Slashdot

Syndicate content Slashdot
News for nerds, stuff that matters
Updated: 49 min 36 sec ago

PayPal To Pay $7.7 Million For Sanctions Violations

3/26/2015 7:03pm
jfruh writes PayPal may not be a bank, but it's still legally required to follow regulations on transferring money — but the company has admitted to a number of violations, including allowing transfers to an individual specifically sanctioned by the U.S. State Department for helping proliferate nuclear weapons. From Ars: "On Wednesday afternoon, PayPal reached a settlement with the US Treasury Department, agreeing that it would pay $7.7 million for allegedly processing payments to people in countries under sanction as well as to a man the US has listed as involved in the nuclear weapons black market. The company neither confirmed nor denied the allegations, but it voluntarily handed over its transaction data to the US Department of Treasury’s Office of Foreign Assets Control (OFAC)."

Read more of this story at Slashdot.

Australia Passes Mandatory Data Retention Law

3/26/2015 6:20pm
Bismillah writes Opposition from the Green Party and independent members of parliament wasn't enough to stop the ruling conservative Liberal-National coalition from passing Australia's new law that will force telcos and ISPs to store customer metadata for at least two years. Journalists' metadata is not exempted from the retention law, but requires a warrant to access. The metadata of everyone else can be accessed by unspecified government agencies without a warrant however.

Read more of this story at Slashdot.

Micron and Intel Announce 3D NAND Flash Co-Development To Push SSDs Past 10TB

3/26/2015 5:38pm
MojoKid writes Both Micron and Intel noted in a release today that traditional planar NAND flash memory is reaching a dead-end, and as such, have been working together on 3D memory technology that could open the floodgates for high densities and faster speeds. Not all 3D memory is alike, however. This joint development effort resulted in a "floating gate cell" being used, something not uncommon for standard flash, but a first for 3D. Ultimately, this 3D NAND is composed of flash cells stacked 32 high, resulting in 256Gb MLC and 384Gb TLC die that fit inside of a standard package. That gives us 48GB per die, and up to 750GB in a single package. Other benefits include faster performance, reduced cost, and technologies that help extend the life of the memory.

Read more of this story at Slashdot.

Generate Memorizable Passphrases That Even the NSA Can't Guess

3/26/2015 4:59pm
HughPickens.com writes Micah Lee writes at The Intercept that coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you'll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion. But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You'll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You'll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like "cap liz donna demon self", "bang vivo thread duct knob train", and "brig alert rope welsh foss rang orb". If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second. After you've generated your passphrase, the next step is to commit it to memory.You should write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn't take more than two or three days before you no longer need the paper, at which point you should destroy it. "Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It's a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training."

Read more of this story at Slashdot.

'Bar Mitzvah Attack' Plagues SSL/TLS Encryption

3/26/2015 4:18pm
ancientribe writes Once again, SSL/TLS encryption is getting dogged by outdated and weak options that make it less secure. This time, it's the weak keys in the older RC4 crypto algorithm, which can be abused such that an attacker can sniff credentials or other data in an SSL session, according to a researcher who revealed the hack today at Black Hat Asia in Singapore. A slice: Bar Mitzvah exploits the weak keys used by RC4 and allows an attacker to recover plain text from the encrypted information, potentially exposing account credentials, credit card data, or other sensitive information. And unlike previous SSL hacks, this one doesn't require an active man-in-the-middle session, just passive sniffing or eavesdropping on SSL/TLS-encrypted connections, [researcher Itsik] Mantin says. But MITM could be used as well, though, for hijacking a session, he says.

Read more of this story at Slashdot.

MIT Debuts Integer Overflow Debugger

3/26/2015 3:56pm
msm1267 writes Students from M.I.T. have devised a new and more efficient way to scour raw code for integer overflows, the troublesome programming bugs that serve as a popular exploit vector for attackers and often lead to the crashing of systems. Researchers from the school's Computer Science and Artificial Intelligence Laboratory (CSAIL) last week debuted the platform dubbed DIODE, short for Directed Integer Overflow Detection. As part of an experiment, the researchers tested DIODE on code from five different open source applications. While the system was able to generate inputs that triggered three integer overflows that were previously known, the system also found 11 new errors. Four of the 11 overflows the team found are apparently still lingering in the wild, but the developers of those apps have been informed and CSAIL is awaiting confirmation of fixes.

Read more of this story at Slashdot.

RSA Conference Bans "Booth Babes"

3/26/2015 3:37pm
netbuzz writes In what may be a first for the technology industry, RSA Conference 2015 next month apparently will be bereft of a long-controversial trade-show attraction: "booth babes." New language in its exhibitor contract, while not using the term 'booth babe," leaves no doubt as to what type of salesmanship RSA wants left out of its event. Says a conference spokeswoman: "We thought this was an important step towards making all security professionals feel comfortable and equally respected during the show." Easier at a venue like RSA; the annual Consumer Electronics Show, not so much.

