Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Bangladesh Considers Building World's 5th-largest Data Center In Earthquake Zone

samzenpus posted 6 hours ago | from the whole-lot-of-shaking-going-on dept.

Data Storage 46

An anonymous reader writes with news about a government plan to build a Tier IV data center in an earthquake prone district of Bangladesh. The Bangladesh Ministry of Information is considering the establishment of a Tier 4 data centre in Kaliakair, in the Gazipur region, an ambitious build which would constitute the fifth largest data centre in the world, if completed. And if it survives – the site planned for the project is prone to earthquakes. Earthquake activity in the environs is discouraging, with one nearby earthquake seven months ago in Ranir Bazar (3.8), and no less than ten within the same tectonic zone over the last three years, the largest of which measured 4.5 on the Richter scale.

Leaked Docs Reveal List of 30 Countries Hacked On Orders of FBI Informant Sabu

samzenpus posted 10 hours ago | from the naming-names dept.

United States 59

blottsie writes A Federal Bureau of Investigation informant targeted more than two dozen countries in a series of high-profile cyberattacks in 2012. The names of many of those countries have remained secret, under seal by a court order—until now. A cache of leaked IRC chat logs and other documents obtained by the Daily Dot reveals the 30 countries—including U.S. partners, such as the United Kingdom and Australia—tied to cyberattacks carried out under the direction of Hector Xavier Monsegur, better known as Sabu, who served as an FBI informant at the time of the attacks.

Obama Administration Argues For Backdoors In Personal Electronics

samzenpus posted yesterday | from the let-us-in dept.

Security 466

mi writes Attorney General Eric Holder called it is "worrisome" that tech companies are providing default encryption on consumer electronics, adding that locking authorities out of being able to access the contents of devices puts children at risk. “It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy,” Holder said at a conference on child sexual abuse, according to a text of his prepared remarks. “When a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children. It is worrisome to see companies thwarting our ability to do so.”

iOS Trojan Targets Hong Kong Protestors

samzenpus posted yesterday | from the protect-ya-neck dept.

IOS 63

First time accepted submitter Kexel writes Security researchers have claimed to discover the first Apple iOS Trojan attack in a move to thwart the communications of pro-democracy Hong Kong activists. From the article: "The malicious software, known as Xsser, is capable of stealing text messages, photos, call logs, passwords and other data from Apple mobile devices, researchers with Lacoon Mobile Security said on Tuesday. They uncovered the spyware while investigating similar malware for Google Inc's Android operating system last week that also targeted Hong Kong protesters. Anonymous attackers spread the Android spyware via WhatsApp, sending malicious links to download the program, according to Lacoon. It is unclear how iOS devices get infected with Xsser, which is not disguised as an app."

Back To Faxes: Doctors Can't Exchange Digital Medical Records

Soulskill posted yesterday | from the have-you-tried-paper-airplanes dept.

Communications 225

nbauman writes: Doctors with one medical records system can't exchange information with systems made by other vendors, including those at their own hospitals, according to the New York Times. One ophthalmologist spent half a million dollars on a system, but still needs to send faxes to get the information where it needs to go. The largest vendor is Epic Systems, Madison, WI, which holds almost half the medical records in the U.S. A report from RAND described Epic as a "closed" platform that made it "challenging and costly" for hospitals to interconnect.

The situation is bad for patients and costly for medical works: if doctors can't exchange records, they'll face a 1% Medicare penalty, and UC Davis alone has a staff of 22 dedicated to communication. On top of that, Epic charges a fee to send data to some non-Epic systems. Congress has held hearings on the matter, and Epic has hired a lobbyist. Epic's founder, billionaire computer science major Judith Faulkner, said that Epic was one of the first to establish code and standards for secure interchange, which included user authentication provisions and a legally binding contract. She said the federal government, which gave $24 billion in incentive payments to doctors for computerization, should have done that. The Office of the National Coordinator for Health Information Technology said that it was a "top priority" and just recently wrote a 10-year vision statement and agenda for it.

Hundreds of Police Agencies Distributing Spyware and Keylogger

Soulskill posted yesterday | from the you-can-trust-us dept.

Electronic Frontier Foundation 69

realized sends this news from the EFF: For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the "first step" in protecting their children online. ... As official as it looks,ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies. The way ComputerCOP works is neither safe nor secure. It isn't particularly effective either, except for generating positive PR for the law enforcement agencies distributing it.

As security software goes, we observed a product with a keystroke-capturing function, also called a "keylogger," that could place a family's personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. EFF conducted a security review of ComputerCOP while also following the paper trail of public records to see how widely the software has spread. Based on ComputerCOP's own marketing information, we identified approximately 245 agencies in more than 35 states, plus the U.S. Marshals, that have used public funds (often the proceeds from property seized during criminal investigations) to purchase and distribute ComputerCOP. One sheriff's department even bought a copy for every family in its county.

