Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Critical Zen Cart Vulnerability Could Spell Black Friday Disaster For Shoppers ( 53

Mark Wilson writes: It's around this time of year, with Black Friday looming and Christmas just around the corner, that online sales boom. Today security firm High-Tech Bridge has issued a warning to retailers and shoppers about a critical vulnerability in the popular Zen Cart shopping management system. High-Tech Bridge has provided Zen Cart with full details of the security flaw which could allow remote attackers to infiltrate web servers and gain access to customer data. Servers running Zen Cart are also at risk of malware, meaning that hundreds of thousands of ecommerce sites pose a potential danger. Technical details of the vulnerability are not yet being made public, but having notified Zen Cart of the issue High-Tech Bridge says the date of full public disclosure is 16 December.

New Wearable Tech Translates Sign Language Into Text ( 32

An anonymous reader writes: A new wearable technology developed by a team of biomedical engineers at Texas A&M University seeks to aid seamless communication between deaf people who use sign language and those who do not understand it. The arm device contains a network of sensors which track hand movements, as well as the electromyography (EMG) signals generated by the muscles in the wrist, and process and translate the different signals into text in real-time.The prototype currently uses Bluetooth to translate the sign language to a computer or smartphone.

What Is the Future of the Television? ( 212

An anonymous reader writes: Benedict Evans has an interesting post about where television hardware is headed. In the 1990s and early 2000s, the tech industry made a huge push to invade the living room, trying to make the internet mesh with traditional TV broadcasts. As we all know, their efforts failed. Now, we periodically see new waves of devices to attach to the TV, but none have been particularly ambitious. The most successful devices of the recent wave, like the Chromecast and Apple TV, are simply turning the TV into a dumb screen for streamed content. Meanwhile, consumption of all types of video content is growing on smaller screens — tablets, phones, etc. Even game consoles are starting to see their market eroded by boxes like the Steam Link, which acts as a pipe for a game being played elsewhere on a PC. It raises an intriguing question: where is the television headed? What uses and functions does one giant screen serve that can't be cleverly redistributed to smaller screens? Evans concludes, "The web's open, permissionless innovation beat the closed, top-down visions of interactive TV and the information superhighway."
Electronic Frontier Foundation

Judge Wipes Out Safe Harbor Provision In DMCA, Makes Cox Accomplice of Piracy ( 221

SysKoll writes: The DMCA is well-known for giving exorbitant powers to copyright holders, such as taking down a page or a whole web site without a court order. Media companies buy services from vendors like Rightscorp, a shake-down outfit that issues thousands of robot-generated take-down notices and issues threats against ISPs and sites ignoring them. Cox, like a lot of ISPs, is inundated with abusive take-down notices, in particular from Rightscorp. Now, BMG Rights Management and Round Hill Music are suing Cox for refusing to shut off the Internet access of subscribers that Rightscorp accused of downloading music via BitTorrent. Cox argues that as an ISP, they benefit from the Safe Harbor provision that shields access providers from subscribers' misbehavior. Not so, says U.S. District Judge Liam O'Grady. The judge sided with the media companies ahead of trial, saying Cox should have terminated the repeat offenders accused by Rightscorp. Cox's response is quite entertaining for a legal document (PDF): its description of Rightscorp includes the terms "shady," "shake-down," and "pay no attention to the facts." O'Grady also derided the Electronic Frontier Foundation's attempt to file an amicus brief supporting Cox, calling them hysterical crybabies.
The Military

Fake Bomb Detector, Blamed For Hundreds of Deaths, Is Still In Use 151 writes: Murtaza Hussain writes at The Intercept that although it remains in use at sensitive security areas throughout the world, the ADE 651 is a complete fraud and the ADE-651's manufacturer sold it with the full knowledge that it was useless at detecting explosives. There are no batteries in the unit and it consists of a swivelling aerial mounted to a hinge on a hand-grip. The device contains nothing but the type of anti-theft tag used to prevent stealing in high street stores and critics have likened it to a glorified dowsing rod.

The story of how the ADE 651 came into use involves the 2003 U.S. invasion of Iraq. At the height of the conflict, as the new Iraqi government battled a wave of deadly car bombings, it purchased more than 7,000 ADE 651 units worth tens of millions of dollars in a desperate effort to stop the attacks. Not only did the units not help, the device actually heightened the bloodshed by creating "a false sense of security" that contributed to the deaths of hundreds of Iraqi civilians. A BBC investigation led to a subsequent export ban on the devices.

