Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

High School Student Builds Gun That Unlocks With Your Fingerprint

Soulskill posted 13 hours ago | from the amazed-he-hasn't-been-expelled dept.

Security 392

An anonymous reader writes: Kai Kloepfer is a 17-year-old high school student from Colorado who just won the Smart Tech for Firearms Challenge. Kloepfer designed and built a smart gun that will only unlock and fire for users who supply the proper fingerprints. "The gun works by creating a user ID and locking in the fingerprint of each user allowed to use the gun. The gun will only unlock with the unique fingerprint of those who have already permission to access the gun. ... According to him, all user data is kept right on the gun and nothing is uploaded anywhere else so it would be pretty hard to hack." The gun can have up to 999 authorized users, and its accuracy at detecting fingerprints is 99.99%. For winning the challenge, he won $50,000 in funding to continue developing the smart gun. Some of the fund have already gone toward 3-D printing portions of the prototype.

City of Turin To Switch From Windows To Linux and Save 6M Euros

Soulskill posted 2 days ago | from the frugal-tux dept.

Government 232

jrepin writes: The municipality of Turin in Italy hopes to save 6 million Euro over five years by switching from Windows XP to Ubuntu Linux in all of its offices. The move will mean installing the open source operating system on 8,300 PCs, which will generate an immediate saving of roughly €300 per machine (almost €2.5m altogether, made up from the cost of Windows and Office licences) — a sum that will grow over the years as the need for the renewal of proprietary software licences vanishes, and the employees get used to the new machines.

Ask Slashdot: Advice On Building a Firewall With VPN Capabilities?

timothy posted 2 days ago | from the thick-pipes-and-sturdy-valves dept.

Networking 228

An anonymous reader writes "I currently connect to the internet via a standard router, but I'm looking at bulking up security. Could people provide their experiences with setting up a dedicated firewall machine with VPN capabilities? I am a novice at Linux/BSD, so would appreciate pointers at solutions that require relatively little tweaking. Hardware-wise, I have built PC's, so I'm comfortable with sourcing components and assembling into a case. The setup would reside in my living room, so a quiet solution is required. The firewall would handle home browsing and torrenting traffic. Some of the questions knocking around in my head: 1. Pros and cons of buying an off-the-shelf solution versus building a quiet PC-based solution? 2. Software- versus hardware-based encryption — pros and cons? 3. What are minimum requirements to run a VPN? 4. Which OS to go for? 5. What other security software should I include for maximum protection? I am thinking of anti-virus solutions."

L.A. TV Stations Free Up Some Spectrum For Wireless Broadband

timothy posted 2 days ago | from the slightly-less-waste dept.

Wireless Networking 79

alphadogg (971356) writes An effort to free up some of the airwaves used by TV broadcasts and make them available for wireless broadband took a big step forward this week in the U.S. Two TV stations in Los Angeles, KLCS and KCET, have agreed to share a single frequency to deliver their programming freeing up a channel that can be auctioned off to wireless carriers next year. The change, which the Federal Communications Commission calls "repackaging," is possible because digital TV broadcasts don't need the full 6MHz of broadcast spectrum that was used for analog TV.

Turning the Tables On "Phone Tech Support" Scammers

timothy posted 2 days ago | from the mouthwatering-shadenfreude dept.

Crime 204

mask.of.sanity writes A security pro has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, there's a problem with your computer" tech support scammers. The hack detailed in Matthew Weeks' technical post works from the end-user, meaning victims can send scammers the hijacking exploit when they request access to their machines. Victims should provide scammers with their external IP addresses rather than their Ammyy identity numbers as the exploit was not yet built to run over the Ammyy cloud, according to the exploit readme. This is much more efficient than just playing along but "accidentally" being unable to follow their instructions.

Mining iPhones and iCloud For Data With Forensic Tools

Soulskill posted 3 days ago | from the security-through-panic-and-news-articles dept.

