Feed aggregator

New 'Google' For the Dark Web Makes Buying Dope and Guns Easy

Slashdot - 37 min 13 sec ago
First time accepted submitter turkeydance (1266624) writes "The dark web just got a little less dark with the launch of a new search engine that Llets you easily find illicit drugs and other contraband online. Grams, which launched last week and is patterned after Google, is accessible only through the Tor anonymizing browser (the address for Grams is: grams7enufi7jmdl.onion) but fills a niche for anyone seeking quick access to sites selling drugs, guns, stolen credit card numbers, counterfeit cash and fake IDs — sites that previously only could be found by users who knew the exact URL for the site."

Read more of this story at Slashdot.








3 Former Astronauts: Earth-Asteroid Collisions Are a Real But Preventable Danger

Slashdot - 2 hours 53 min ago
Three former astronauts — Ed Lu, Tom Jones, and Bill Anders — say that reassuring figures about the rarity of asteroid collisions with Earth are perhaps too reassuring. The B612 Foundation, of which Lu is a director, has been established to draw public awareness to the risks of a large asteroid hitting a population center -- which these three men say is a far more serious public danger than has been acknowledged by NASA and other agencies. And beyond awareness, the Foundation's immediate goal is to raise money to " design and build an asteroid-finding space telescope and launch it by 2017," and then, Armageddon-style, to follow that up with technology to divert any asteroids whose path would threaten earth.

Read more of this story at Slashdot.








3 Former Astronauts: Earth-Asteroid Collisions Are a Real But Preventable Danger

Slashdot - 2 hours 53 min ago
Three former astronauts — 2, Ed Lu, Tom Jones, and Bill Anders, — say that reassuring figures about the rarity of asteroid collisions with Earth are perhaps too reassuring. The B612 Foundation, of which Lu is a director, has been established to draw public awareness to the risks of a large asteroid hitting a population center -- which these three men say is a far more serious public danger than has been acknowledged by NASA and other agencies. And beyond awareness, the Foundation's immediate goal is to raise money to " design and build an asteroid-finding space telescope and launch it by 2017," and then, Armageddon-style, to follow that up with technology to divert any asteroids whose path would threaten earth.

Read more of this story at Slashdot.








Ask Slashdot: Hungry Students, How Common?

Slashdot - 3 hours 21 min ago
Gud (78635) points to this story in the Washington Post about students having trouble with paying for both food and school. "I recall a number of these experiences from my time as grad student. I remember choosing between eating, living in bad neighborhoods, putting gas in the car, etc. Me and my fellow students still refer to ourselves as the 'starving grad students.' Today we laugh about these experiences because we all got good jobs that lifted us out of poverty, but not everyone is that fortunate. I wonder how many students are having hard time concentrating on their studies due to worrying where the next meal comes from. In the article I found the attitude of collage admins to the idea of meal plan point sharing, telling as how little they care about anything else but soak students & parents for fees and pester them later on with requests for donations. Last year I did the college tour for my first child, after reading the article, some of the comments I heard on that tour started making more sense. Like 'During exams you go to the dining hall in the morning, eat and study all day for one swipe' or 'One student is doing study on what happens when you live only on Ramen noodles!' How common is 'food insecurity in college or high school'? What tricks can you share with current students?"

Read more of this story at Slashdot.








Big asteroids hit Earth far more than we're told, say astronauts

CNET NEWS - 4 hours 45 min ago
To, well, celebrate Earth Day, April 22, three former astronauts will claim they have evidence that remote parts of the Earth have endured 3 to 10 times more large-scale asteroid strikes than has been revealed.






Everybody loves a clone: Orphan Black and its sci-fi inspirations

Arstechnica - 4 hours 45 min ago
Tatiana Maslany, Tatiana Maslany, and Tatiana Maslany, portraying three of Orphan Black's 11+ clones. BBC America

Spoiler alert: Minor spoilers for the TV show Orphan Black, as well as spoilers for other pieces of (less-contemporary) content, discussed throughout. 

Nearly 18 years ago, the world said hello to its first clone of an adult mammal. Frogs and other mammal trials had come before Dolly, but she was a special sheep, sourced straight from another sheep’s mammary glands, no sperm necessary. Instead, Dolly’s creators replaced an egg’s DNA with that of the source cell, then tricked the egg into thinking it had been fertilized.