China Worried About Terrorist Pigeons

Soulskill posted yesterday | from the lesser-known-cousin-to-carrier-pigeons dept.

China 90

An anonymous reader writes: A pleasant event was planned for the 65th anniversary of the founding of the People's Republic of China. A ceremony at Tiananmen Square would release 10,000 pigeons at sunrise to symbolize an era of peace. Unfortunately, even symbols of peace can apparently remind people of violence. Chinese authorities searched all 10,000 pigeons for "dangerous materials," after the government was concerned they might be used for attacks. The pigeons' feathers were checked, and they were given a cavity search as well. The reports did not indicate what kind of "dangerous materials" these pigeons might be carrying. It's unclear whether any pigeons disclosed terror plots under interrogation.

Linux Foundation Announces Major Network Functions Virtualization Project

Soulskill posted 2 days ago | from the building-future-tech dept.

Open Source 40

Andy Updegrove writes: The Linux Foundation this morning announced the latest addition to its family of major hosted open source initiatives: the Open Platform for NFV Project (OPNFV). Its mission is to develop and maintain a carrier-grade, integrated, open source reference platform for the telecom industry. Importantly, the thirty-eight founding members include not only cloud and service infrastructure vendors, but telecom service providers, developers and end users as well. The announcement of OPNFV highlights three of the most significant trends in IT: virtualization (the NFV part of the name refers to network function virtualization), moving software and services to the cloud, and collaboratively developing complex open source platforms in order to accelerate deployment of new business models while enabling interoperability across a wide range of products and services. The project is also significant for reflecting a growing recognition that open source projects need to incorporate open standards planning into their work programs from the beginning, rather than as an afterthought.

Microsoft's Asimov System To Monitor Users' Machines In Real Time

timothy posted 2 days ago | from the all-persons-who-enter-herein dept.

Stats 266

SmartAboutThings writes Microsoft will monitor users in the new Windows 9 Operating System in order to determine how the new OS is used, thus decide what tweaks and changes are need to be made. During Windows 8 testing, Microsoft said that they had data showing Start Menu usage had dropped, but it seems that the tools they were using at the time weren't as evolved as the new 'Asimov' monitor. The new system is codenamed 'Asimov' and will provide a near real-time view of what is happening on users' machines. Rest assured, the data is going to be obscured and aggregated, but intelligible enough to allow Microsoft to get detailed insights into user interactions with the OS. Mary Jo Foley says that the system was originally built by the Xbox Team and now is being used by the Windows team. Users who will download the technical preview of Windows 9, which is said to get unveiled today, will become 'power users' who will utilize the platform in unique scenarios. This will help Microsoft identify any odd bugs ahead of the final release.

Apple Fixes Shellshock In OS X

timothy posted 2 days ago | from the that's-mac-os-x-to-you-buddy dept.

Bug 164

jones_supa (887896) writes Apple has released the OS X Bash Update 1.0 for OS X Mavericks, Mountain Lion, and Lion, a patch that fixes the "Shellshock" bug in the Bash shell. Bash, which is the default shell for many Linux-based operating systems, has been updated two times to fix the bug, and many Linux distributions have already issued updates to their users. When installed on an OS X Mavericks system, the patch upgrades the Bash shell from version 3.2.51 to version 3.2.53. The update requires the OS X 10.9.5, 10.8.5, or 10.7.5 updates to be installed on the system first. An Apple representative told Ars Technica that OS X Yosemite, the upcoming version of OS X, will receive the patch later.

FBI Plans To Open Up Malware Analysis Tool To Outside Researchers

Soulskill posted 2 days ago | from the definitely-totally-detects-fbi-malware-totally-definitely dept.

Security 28

Trailrunner7 writes: The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. Once a file is uploaded, the system runs it through a cluster of antimalware engines, somewhat akin to the way that Virus Total handles submissions, and returns a wide variety of information about the file.

Users can see what the detection rate is among AV engines, network connection attempts, whether the file has been seen by the system before, destination and source IP addresses and what protocols it uses.Right now, Malware Investigator is able to analyze Windows executables, PDFs and other common file types. But Burns said that the bureau is hoping to expand the portal's reach in the near future. "We are going to be doing dynamic analysis of Android files, with an eye toward other operating systems and executables soon," he said.

CloudFlare Announces Free SSL Support For All Customers

Soulskill posted 2 days ago | from the big-step-in-the-right-direction dept.

Cloud 66

Z80xxc! writes: CloudFlare, a cloud service that sits between websites and the internet to provide a CDN, DDOS and other attack prevention, speed optimization, and other services announced today that SSL will now be supported for all customers, including free customers. This will add SSL support to approximately 2 million previously unprotected websites. Previously SSL was only available to customers paying at least $20/month for a "Pro" plan or higher.