Iphone 85

SternisheFan points out an article that walks us through the process of using forensic tools to grab data from iPhones and iCloud using forensic tools thought to have been employed in the recent celebrity photo leak. There are a number of ways to break into these devices and services depending on what kind of weakness an attacker has found. For example, if the attacked has possession of a target's iPhone, a simple command-line toolkit from Elcomsoft uses a jailbreak to bypass the iPhone's security. A different tool can extract iCloud data with access to a computer that has a local backup of a phone's data, or access to a computer that simply has stored credentials.

The discusses also details a method for spoofing device identification to convince iCloud to restore data to a device mimicking the target's phone. The author concludes, "Apple could go a long way toward protecting customer privacy just by adding a second credential to encrypt stored iCloud data. An encryption password could be used to decrypt the backup when downloaded to iTunes or to the device, or it could be used to decrypt the data as it is read by iCloud to stream down to the device."

5 Million Gmail Passwords Leaked, Google Says No Evidence Of Compromise

samzenpus posted 4 days ago | from the big-list dept.

Google 201

kierny writes After first appearing on multiple Russian cybercrime boards, a list of 5 million Google account usernames — which of course double as email usernames — are circulating via file-sharing sites. Experts say the information most likely didn't result from a hack of any given site, including Google, but was rather amassed over time, likely via a number of hacks of smaller sites, as well as via malware infections. Numerous commenters who have found their email addresses included in the list of exposed credentials say the included password appears to date from at least three years ago, if not longer. That means anyone who's changed their Google/Gmail password in the last three years is likely safe from account takeover.

Research Finds No Large-Scale Exploits of Heartbleed Before Disclosure

Soulskill posted 5 days ago | from the everyone-was-equally-ignorant dept.

Security 20

Trailrunner7 writes: In the days and weeks following the public disclosure of the OpenSSL Heartbleed vulnerability in April, security researchers and others wondered aloud whether there were some organizations – perhaps the NSA – that had known about the bug for some time and had been using it for targeted attacks. A definitive answer to that question may never come, but traffic data collected by researchers on several large networks shows no large-scale exploit attempts in the months leading up to the public disclosure.

"For all four networks, over these time periods our detector found no evidence of any exploit attempt up through April 7, 2014. This provides strong evidence that at least for those time periods, no attacker with prior knowledge of Heartbleed conducted widespread scanning looking for vulnerable servers. Such scanning however could have occurred during other time periods." That result also doesn't rule out the possibility that an attacker or attackers may have been doing targeted reconnaissance on specific servers or networks. The researchers also conducted similar monitoring of the four networks, and noticed that the first attempted exploits occurred within 24 hours of the OpenSSL disclosure.

Satoshi Nakamoto's Email Address Compromised

Soulskill posted 5 days ago | from the or-as-he-likes-to-be-called,-bitcoin-batman dept.

Bitcoin 63

ASDFnz writes: Satoshi Nakamoto, the respected (and currently missing) inventor of Bitcoin, seems to have had his email address compromised by an unknown agent. Satoshi exclusively used one email address when he was active in the Bitcoin community: satoshin@gmx.com. If you have a look at the original Bitcoin whitepaper (PDF), you will find it there at the top just under the title. He also usually signed his correspondence with his PGP signature. Earlier today, the head administrator of Bitcointalk, Theymos, received an email from Satoshi's email address that appeared to originate from GMX's servers. Theymos made a post on the Bitcointalk forums saying he had received an email from the address without Satoshi's PGP signature. Later, the unknown agent posted to other Satoshi accounts.

Home Depot Confirms Breach of Its Payment Systems

Soulskill posted 5 days ago | from the hackers-can-do-it.-we-can-help. dept.

Security 111

itwbennett writes: Home Depot confirmed Monday that its payment systems had been breached, potentially affecting any customers who shopped at its stores in the U.S. and Canada since April. There's no evidence yet that debit card PINs had been compromised, the company said, though it is still figuring out the scope and scale of the attacks. Home Depot is offering a free year of identity protection services for anyone who used a payment card in one of their stores since the beginning of April.

Why Google Is Pushing For a Web Free of SHA-1

Soulskill posted about a week ago | from the collision-course dept.