Read more of this story at Slashdot.

German Auto Firms Face Roadblock In Testing Driverless Car Software

3/26/2015 2:59pm
An anonymous reader writes As nations compete to build the first operational autonomous car, German auto-manufacturers fear that current domestic laws limit their efforts to test the appropriate software for self-driving vehicles on public roads. German carmakers are concerned that these roadblocks are allowing U.S. competitors, such as Google, to race ahead in their development of software designed to react effectively when placed in real-life traffic scenarios. Car software developers are particularly struggling to deal with the ethical challenges often raised on the road. For example when faced with the decision to crash into a pedestrian or another vehicle carrying a family, it would be a challenge for a self-driving car to follow the same moral reasoning a human would in the situation. 'Technologically we can do fully automated self-driving, but the ethical framework is missing,' said Volkswagen CEO Martin Winterkorn.

Read more of this story at Slashdot.

Is the Apple Watch a Useful Medical Device? (Video)

3/26/2015 2:18pm
Let's kill the suspense right away by answering the title question, 'Probably not.' For one thing, according to interviewee Alfred Poor, the Apple Watch is in no way linked to the Apple Research Kit. Dr. Poor is editor of the Health Tech Insider website, so he follows this kind of thing more carefully than most people. And the Apple watch is not the only device mentioned in this video (or transcript, if you prefer reading to listening). If you want to ruminate about the possibility of direct mind control, for instance, you need to know about the Thync, whose vendor calls it 'A groundbreaking wearable device that enables you to shift your state of mind in minutes.' They say it 'induces on-demand shifts in energy, calm, or focus.' It even has a 'pleasure' setting. Crank that to 11 and you might happily spend your days prone, being fed by a drip and emptied by a catheter, moving only when an attendant turns you over to keep bedsores from developing -- not that you'll care if they do -- as you spend the rest of your life in an artificially-induced joyful stupor.

Read more of this story at Slashdot.

NJ School District Hit With Ransomware-For-Bitcoins Scheme

3/26/2015 1:40pm
An anonymous reader sends news that unidentified hackers are demanding 500 bitcoins, currently worth about $128,000, from administrators of a New Jersey school district. Four elementary schools in Swedesboro-Woolwich School District, which enroll more than 1,700 students, are now locked out of certain tasks: "Without working computers, teachers cannot take attendance, access phone numbers or records, and students cannot purchase food in cafeterias. Also, [district superintendent Dr. Terry C. Van Zoeren] explained, parents cannot receive emails with students grades and other information." According to this blog post from security company BatBlue, the district has been forced to postpone the Common Core-mandated PARCC state exams, too. Small comfort: "Fortunately the Superintendent told CBS 3’s Walt Hunter the hackers, using a program called Ransomware, did not access any personal information about students, families or teachers." Perhaps the administrators can take heart: Ransomware makers are, apparently, starting to focus more on product support; payment plans are probably on the way.

Read more of this story at Slashdot.

What Makes the Perfect Gaming Mouse?

3/26/2015 1:00pm
An anonymous reader writes A new article looks at the advanced technology that goes into many gaming mice favoured by professional gamers, from dedicated processors to custom weights for the sake of ergonomics, discussing the developments with designers at three top peripheral companies: Logitech, Razer and SteelSeries. Surprisingly, some factors that were once thought to have reached the limit of their usefulness, such as DPI sensitivity, are becoming more important again as screens get bigger and we make the move to 4K resolution. ... "With the rise of higher resolution screens, especially looking into 4K multi monitor systems and beyond, DPI might become an important factor in the future again, so we are not ruling out changes in the maximum tracking rate," says Razer CEO Min-Liang Tan.

Read more of this story at Slashdot.

Many Password Strength Meters Are Downright Weak, Researchers Say

3/26/2015 12:21pm
alphadogg writes "Website password strength meters often tell you only what you want to hear rather than what you need to hear. That's the finding from researchers at Concordia University in Montreal, who examined the usefulness of those ubiquitous red-yellow-green password strength testers on websites run by big names such as Google, Yahoo, Twitter and Microsoft/Skype. The researchers used algorithms to send millions of 'not-so-good' passwords through these meters, as well as through the meters of password management services such as LastPass and 1Password, and were largely underwhelmed by what they termed wildly inconsistent results. Inconsistent can go both directions: I've seen password-strength meters that balked at absolutely everything (accepting weak passwords as good, after calling wildly long and random ones poor).

Read more of this story at Slashdot.