A year later, she was formally announced to the world, and its largest governing bodies jumped to conclusions with a loud reply. Humans can’t be next, they cried! President Bill Clinton and the FDA quickly and formally expressed their disapproval of human cloning trials. Over two dozen countries still either ban human trials outright or limit the practice to research, only forbidding full-term births. (Such human research is alive and well, as we recently reported.)

Read 15 remaining paragraphs | Comments

Google's New Camera App Simulates Shallow Depth of Field

Slashdot - 4 hours 51 min ago
New submitter katiewilliam (3621675) writes with a story at Hardware Zone about a new feature that Google's working on for Android phones' built-in cameras: the illusion of shallow depth of field in phone snapshots, which typically err on the side of too much in focus, rather than too little. Excerpting: "The Google Research Blog [note: here's a direct link] revealed that there's quite a fair bit of algorithms running to achieve this effect; to put it in a nutshell, computer vision algorithms create a 3D model of the world based on the shots you have taken, and estimate the depth to every point in the scene."

Read more of this story at Slashdot.








Long-term take: Surface Pro 2 vs. iPad Air

CNET NEWS - 5 hours 24 min ago
Microsoft and Apple have very different takes on tablets. What are the pros and cons of their respective approaches? And which speaks more to the future?






Gravitational lensing lets researchers size up a white dwarf

Arstechnica - 5 hours 50 min ago
Variation in output of the light from a binary system consisting of a Sun-like star and a white dwarf. When the white dwarf eclipses its companion, its gravity magnifies the light, making the star appear very slightly brighter. Eric Agol

White dwarfs are the remnants of stars like the Sun. They also provide some of the best means to measure large distances in the Universe if they explode as "type Ia" supernovae. All of those explosions occur in binary systems consisting either of two white dwarfs or a white dwarf paired with an ordinary star. To understand the whole process, astronomers need to identify progenitor systems before they explode: binaries with one or more white dwarf.

A particularly interesting example was recently identified and described in a Science paper by Ethan Kruse and Eric Agol. In this system, a white dwarf is locked in mutual orbit with a Sun-like star. The orientation of the binary relative to Earth means the two bodies periodically eclipse each other. When the white dwarf passes in front of its companion, gravitational lensing—the focusing of light by a massive body—magnifies the star's light very slightly. This is the first such "self-lensing" system containing a white dwarf, and should allow researchers to better understand understand the behavior of white dwarfs in binaries.

When one star passes in front of another (from our point of view), the gravity of the foreground star magnifies the light of the background object very slightly. This effect is very small, and so it is known as gravitational microlensing (or just microlensing) to distinguish it from the more dramatic form described in the sidebar. Microlensing can be used in some cases to detect exoplanets orbiting around the star in the foreground: the planet provides a tiny extra boost, beyond that provided by its host star, to the light of the star in the background.

Read 6 remaining paragraphs | Comments

Police's search for missing boy finds he existed only on Facebook

CNET NEWS - 5 hours 56 min ago
A 2-year-old boy is reported missing in France by his supposed great aunt. It takes some time before police realize the boy and his father are mere Facebook constructs.






Beer Price Crisis On the Horizon

Slashdot - 6 hours 11 min ago
Rambo Tribble (1273454) writes "The aficionados of beer and distilled spirits could be in for a major price-shock, if proposals by the Food and Drug Administration come to pass. Currently, breweries are allowed to sell unprocessed brewing by-products to feed farm animals. Farmers prize the nutritious, low-cost feed. But, new rules proposed by the FDA could force brewers to implement costly processing facilities or dump the by-products as waste. As one brewer put it, "Beer prices would go up for everybody to cover the cost of the equipment and installation.""

Read more of this story at Slashdot.








SF: Airbnb, Craigslist rentals need to 'play by the rules' (Q&A)

CNET NEWS - 6 hours 13 min ago
The hometown of these peer-to-peer networks is cracking down on short-term rentals. CNET talks to the San Francisco lawmaker who's leading the charge.






How has an increase in system complexity affected new programmers?

Arstechnica - 6 hours 35 min ago
Stack Exchange

This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites.

Adam asked:

As a "new" programmer (I first wrote a line of code in 2009), I've noticed it's relatively easy to create a program that exhibits quite complex elements today with things like .NET framework, for example. Creating a visual interface or sorting a list can be done with very few commands now.