Encryption 108

An anonymous reader writes: Google recently announced Chrome will be gradually phasing out support for certificates using SHA-1 encryption. They said, "We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it." Developer Eric Mill has written up a post explaining why SHA-1 is dangerously weak, and why moving browsers away from acceptance of SHA-1 is a lengthy, but important process. Both Microsoft and Mozilla have deprecation plans in place, but Google's taking the additional step of showing the user that it's not secure. "This is a gutsy move by Google, and represents substantial risk. One major reason why it's been so hard for browsers to move away from signature algorithms is that when browsers tell a user an important site is broken, the user believes the browser is broken and switches browsers. Google seems to be betting that Chrome is trusted enough for its security and liked enough by its users that they can withstand the first mover disadvantage. Opera has also backed Google's plan. The Safari team is watching developments and hasn't announced anything."

Comcast Using JavaScript Injection To Serve Ads On Public Wi-Fi Hotspots

Soulskill posted about a week ago | from the perfectly-in-character dept.

Advertising 229

An anonymous reader writes: For some time now, Comcast has setting up public Wi-Fi hotspots, some of which are run on the routers of paying subscribers. The public hotspots are free, but not without cost: Comcast uses JavaScript to inject self-promotional ads into the pages served to users. "Security implications of the use of JavaScript can be debated endlessly, but it is capable of performing all manner of malicious actions, including controlling authentication cookies and redirecting where user data is submitted. ... Even if Comcast doesn't have any malicious intent, and even if hackers don't access the JavaScript, the interaction of the JavaScript with websites could "create" security vulnerabilities in websites, [EFF technologist Seth Schoen] said. "Their code, or the interaction of code with other things, could potentially create new security vulnerabilities in sites that didn't have them," Schoen said."

Nonprofit Builds Salesforce Cloud For the Blind

samzenpus posted about a week ago | from the build-it-better dept.

Cloud 13

Gamoid writes When we talk about "accessibility" in tech, we're usually talking about things like mobile apps and API compatibility. But for the sizable percentage of the world's population with vision impairment or full blindness, "accessibility" means they can use a computer, phone, tablet, or whatever, in a way that's comfortable for them. There have been great strides in that area, but it's still a tremendous challenge. So it's worth pausing to appreciate the work that the 99-year-old Bosma Enterprises, an Indiana-based nonprofit with the mission of reducing the 70 percent unemployment rate among the visually impaired and blind, has put into building out an enterprise cloud -- based primarily on Salesforce, with a handful of other applications built in -- that can be used by people with any level of sightedness across any line of business.

Feds Say NSA "Bogeyman" Did Not Find Silk Road's Servers

samzenpus posted about a week ago | from the try-and-try-again dept.

The Courts 142

An anonymous reader writes The secret of how the FBI pinpointed the servers allegedly used by the notorious Silk Road black market website has been revealed: repeated login attempts. In a legal rebuttal, the FBI claims that repeatedly attempting to login to the marketplace revealed its host location. From the article: "As they typed 'miscellaneous' strings of characters into the login page's entry fields, Tarbell writes that they noticed an IP address associated with some data returned by the site didn't match any known Tor 'nodes,' the computers that bounce information through Tor's anonymity network to obscure its true source. And when they entered that IP address directly into a browser, the Silk Road's CAPTCHA prompt appeared, the garbled-letter image designed to prevent spam bots from entering the site. 'This indicated that the Subject IP Address was the IP address of the SR Server,' writes Tarbell in his letter, 'and that it was "leaking" from the SR Server because the computer code underlying the login interface was not properly configured at the time to work on Tor.'"

Some Core I7 5960X + X99 Motherboards Mysteriously Burning Up

timothy posted about a week ago | from the think-of-it-as-a-feature dept.

Bug 102

An anonymous reader writes "Intel's Haswell-E Eight-Core CPU and X99 motherboards just debuted but it looks like there may be some early adoption troubles leading to the new, ultra-expensive X99 motherboards and processors burning up. Phoronix first ran a story about their X99 motherboard having a small flame and smoke when powering up for the first time and then Legit Reviews also ran an article about their motherboard going up in smoke for reasons unknown. The RAM, X99 motherboards, and power supplies were different in these two cases. Manufacturers are now investigating and in at least the case of LR their Core i7-5960X also fried in the process."