The device is once again back in the news as it was reportedly used for security screening at hotels in the Egyptian resort city of Sharm el-Sheikh where a Russian airliner that took off from that city's airport was recently destroyed in a likely bombing attack by the militant Islamic State group. Speaking to The Independent about the hotel screening, the U.K. Foreign Office stated it would "continue to raise concerns" over the use of the ADE 651. James McCormick, the man responsible for the manufacture and sale of the ADE 651, received a 10-year prison sentence for his part in manufacture of the devices, sold to Iraq for $40,000 each. An employee of McCormick who later became a whistleblower said that after becoming concerned and questioning McCormick about the device, McCormick told him the ADE 651 "does exactly what it's designed to. It makes money."

Can Full-Time Tech Workers Survive the Gig Economy? ( 167

Nerval's Lobster writes: By some measures, more than 40 percent of U.S. workers will be independent in 2020. Today, that number stands at 34 percent, according to the Freelancer's Union. By all accounts, the trend seems widespread enough to indicate that tech pros should prepare themselves for the dynamics of a world that depends more on contingent work. The question isn't whether the tech world will see an increasing prevalence of 'gigs,' rather than full-time positions; it's whether those in full-time positions can easily keep their jobs when there's pressure to farm it out cheaply and easily to freelancers. Or will the need for people who can see projects through the long term prevent the 'gig economy' from radically changing the tech industry?

Ask Slashdot: What Single Change Would You Make To a Tech Product? 491

An anonymous reader writes: We live in an age of sorcery. The supercomputers in our pockets are capable of doing things it took armies of humans to accomplish even a hundred years ago. But let's face it: we're also complainers at heart. For every incredible, revolutionary device we use, we can find something that's obviously wrong with it. Something we'd instantly fix if we were suddenly put in charge of design. So, what's at the top of your list? Hardware, software, or service — don't hold back.

Here's an example: over the past several years, e-readers have standardized on 6-inch screens. For all the variety that exists in smartphone and tablet sizing, the e-reader market has decided it must copy the Kindle form factor or die trying. Having used an e-reader before all this happened, I found a 7-8" e-ink screen to be an amazingly better reading experience. Oh well, I'm out of luck. It's not the worst thing in the world, but I'd fix it immediately if I could.

New IBM Tech Lets Apps Authenticate You Without Personal Data ( 27

itwbennett writes: IBM's Identity Mixer allows developers to build apps that can authenticate users' identities without collecting personal data. Specifically, Identity Mixer authenticates users by asking them to provide a public key. Each user has a single secret key, and it corresponds with multiple public keys, or identities. IBM announced on Friday that Identity Mixer is now available to developers on its Bluemix cloud platform.
United States

US and China Setting Up "Space Hotline" ( 15

Taco Cowboy writes: Washington and Beijing have established an emergency 'space hotline' to reduce the risk of accidental conflict. Several international initiatives are already in train to seal a space treaty to avoid a further build-up of weapons beyond the atmosphere. However, security experts say the initiatives have little chance of success. A joint Russia-China proposal wending its way through the UN was not acceptable to the US. An EU proposal, for a "code of conduct" in space, was having diplomatic "difficulties" but was closer to Washington's position.

Blackberry Offers 'Lawful Device Interception Capabilities' ( 137

An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" for government surveillance. BlackBerry COO Marty Beard as much at a recent IT summit. He declined to explain how the interception works, but he denied the phones would contain "backdoors" and said governments would have no direct access to BlackBerry servers. The company may see this as a way to differentiate themselves from the competition.
The Courts

Judge: Stingrays Are 'Simply Too Powerful' Without Adequate Oversight ( 111

New submitter managerialslime sends news that an Illinois judge has issued new requirements the government must meet before it can use cell-site simulators, a.k.a. "stingrays," to monitor the communications of suspected criminals. While it's likely to set precedent for pushing back against government surveillance powers, the ruling is specific to the Northern District of Illinois for now. What is surprising is Judge Johnston’s order to compel government investigators to not only obtain a warrant (which he acknowledges they do in this case), but also to not use them when "an inordinate number of innocent third parties’ information will be collected," such as at a public sporting event. This first requirement runs counter to the FBI’s previous claim that it can warrantlessly use stingrays in public places, where no reasonable expectation of privacy is granted. Second, the judge requires that the government "immediately destroy" collateral data collection within 48 hours (and prove it to the court). Finally, Judge Johnston also notes: "Third, law enforcement officers are prohibited from using any data acquired beyond that necessary to determine the cell phone information of the target. A cell-site simulator is simply too powerful of a device to be used and the information captured by it too vast to allow its use without specific authorization from a fully informed court."