Read 47 remaining paragraphs | Comments

Heartbleed Used To Bypass 2-Factor Authentication, Hijack User Sessions

Slashdot - 7 hours 18 min ago
wiredmikey (1824622) writes "Security nightmares sparked by the Heartbleed OpenSSL vulnerability continue. According to Mandiant, now a unit of FireEye, an attacker was able to leverage the Heartbleed vulnerability against the VPN appliance of a customer and hijack multiple active user sessions. The attack bypassed both the organization's multifactor authentication and the VPN client software used to validate that systems connecting to the VPN were owned by the organization and running specific security software. "Specifically, the attacker repeatedly sent malformed heartbeat requests to the HTTPS web server running on the VPN device, which was compiled with a vulnerable version of OpenSSL, to obtain active session tokens for currently authenticated users," Mandiant's Christopher Glyer explained. "With an active session token, the attacker successfully hijacked multiple active user sessions and convinced the VPN concentrator that he/she was legitimately authenticated." After connecting to the VPN, the attacker attempted to move laterally and escalate his/her privileges within the victim organization, Mandiant said."

Read more of this story at Slashdot.








Heartbleed Used To Bypass 2-Factor Authentication, Hijack User Sessions

Slashdot - 7 hours 18 min ago
wiredmikey (1824622) writes "Security nightmares sparked by the Heartbleed OpenSSL vulnerability continue. According to Mandiant, now a unit of FireEye, an attacker was able to leverage the Heartbleed vulnerability against the VPN appliance of a customer and hijack multiple active user sessions. The attack bypassed both the organization's multifactor authentication and the VPN client software used to validate that systems connecting to the VPN were owned by the organization and running specific security software. "Specifically, the attacker repeatedly sent malformed heartbeat requests to the HTTPS web server running on the VPN device, which was compiled with a vulnerable version of OpenSSL, to obtain active session tokens for currently authenticated users," Mandiant's Christopher Glyer explained. "With an active session token, the attacker successfully hijacked multiple active user sessions and convinced the VPN concentrator that he/she was legitimately authenticated." After connecting to the VPN, the attacker attempted to move laterally and escalate his/her privileges within the victim organization, Mandiant said."

Read more of this story at Slashdot.








Heartbleed Used To Bypass 2-Factor Authentication, Hijack User Sessions

Slashdot - 7 hours 18 min ago
wiredmikey (1824622) writes "Security nightmares sparked by the Heartbleed OpenSSL vulnerability continue. According to Mandiant, now a unit of FireEye, an attacker was able to leverage the Heartbleed vulnerability against the VPN appliance of a customer and hijack multiple active user sessions. The attack bypassed both the organization's multifactor authentication and the VPN client software used to validate that systems connecting to the VPN were owned by the organization and running specific security software. "Specifically, the attacker repeatedly sent malformed heartbeat requests to the HTTPS web server running on the VPN device, which was compiled with a vulnerable version of OpenSSL, to obtain active session tokens for currently authenticated users," Mandiant's Christopher Glyer explained. "With an active session token, the attacker successfully hijacked multiple active user sessions and convinced the VPN concentrator that he/she was legitimately authenticated." After connecting to the VPN, the attacker attempted to move laterally and escalate his/her privileges within the victim organization, Mandiant said."

Read more of this story at Slashdot.








Heartbleed Used To Bypass 2-Factor Authentication, Hijack User Sessions

Slashdot - 7 hours 18 min ago
wiredmikey (1824622) writes "Security nightmares sparked by the Heartbleed OpenSSL vulnerability continue. According to Mandiant, now a unit of FireEye, an attacker was able to leverage the Heartbleed vulnerability against the VPN appliance of a customer and hijack multiple active user sessions. The attack bypassed both the organization's multifactor authentication and the VPN client software used to validate that systems connecting to the VPN were owned by the organization and running specific security software. "Specifically, the attacker repeatedly sent malformed heartbeat requests to the HTTPS web server running on the VPN device, which was compiled with a vulnerable version of OpenSSL, to obtain active session tokens for currently authenticated users," Mandiant's Christopher Glyer explained. "With an active session token, the attacker successfully hijacked multiple active user sessions and convinced the VPN concentrator that he/she was legitimately authenticated." After connecting to the VPN, the attacker attempted to move laterally and escalate his/her privileges within the victim organization, Mandiant said."

Read more of this story at Slashdot.








