows you to delay emails up to 30 seconds from when you press the "Send" button so you can take them back if you immediately decide it was a bad idea to press the send button. Google announced in a blog post that Undo Send is becoming an official feature. For users who already had the Undo Send beta enabled, the feature will remain on, and those who didn't can turn it on via the General tab under Settings. Users can choose if they want to hold their mail for 5, 10, 20 or 30 seconds.

Read more of this story at Slashdot.

HP Researchers Disclose Details of Internet Explorer Zero Day

Tue, 23/06/2015 - 10:03pm
Trailrunner7 writes: Researchers at HP's Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer. The disclosure is a rarity for ZDI. The company typically does not publish complete details and exploit code for the bugs it reports to vendors until after the vulnerabilities are fixed. But in this case, Microsoft has told the researchers that the company doesn't plan to fix the vulnerabilities, even though the bugs were serous enough to win ZDI's team a $125,000 Blue Hat Bonus from Microsoft. The reason: Microsoft doesn't think the vulnerabilities affect enough users. The vulnerabilities that the ZDI researchers submitted to Microsoft enable an attacker to fully bypass ASLR (address space layout randomization), one of the many mitigations in IE that help prevent successful exploitation of certain classes of bugs. ZDI reported the bugs to Microsoft last year and disclosed some limited details of them in February. The researchers waited to release the full details until Microsoft fixed all of the flaws, but Microsoft later informed them that they didn't plan to patch the remaining bugs because they didn't affect 64-bit systems.

Read more of this story at Slashdot.

IT Pros Blast Google Over Android's Refusal To Play Nice With IPv6

Tue, 23/06/2015 - 9:20pm
alphadogg writes: The widespread popularity of Android devices and the general move to IPv6 has put some businesses in a tough position, thanks to Android's lack of support for a central component in the newer standard. DHCPv6 is an outgrowth of the DHCP protocol used in the older IPv4 standard – it's an acronym for 'dynamic host configuration protocol,' and is a key building block of network management. Nevertheless, Google's wildly popular Android devices – which accounted for 78% of all smartphones shipped worldwide in the first quarter of this year – don't support DHCPv6 for address assignment.

Read more of this story at Slashdot.

The Presidential Candidate With a Plan To Run the US On 100% Clean Energy

Tue, 23/06/2015 - 8:37pm
merbs writes: Thus far, no other candidate has said they're going to make climate change their top priority. Martin O'Malley has not only done that, but he has outlined a plan that would enact emissions reductions in line with what scientists say is necessary to slow global climate change—worldwide emissions reductions of 40-70 percent by 2050. He's the only candidate to do that, too. His plan would phase out fossil-fueled power plants altogether, by midcentury.

Read more of this story at Slashdot.

US Securities and Exchange Commission Hunting Insider Trading Hackers

Tue, 23/06/2015 - 7:55pm
An anonymous reader writes: The U.S. Securities and Exchange Commission is actively investigating the FIN4 financial hacking group identified by FireEye last December, according to a Reuters report. In an unprecedented extension of its usual practice, the SEC is soliciting information about security breaches from private companies, who are not obliged to reveal them unless the breach enters into categories covered by federal law. Former SEC Head of Internet Enforcement John Reed Stark describes the proactive stance of the organization as an "absolute first."

Read more of this story at Slashdot.