Forgot your password?
typodupeerror

Slashdot is powered by your submissions, so send in your scoop

Medicine

DHS Investigates 24 Potentially Lethal IoT Medical Devices 13

Posted by Soulskill
from the but-they're-fine-with-mcdonald's-so-don't-get-your-hopes-up dept.
An anonymous reader writes: In the wake of the U.S. Food and Drug Administration's recent recommendations to strengthen security on net-connected medical devices, the Department of Homeland Security is launching an investigation into 24 cases of potential cybersecurity vulnerabilities in hospital equipment and personal medical devices. Independent security researcher Billy Rios submitted proof-of-concept evidence to the FDA indicating that it would be possible for a hacker to force infusion pumps to fatally overdose a patient. Though the complete range of devices under investigation has not been disclosed, it is reported that one of them is an "implantable heart device." William Maisel, chief scientist at the FDA's Center for Devices and Radiological Health, said, "The conventional wisdom in the past was that products only had to be protected from unintentional threats. Now they also have to be protected from intentional threats too."
Data Storage

Samsung Acknowledges and Fixes Bug On 840 EVO SSDs 95

Posted by Soulskill
from the not-presented-on-a-platter dept.
Lucas123 writes: Samsung has issued a firmware fix for a bug on its popular 840 EVO triple-level cell SSD. The bug apparently slows read performance tremendously for any data more than a month old that has not been moved around on the NAND. Samsung said in a statement that the read problems occurred on its 2.5-in 840 EVO SSDs and 840 EVO mSATA drives because of an error in the flash management software algorithm. Some users on technical blog sites, such as Overclock.net, say the problem extends beyond the EVO line. They also questioned whether the firmware upgrade was a true fix or if it just covers up the bug by moving data around the SSD.
Security

Google Adds USB Security Keys To 2-Factor Authentication Options 116

Posted by timothy
from the something-you-have dept.
An anonymous reader writes with this excerpt from VentureBeat: Google today announced it is beefing up its two-step verification feature with Security Key, a physical USB second factor that only works after verifying the login site is truly a Google website. The feature is available in Chrome: Instead of typing in a code, you can simply insert Security Key into your computer's USB port and tap it when prompted by Google's browser. "When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished," Google promises. While Security Key works with Google Accounts at no charge, you'll need to go out and buy a compatible USB device directly from a Universal 2nd Factor (U2F) participating vendor.
Government

Safercar.gov Overwhelmed By Recall For Deadly Airbags 118

Posted by timothy
from the give-it-to-the-healthcare.gov-folks dept.
darylb writes "The NHTSA's safercar.gov website appears to be suffering under the load of recent vehicle recalls, including the latest recall of some 4.7 million vehicles using airbags made by Takata. Searching recalls by VIN is non-responsive at present. Searching by year, make, and model hangs after selecting the year. What can sites serving an important public function do to ensure they stay running during periods of unexpected load?" More on the airbag recall from The New York Times and the Detroit Free Press.
Android

Delivering Malicious Android Apps Hidden In Image Files 111

Posted by timothy
from the best-case-never-touch-a-phone dept.
An anonymous reader writes "Researchers have found a way to deliver a malicious app to Android users by hiding it into what seems to be an encrypted image file, which is then delivered via a legitimate, seemingly innocuous wrapper app. Fortinet malware researcher Axelle Apvrille and reverse engineer Ange Albertini created a custom tool they dubbed AngeCryption, which allows them to encrypt the payload Android application package (APK) and make it look like an image (PNG, JPG) file . They also had to create another APK that carries the "booby-trapped" image file and which can decrypt it to unveil the malicious APK file and install it. A malicious app thusly encrypted is nearly invisible to reverse engineers, and possibly even to AV solutions and Google's Android Bouncer." (Here's the original paper, from researchers Axelle Apvrille and Ange Albertini.)
Encryption

Security Company Tries To Hide Flaws By Threatening Infringement Suit 115

Posted by Soulskill
from the because-that-always-ends-well dept.
An anonymous reader writes: An RFID-based access control system called IClass is used across the globe to provide physical access controls. This system relies on cryptography to secure communications between a tag and a reader. Since 2010, several academic papers have been released which expose the cryptographic insecurity of the IClass system. Based on these papers, Martin Holst Swende implemented the IClass ciphers in a software library, which he released under the GNU General Public License.