Ask Slashdot: Remote Server Support and Monitoring Solution?

timothy posted about a week ago | from the how-would-you-do-it? dept.

Software 137

New submitter Crizzam writes I have about 500 clients which have my servers installed in their data centers as a hosted solution for time & attendance (employee attendance / vacation / etc). I want to actively monitor all the client servers from my desktop, so know when a server failure has occurred. I am thinking I need to trap SNMP data and collect it in a dashboard. I'd also like to have each client connect to my server via HTTP tunnel using something like OpenVPN. In this way I maintain a site-site tunnel open so if I need to access my server remotely, I can. Any suggestions as to the technology stack I should put together to pull off this task? I was looking at Zabbix / Nagios for SNMP monitoring and OpenVPN for the other part. What else should I include? How does one put together a good remote monitoring / access solution that clients can live with and will still allow me to offer great proactive service to my servers located on-site?

IT Job Hiring Slumps

timothy posted about a week ago | from the so-many-variables dept.

Programming 249

snydeq writes The IT job hiring bump earlier this year wasn't sustained in July and August, when numbers slumped considerably, InfoWorld reports. 'So much for the light at the end of the IT jobs tunnel. According to job data released by the Bureau of Labor Statistics, as analyzed by Janco Associates, the IT professional job market has all but lost the head of steam it built up earlier this year. A mere 3,400 IT jobs were added in August, down from 4,600 added for July and way down from the 13,800 added in April of this year. Overall, IT hiring in 2014 got off to a weak start, then surged, only to stumble again.' Anybody out there finding the IT job market discouraging of late and care to share their experiences?

Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted

Soulskill posted about two weeks ago | from the 2048-bits-ought-to-be-enough-for-anyone dept.

Security 67

msm1267 writes: Mozilla has deprecated 1024-bit RSA certificate authority certificates in Firefox 32 and Thunderbird. While there are pluses to the move such as a requirement for longer, stronger keys, at least 107,000 websites will no longer be trusted by Mozilla. Data from HD Moore's Project Sonar, which indexes more than 20 million websites, found 107,535 sites using a cert signed by what will soon be an untrusted CA certificate. Grouping those 107,000-plus sites by certificate expiration date, the results show that 76,185 certificates had expired as of Aug. 25; of the 65 million certificates in the total scan, 845,599 had expired but were still in use as of Aug. 25, Moore said.

UCLA, CIsco & More Launch Consortium To Replace TCP/IP

timothy posted about two weeks ago | from the still-involves-controls-and-protocols dept.

Networking 253

alphadogg writes Big name academic and vendor organizations have unveiled a consortium this week that's pushing Named Data Networking (NDN), an emerging Internet architecture designed to better accommodate data and application access in an increasingly mobile world. The Named Data Networking Consortium members, which include universities such as UCLA and China's Tsinghua University as well as vendors such as Cisco and VeriSign, are meeting this week at a two-day workshop at UCLA to discuss NDN's promise for scientific research. Big data, eHealth and climate research are among the application areas on the table. The NDN effort has been backed in large part by the National Science Foundation, which has put more than $13.5 million into it since 2010.

Hackers Break Into HealthCare.gov

samzenpus posted about two weeks ago | from the our-bad dept.

Security 150

mpicpp is one of many to point out that hackers broke into the HealthCare.gov website in July and uploaded malicious software. "Hackers silently infected a Healthcare.gov computer server this summer. But the malware didn't manage to steal anyone's data, federal officials say. On Thursday, the Health and Human Services Department, which manages the Obamacare website, explained what happened. And officials stressed that personal information was never at risk. "Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," HHS spokesman Kevin Griffis said. But it was a close call, showing just how vulnerable computer systems can be. It all happened because of a series of mistakes. A computer server that routinely tests portions of the website wasn't properly set up. It was never supposed to be connected to the Internet — but someone had accidentally connected it anyway. That left it open to attack, and on July 8, malware slipped past the Obamacare security system, officials said.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>