Browsers connect to CloudFlare's servers and receive a certificate provided by CloudFlare. CloudFlare then connects to the website's server to retrieve the content, serving as a sort of reverse proxy. Different security levels allow CloudFlare to connect to the website host using no encryption, a self-signed certificate, or a verified certificate, depending on the administrator's preferences. CloudFlare's servers will use SNI for free accounts, which is unsupported for IE on Windows XP and older, and Android Browser on Android 2.2 and older.

Tor Executive Director Hints At Firefox Integration

Soulskill posted 2 days ago | from the foxes-love-onions dept.

Encryption 115

blottsie writes: Several major tech firms are in talks with Tor to include the software in products that can potentially reach over 500 million Internet users around the world. One particular firm wants to include Tor as a "private browsing mode" in a mainstream Web browser, allowing users to easily toggle connectivity to the Tor anonymity network on and off. "They very much like Tor Browser and would like to ship it to their customer base," Tor executive director Andrew Lewman wrote, explaining the discussions but declining to name the specific company. "Their product is 10-20 percent of the global market, this is of roughly 2.8 billion global Internet users." The product that best fits Lewman's description, by our estimation, is Mozilla Firefox, the third-most popular Web browser online today and home to, you guessed it, 10 to 20 percent of global Internet users.

CEO of Spyware Maker Arrested For Enabling Stalkers

Soulskill posted 2 days ago | from the reaping-what-you-sow dept.

Crime 194

An anonymous reader writes: U.S. authorities have arrested and indicted the CEO of a mobile software company for selling spyware that enables "stalkers and domestic abusers." The U.S. Department of Justice accuses the man of promoting and selling software that can "monitor calls, texts, videos and other communications on mobile phones without detection." The agency pointed out this is the first criminal case based on mobile spyware, and promised to aggressively pursue makers of similar software in the future. Here's the legal filing (PDF). The FBI, with approval from a District Court, has disabled the website hosting the software.

"The indictment alleges that StealthGenie's capabilities included the following: it recorded all incoming/outgoing voice calls; it intercepted calls on the phone to be monitored while they take place; it allowed the purchaser to call the phone and activate it at any time to monitor all surrounding conversations within a 15-foot radius; and it allowed the purchaser to monitor the user's incoming and outgoing e-mail messages and SMS messages, incoming voicemail messages, address book, calendar, photographs, and videos. All of these functions were enabled without the knowledge of the user of the phone."

Man Walks Past Security Screening Staring At iPad, Causing Airport Evacuation

samzenpus posted 2 days ago | from the paying-attention dept.

Australia 216

First time accepted submitter chentiangemalc writes While Australia is on "high alert" for terror threats a man walked past a Sydney Airport security screening while engrossed in his iPad and delayed flights for an hour. From the article: "This event was captured on CCTV and unnerved officials so much that they evacuated passengers. As the Sydney Morning Herald reported, the man found himself (or, perhaps, didn't) going into the terminal through an exit passage that clearly was convenient for him, but less convenient for the hordes of passengers who not only had to be removed from Terminal 3, but also re-screened. A spokeswoman for Qantas told the Morning Herald: 'The man disembarked a flight and left. It appears he wasn't paying attention, was looking at his iPad, forgot something and walked back past (the security area).'"

Bash To Require Further Patching, As More Shellshock Holes Found

samzenpus posted 2 days ago | from the protect-ya-neck dept.

Security 326

Bismillah writes Google security researcher Michael 'lcamtuf' Zalewski says he's discovered a new remote code execution vulnerability in the Bash parser (CVE-2014-6278) that is essentially equivalent to the original Shellshock bug, and trival to exploit. "The first one likely permits remote code execution, but the attack would require a degree of expertise to carry out," Zalewski said. "The second one is essentially equivalent to the original flaw, trivially allowing remote code execution even on systems that deployed the fix for the initial bug," he added.

Ask Slashdot: Multimedia-Based Wiki For Learning and Business Procedures?

samzenpus posted 3 days ago | from the a-little-help-please dept.

Businesses 97

kyle11 writes I'm scratching my head at how to develop a decent wiki for a large organization I work in. We support multiple technologies, across multiple locations, and have ways of doing things that become exponentially convoluted. I give IT training to many of these users for a particular technology, and other people do for other stuff as well. Now, I hate wikis because everyone who did one before failed and gave them a bad name. If it starts wrong, it is doomed to failure and irrelevance.