The library is useful to experiment with and determine the security level of an access control system (that you own or have explicit consent to study). However, last Friday, Swende received an email from INSIDE Secure, which notified him of (potential) intellectual property infringement, warning him off distributing the library under threat of "infringement action." Interestingly, it seems this is not the first time HID Global has exerted legal pressure to suppress information.
China

China Staging a Nationwide Attack On iCloud and Microsoft Accounts 107

Posted by Soulskill
from the secure-browsing-advised dept.
New submitter DemonOnIce writes: According to The Verge and an original report from the site that monitor's China's Great Firewall activity, China is conducting a large-scale attack on iCloud and Microsoft accounts using its government firewall software. Chinese users may be facing an unpleasant surprise as they are directed to a dummy site designed to look like an Apple login page (or a Microsoft one, as appropriate).
Software

GNU Emacs 24.4 Released Today 151

Posted by timothy
from the please-have-more-than-8-megs-of-RAM dept.
New submitter Shade writes Well over one and a half years in the works, the latest and greatest release of GNU Emacs was made officially available today. Highlights of this release include a built-in web browser, improved multi-monitor and fullscreen support, "electric" indentation enabled by default, support for saving and restoring the state of frames and windows, pixel-based resizing for frames and windows, support for digitally signed ELisp packages, support for menus in text terminals, and much more. Read the official announcement and the full list of changes for more information.
Operating Systems

More Eye Candy Coming To Windows 10 202

Posted by timothy
from the sincere-flattery dept.
jones_supa writes Microsoft is expected to release a new build of the Windows 10 Technical Preview in the very near future, according to their own words. The only build so far to be released to the public is 9841 but the next iteration will likely be in the 9860 class of releases. With this new build, Microsoft has polished up the animations that give the OS a more comprehensive feel. When you open a new window, it flies out on to the screen from the icon and when you minimize it, it collapses back in to the icon on the taskbar. It is a slick animation and if you have used OS X, it is similar to the one used to collapse windows back in to the dock. Bah.
Encryption

'Endrun' Networks: Help In Danger Zones 28

Posted by timothy
from the pinging-mr-bourne-mr-jason-bourne dept.
kierny writes Drawing on networking protocols designed to support NASA's interplanetary missions, two information security researchers have created a networking system that's designed to transmit information securely and reliably in even the worst conditions. Dubbed Endrun, and debuted at Black Hat Europe, its creators hope the delay-tolerant and disruption-tolerant system — which runs on Raspberry Pi — could be deployed everywhere from Ebola hot zones in Liberia, to war zones in Syria, to demonstrations in Ferguson.
The Almighty Buck

Developers, IT Still Racking Up (Mostly) High Salaries 186

Posted by timothy
from the money-goes-further-if-you-live-in-omaha dept.
Nerval's Lobster (2598977) writes Software development and IT remain common jobs among those in the higher brackets, although not the topmost one, according to a new study (with graph) commissioned by NPR. Among those earning between $58,000 and $72,000, IT was the sixth-most-popular job, while software developers came in tenth place. In the next bracket up (earning between $72,000 and $103,000), IT rose to third, with software development just behind in fourth place. As incomes increased another level ($103,000 to $207,000), software developers did even better, coming in second behind managers, although IT dropped off the list entirely. In the top percentile ($207,000 and above), neither software developers nor IT staff managed to place; this is a segment chiefly occupied by physicians (in first place), managers, chief executives, lawyers, and salespeople who are really good at their jobs. In other words, it seems like a good time to be in IT, provided you have a particular skillset. If those high salaries are in Silicon Valley or New York, though, they might not seem as high as half the same rate would in Omaha, or Houston, or Raleigh.
The Internet

Ask Slashdot: Good Hosting Service For a Parody Site? 113

Posted by timothy
from the just-keep-backups dept.
An anonymous reader writes "Ok, bear with me now. I know this is not PC Mag 2014 review of hosting services. I am thinking of getting a parody website up. I am mildly concerned about potential reaction of the parodee, who has been known to be a little heavy handed when it comes to things like that. In short, I want to make sure that the hosting company won't flake out just because of potential complaints. I checked some companies and their TOS and AUPs all seem to have weird-ass restrictions (Arvixe, for example, has a list of unacceptable material that happens to list RPGs and MUDS ). I live in U.S.; parodee in Poland. What would you recommend?"
Desktops (Apple)

iFixit Tears Apart Apple's Shiny New Retina iMac 106

Posted by timothy
from the good-work-if-you-can-get-it dept.
iFixit gives the new Retina iMac a score of 5 (out of 10) for repairability, and says that the new all-in-one is very little changed internally from the system (non-Retina) it succeeds. A few discoveries along the way: The new model "retains the familiar, easily accessible RAM upgrade slot from iMacs of yore"; the display panel (the one iin the machine disassmbled by iFixit at least) was manufactured by LG Display; except for that new display, "the hardware inside the iMac Intel 27" Retina 5K Display looks much the same as last year's 27" iMac." In typical iFixit style, the teardown is documented with high-resolution pictures and more technical details.
Input Devices