Heartbleed Used To Bypass 2-Factor Authentication, Hijack User Sessions

Slashdot - 7 hours 18 min ago
wiredmikey (1824622) writes "Security nightmares sparked by the Heartbleed OpenSSL vulnerability continue. According to Mandiant, now a unit of FireEye, an attacker was able to leverage the Heartbleed vulnerability against the VPN appliance of a customer and hijack multiple active user sessions. The attack bypassed both the organization's multifactor authentication and the VPN client software used to validate that systems connecting to the VPN were owned by the organization and running specific security software. "Specifically, the attacker repeatedly sent malformed heartbeat requests to the HTTPS web server running on the VPN device, which was compiled with a vulnerable version of OpenSSL, to obtain active session tokens for currently authenticated users," Mandiant's Christopher Glyer explained. "With an active session token, the attacker successfully hijacked multiple active user sessions and convinced the VPN concentrator that he/she was legitimately authenticated." After connecting to the VPN, the attacker attempted to move laterally and escalate his/her privileges within the victim organization, Mandiant said."

Read more of this story at Slashdot.








Heartbleed Used To Bypass 2-Factor Authentication, Hijack User Sessions

Slashdot - 7 hours 18 min ago
wiredmikey (1824622) writes "Security nightmares sparked by the Heartbleed OpenSSL vulnerability continue. According to Mandiant, now a unit of FireEye, an attacker was able to leverage the Heartbleed vulnerability against the VPN appliance of a customer and hijack multiple active user sessions. The attack bypassed both the organization's multifactor authentication and the VPN client software used to validate that systems connecting to the VPN were owned by the organization and running specific security software. "Specifically, the attacker repeatedly sent malformed heartbeat requests to the HTTPS web server running on the VPN device, which was compiled with a vulnerable version of OpenSSL, to obtain active session tokens for currently authenticated users," Mandiant's Christopher Glyer explained. "With an active session token, the attacker successfully hijacked multiple active user sessions and convinced the VPN concentrator that he/she was legitimately authenticated." After connecting to the VPN, the attacker attempted to move laterally and escalate his/her privileges within the victim organization, Mandiant said."

Read more of this story at Slashdot.








Ask Ars: The best way to use a lithium-ion battery, redux

Arstechnica - 7 hours 20 min ago
iFixit

A little over three years ago, you, the readers, asked us, the Ars staff, about the best way to prolong the life of a lithium-ion battery. Now that time has passed, the gadget landscape has changed, and it's time for an update. There are a few new things to look out for, but mostly the principles we stated then, stand today: "Use your battery. Not too much. Mostly for small apps."

Our initial guide clarified a great many things about lithium ion batteries and the ways they can differ from other types of batteries. These differences once used to strike fear into the hearts of consumers. For instance, Li-ion batteries, unlike nickel-based batteries, and don't get their capacity "confused" by shallow discharges. In fact, frequent and shallow discharges are the best advice for keeping a young Li-ion battery fit and trim.

One of the worst things you can do to a Li-ion battery is to run it out completely all the time. Full discharges put a lot of strain on the battery, and it's much better practice to do shallow discharges to no lower than 20 percent. In a way, this is like people running for exercise—running a few miles a day is fine, but running a marathon every day is generally not sustainable. If your Li-ion-powered device is running out of juice on a daily basis, you're decreasing its overall useful lifespan, and should probably work some charging stations into your day or change your devices' settings so that it's not churning through its battery so quickly.

There used to be certain types of batteries whose "memory" of their total charge capacity seemed to get confused by shallow discharges. This is not, and never was, the case with Li-ion batteries. However, if you are using something like a notebook computer that gives you time estimates of how much longer the battery will last, this clock can be confused by shallow charging intervals. Most manufacturers recommend that you do a full discharge of the battery about once a month to help your device calibrate the time gauge.

…On the other end of the spectrum, keeping a Li-ion battery fully charged is not good for it either. This isn't because Li-ion batteries can get "overcharged" (something that people used to worry about in The Olden Days of portable computers), but a Li-ion battery that doesn't get used will suffer from capacity loss, meaning that it won't be able to hold as much charge and power your gadgets for as long. Extremely shallow discharges of only a couple percent are also not enough to keep a Li-ion battery in practice, so if you're going to pull the plug, let the battery run down for a little bit.

The other tip that remains true is that you should keep Li-ion batteries in fair weather. They don't like extreme cold or heat, especially heat caused by running Crysis 2 clock-speed drag races or whatever the kids are up to these days.

Read 7 remaining paragraphs | Comments

novalug.com