TGV Accident Caused By Excessive Speed ( 96

Cochonou writes: Analysis of the black boxes of the TGV (Train à Grande Vitesse) which derailed on Saturday revealed that the accident resulted from excessive speed and late braking. The test train entered a 945m-radius curve at a speed of 265 km/h, far over the maximum speed of 176 km/h. The French national railway company ruled out any other cause, such as mechanical failure or track mishap.

During test runs, a number of security features are disabled, in particular parts of the TVM system, which would have prevented any overspeed during normal service. This leaves the train speed under the sole responsibility of the driver.

The accident, which killed 11 people, occurred on the last run of the scheduled trials on the new high-speed line between Paris and Strasbourg. As more details on the accident surface, it becomes evident that this last run was performed in a festive spirit, with relatives (including children) of the employees on board, and seven people present in the train cab instead of train. This casts a shadow on the security procedures of the French national railway company: it appears that the high-speed train technology is considered so safe that the risks inherent to trials runs were somehow neglected. The two drivers and the traction inspector have been suspended pending possible criminal charges. Other changes in the management structure will probably follow.


Controversy Over High-Tech Brooms Sweeps Through Sport of Curling 181 writes: Billy Witz reports at the NYT that the friendly sport of curling suddenly has become roiled in controversy over — what else? — the brooms. The crux of the debate is fabric — specifically, something called directional fabric. The use of this material in broom pads is the latest escalation in an arms race among manufacturers, whereby the world's best curlers can guide the 44-pound stone around a sheet of ice as if it were controlled by a joystick. Many of the sport's top athletes, but not all of them, signed an agreement last month not to use the newest brooms. But with few regulations on the books and Olympic qualifying tournaments underway this month, the World Curling Federation has stepped in and issued new rules that set severe restrictions on the types of brooms that can be used. "There's definitely some anger over it," says Dean Gemmell. "In curling, we're generally known for being pretty friendly with most of your opponents. Even at the big events, you see the top players hanging out. But it's sort of taken that away this year, that's for sure."

It was prototype brooms made by BalancePlus that were the focus of complaints at the Toronto tournament, but Scott Taylor, president of BalancePlus, says they were never intended for sale, and were meant to demonstrate the problems that the reversed fabrics could cause. Players say the brooms allowed sweepers to "steer" the rock much more than they were comfortable with, and even slow them down. The brooms have been compared to high-tech drivers that allow amateur golfers to hit the ball as far as a pro, or the advanced full-body swimsuits that were banned from competition in 2010 for providing an unfair advantage. Of his company's high-tech broom, Taylor says: "This isn't good. It's like hitting a golf ball 500 yards."
Input Devices

Silent Ear and Tongue-Tracking Tech Can Control Wearables ( 10

An anonymous reader writes: Scientists at Georgia Tech are developing silent speech systems that can enable fast and hands-free communication with wearable devices, controlled by the user's tongue and ears. As seen with open source project Eyedrivomatic, the researchers want to apply the technology to provide a device control solution for people who are disabled. They suggest it could also be used by those working in a loud environment in need of a quiet way to communicate with their wearable devices. The prototype involves a combination of tongue control with earphone-like pieces each installed with proximity sensors to map the changing shape of the ear canal. Every word manipulates the canal in a different way, allowing for accurate recognition.

Survey: Tech Pros Ignoring Work-Life Balance Is a Myth ( 242

Nerval's Lobster writes: Are tech professionals really willing to live on energy drinks, and sleep on office couches, in order to get the job done? For many, the answer is "no." In response to a new Dice survey (Dice link, obviously), only 5 percent of employees at technology companies said that work-life balance wasn't a top priority for them. Contrast that with nearly 45 percent of respondents who said they wanted more of a work-life balance, even if their current position made that difficult. More than 27 percent of those surveyed also characterized work-life balance in the tech industry as a "myth." It seems that, despite all those companies talking publicly about wanting to give employees a better work-life balance (complete with on-site gyms and unlimited vacation time and... stuff...), it's not really working out for a lot of people. (And that's something that people have been calling out for some time.)