Apple's Next Hit Could Be a Microsoft Surface Pro Clone 250

Posted by timothy
from the they-have-the-technology dept.
theodp writes "Good artists copy, great artists steal," Steve Jobs used to say. Having launched a perfectly-timed attack against Samsung and phablets with its iPhone 6 and iPhone 6 Plus, Leonid Bershidsky suggests that the next big thing from Apple will be a tablet-laptop a la Microsoft's Surface Pro 3. "Before yesterday's Apple [iPad] event," writes Bershidsky, "rumors were strong of an upcoming giant iPad, to be called iPad Pro or iPad Plus. There were even leaked pictures of a device with a 12.9-inch screen, bigger than the Surface Pro's 12-inch one. It didn't come this time, but it will. I've been expecting a touch-screen Apple laptop for a few years now, and keep being wrong.
Android

Google Releases Android 5.0 Lollipop SDK and Nexus Preview Images 77

Posted by Soulskill
from the progressively-sillier-names dept.
An anonymous reader writes: As promised, Google today released the full Android 5.0 Lollipop SDK, along with updated developer images for Nexus 5, Nexus 7 (2013), ADT-1, and the Android emulator. The latest version of Android isn't available just yet, but the company is giving developers a head start (about two weeks), so they can test their apps on the new platform. To get the latest Android 5.0 SDK, fire up Android SDK Manager and head to the Tools section, followed by latest SDK Tools, SDK Platform-tools, and SDK Build-tools. Select everything under the Android 5.0 section, hit "Install packages...", accept the licensing agreement, and finally click Install. Google also rolled out updated resources for their Material Design guidelines.
Privacy

FBI Director Continues His Campaign Against Encryption 284

Posted by samzenpus
from the don't-lock-it-down dept.
apexcp writes Following the announcements that Apple and Google would make full disk encryption the default option on their smartphones, FBI director James Comey has made encryption a key issue of his tenure. His blitz continues today with a speech that says encryption will hurt public safety.
Security

FBI Warns Industry of Chinese Cyber Campaign 105

Posted by samzenpus
from the protect-ya-neck dept.
daten writes The FBI on Wednesday issued a private warning to industry that a group of highly skilled Chinese government hackers was in the midst of a long-running campaign to steal valuable data from U.S. companies and government agencies. "These state-sponsored hackers are exceedingly stealthy and agile by comparison with the People's Liberation Army Unit 61398 ... whose activity was publicly disclosed and attributed by security researchers in February 2013," said the FBI in its alert, which referred to a Chinese military hacker unit exposed in a widely publicized report by the security firm Mandiant.
Java

Adobe: Click-to-Play Would Have Avoided Flood of Java Zero-days 111

Posted by Soulskill
from the of-pots-and-kettles dept.
mask.of.sanity writes: Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button to enable Java.
Security

Drupal Fixes Highly Critical SQL Injection Flaw 53

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes Drupal has patched a critical SQL injection vulnerability in version 7.x of the content management system that can allow arbitrary code execution. The flaw lies in an API that is specifically designed to help prevent against SQL injection attacks. "Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks," the Drupal advisory says. "A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks."
Businesses

Ask Slashdot: Handling Patented IP In a Job Interview? 224

Posted by samzenpus
from the what's-mine-is-mine dept.
ZahrGnosis writes I'm in the midst of a rather lengthy job interview; something I haven't done for some time as I've worked as a contract employee with a much lower barrier to entry for years. Recently, I've started patenting some inventions that are applicable to my industry. One hope is that the patents look good to the prospective employer on a resume, but I don't want them to take the existing IP for granted as part of the deal. I'm worried I have the wrong attitude, however. My question is, how should I treat licensing of the patent as a topic with respect to the topic of my employment? Should I build the use of my patented ideas into my salary? Should I explicitly refuse to implement my patented IP for the company without a separate licensing fee? If I emphasize the patent during the interviews without the intent to give them the IP for free, is that an ethical lapse — a personal false advertising? At the same time, when I work for a company I feel they should get the benefit of my full expertise... am I holding back something I shouldn't by not granting a de-facto license while I work for them? I perceive a fine balance between being confrontational and helpful, while not wanting to jeopardize the job prospect nor restrict my ability to capitalize on my invention. Thoughts?

"We are on the verge: Today our program proved Fermat's next-to-last theorem." -- Epigrams in Programming, ACM SIGPLAN Sept. 1982

Working...