What I'm looking for would be something like a Wiki with YouTube built in — make a playlist of videos with embedded links for certain job based tasks. And reuse and recycle those videos in other playlists of other tasks as they may be applicable. It would go beyond the actual IT we work with and would include things like, "Welcome to working in this department. Here are 20 videos detailing stupid procedures you need to go through to request access to customers' systems/networks/databases to even think about doing your job." I tried MediaWiki and Xwiki, and maybe I'm doing it wrong, but I can't seem to find a way to tweak them to YouTube-level simplicity for anyone to contribute to without giving up on the thing because its' a pain in the butt.

My only real requirement is that it not be cloud-based because it will contain certain sensitive information and I'd like it all to live on one virtual machine if at all possible. I can't be the only one with this problem of enabling many people to contribute and sort their knowledge without knowing how an HTML tag works, or copying files into something more complicated than a web browser. What approaches have any of you out there taken to trying to solve a similar problem?

At CIA Starbucks, Even the Baristas Are Covert

samzenpus posted 3 days ago | from the secret-coffee dept.

Security 241

An anonymous reader writes with this interesting story about what it's like to work at “Store Number 1,” the CIA's Starbucks. The new supervisor thought his idea was innocent enough. He wanted the baristas to write the names of customers on their cups to speed up lines and ease confusion, just like other Starbucks do around the world. But these aren't just any customers. They are regulars at the CIA Starbucks. "They could use the alias 'Polly-O string cheese' for all I care," said a food services supervisor at the Central Intelligence Agency, asking that his identity remain unpublished for security reasons. "But giving any name at all was making people — you know, the undercover agents — feel very uncomfortable. It just didn't work for this location."

Ask Slashdot: Software Issue Tracking Transparency - Good Or Bad?

samzenpus posted 3 days ago | from the to-show-them-or-not-to-show-them dept.

Businesses 158

First time accepted submitter Mike Sheen writes I'm the lead developer for an Australian ERP software outfit. For the last 10 years or so we've been using Bugzilla as our issue tracking system. I made this publicly available to the degree than anyone could search and view bugs. Our software is designed to be extensible and as such we have a number of 3rd party developers making customization and integrating with our core product.

We've been pumping out builds and publishing them as "Development Stream (Experimental / Unstable" and "Release Stream (Stable)", and this is visible on our support site to all. We had been also providing a link next to each build with the text showing the number of bugs fixed and the number of enhancements introduced, and the URL would take them to the Bugzilla list of issues for that milestone which were of type bug or enhancement.

This had been appreciated by our support and developer community, as they can readily see what issues are addressed and what new features have been introduced. Prior to us exposing our Bugzilla database publicly we produced a sanitized list of changes — which was time consuming to produce and I decided was unnecessary given we could just expose the "truth" with simple links to the Bugzilla search related to that milestone.

The sales and marketing team didn't like this. Their argument is that competitors use this against us to paint us as producers of buggy software. I argue that transparency is good, and beneficial — and whilst our competitors don't publish such information — but if we were to follow our competitors practices we simply follow them in the race to the bottom in terms of software quality and opaqueness.

In my opinion, transparency of software issues provides:

Identification of which release or build a certain issue is fixed.
Recognition that we are actively developing the software.
Incentive to improve quality controls as our "dirty laundry" is on display.
Information critical to 3rd party developers.
A projection of integrity and honesty.

I've yielded to the sales and marketing demands such that we no longer display the links next to each build for fixes and enhancements, and now publish "Development Stream (Experimental / Unstable" as simply "Development Stream") but I know what is coming next — a request to no longer make our Bugzilla database publicly accessible. I still have the Bugzilla database publicly exposed, but there is now only no longer the "click this link to see what we did in this build".

A compromise may be to make the Bugzilla database only visible to vetted resellers and developers — but I'm resistant to making a closed "exclusive" culture. I value transparency and recognize the benefits. The sales team are insistent that exposing such detail is a bad thing for sales.

I know by posting in a community like Slashdot that I'm going to get a lot of support for my views, but I'm also interested in what people think about the viewpoint that such transparency could be bad thing.

NVIDIA Begins Requiring Signed GPU Firmware Images

Soulskill posted 4 days ago | from the always-looking-out-for-the-little-guy dept.

Graphics 189

An anonymous reader writes: In a blow to those working on open-source drivers, soft-mods for enhancing graphics cards, and the Chinese knock-offs of graphics cards, NVIDIA has begun signing and validating GPU firmware images. With the latest-generation Maxwell GPUs, not all engine functionality is being exposed unless the hardware detects the firmware image was signed by NVIDIA. This is a setback to the open-source Nouveau Linux graphics driver but they're working towards a solution where NVIDIA can provide signed, closed-source firmware images to the driver project for redistribution. Initially the lack of a signed firmware image will prevent some thermal-related bits from being programmed but with future hardware the list of requirements is expected to rise.

Slashdot Login

Need an Account?

Forgot your password?