Facebook Sued For Alleged Theft of Data Center Design

3/26/2015 11:39am
itwbennett writes British engineering company BladeRoom Group says it contacted Facebook in 2011 about using its technique, which involves constructing data centers in a modular fashion from pre-fabricated parts. What happened next isn't clear, since much of the public version of BRG's lawsuit is redacted. But it claims Facebook ended up stealing its ideas and using them to build part of a data center in Lulea, Sweden, that opened last year. 'Facebook's misdeeds might never have come to light had it decided that simply stealing BRG's intellectual property was enough,' the company said in its lawsuit, filed Monday at the federal district court in San Jose, California. "Instead, Facebook went further when it decided to encourage and induce others to use BRG's intellectual property though an initiative created by Facebook called the 'Open Compute Project.'"

Read more of this story at Slashdot.

Jeremy Clarkson Dismissed From Top Gear

3/26/2015 11:00am
An anonymous reader writes According to BBC News, Jeremy Clarkson, longstanding main host for the automobile television show Top Gear, will not have his contract renewed. This decision came about two weeks after he was suspended due to an altercation with a Top Gear producer involving catering during filming for the show. Admittedly not the nerdiest news of the day, but it can be said that his thirteen-year run on the new format of Top Gear has interested many Slashdot users who love their cars and the entertainment that the show has brought to them.

Read more of this story at Slashdot.

Google Quietly Launches Data Saver Extension For Chrome

3/26/2015 10:45am
An anonymous reader writes Google has quietly released a Data Saver extension for Chrome, bringing the company's data compression feature to the desktop for the first time. You can download the extension, currently in beta, from the Chrome Web Store. We say "quietly" because there doesn't seem to be an announcement from Google. The extension was published on March 23 and appears to work exactly as advertised on the tin, based on what we've seen in our early tests.

Read more of this story at Slashdot.

NY Times: "All the News That Mark Zuckerberg Sees Fit To Print"?

3/26/2015 10:21am
theodp writes Two years ago, Politico caught Mark Zuckerberg's soon-to-be launched FWD.us PAC boasting how its wealthy tech exec backers would use their companies to 'control the avenues of distribution' for a political message in support of their efforts. Now, the NY Times is reporting that Facebook has been quietly holding talks with at least half a dozen media companies about hosting their content inside Facebook, citing a source who said the Times and Facebook are moving closer to a firm deal. Facebook declined to comment on specific discussions with publishers, but noted it had provided features to help publishers get better traction on Facebook, including tools unveiled in December that let them target their articles to specific groups of Facebook users. The new plan, notes the Times, is championed by Chris Cox, the top lieutenant to Facebook CEO Zuckerberg and a "major supporter" of FWD.us. Exploring Facebook's wooing of the media giants, the Christian Science Monitor asks if social media will control the future of news, citing concerns expressed by Fusion's Felix Salmon, who warns that as news sites sacrifice their brands to reach a wider audience, their incentives for accuracy and editorial judgment will disappear.

Read more of this story at Slashdot.

GNOME 3.16 Released

3/26/2015 9:35am
kthreadd writes Version 3.16 of GNOME, the primary desktop environment for GNU/Linux operating systems has been released. Some major new features in this release include a overhauled notification system, an updated design of the calendar drop down and support for overlay scrollbars. Also, the grid view in Files has been improved with bigger thumbnail icons, making the appearance more attractive and the rows easier to read. A video is available which demonstrates the new version.

Read more of this story at Slashdot.

Germanwings Plane Crash Was No Accident

3/26/2015 8:57am
hcs_$reboot writes The Germanwings plane crash takes a scary turn. After a couple of days investigation, it appears that the co-pilot requested control of the aircraft about 20 minutes into the flight. The pilot then left the cockpit, leaving the co-pilot in full control of the plane. Then, the co-pilot manually and "intentionally" set the plane on the descent that drove it into the mountainside in the southern French Alps. Co-pilot Andreas Lubitz, a 28-year-old German national, could be heard breathing throughout the plane's descent and was alive at the point of impact, according to the prosecutor.

Read more of this story at Slashdot.

Russian Official Proposes Road That Could Connect London To NYC

3/26/2015 8:05am
An anonymous reader writes There's great news coming out of Russia for epic road trip lovers. Russian Railways president Vladimir Yakunin has proposed building a highway that would reach from London to Alaska via Russia, a 13,000-mile stretch of road. "This is an inter-state, inter-civilization, project," the Siberian Times quoted Yakunin. "The project should be turned into a world 'future zone,' and it must be based on leading, not catching, technologies."

Read more of this story at Slashdot.

Amazon Blasts FAA On Drone Approvals, Regulations

3/26/2015 6:53am
itwbennett writes Late last week, Amazon was issued permission by the FAA to fly an experimental drone as part of its tests for a planned automatic delivery service but it came too late, Paul Misener, vice president of global public policy at Amazon, told lawmakers on Tuesday. 'The UAS [unmanned aircraft system] approved last week by the FAA has already become obsolete,' he said. As a result, Amazon has filed for permission to fly a more advanced drone—one that is already being flown in several countries including the U.K., said Misener, who was speaking at a hearing of the Senate Committee on commerce, science and transportation.

Read more of this story at Slashdot.

novalug.com