Slashdot
13 Nov 2016

Slashdot

  • Children Can Now Sue The US Government Over Climate Change
    "America's children have officially won the right to sue their government over global warming," reports Motherboard. An anonymous reader quotes their article: Thursday, a lawsuit filed by 21 youth plaintiffs was ruled valid by U.S. District Judge Ann Aiken in Eugene, Oregon. A group of citizens, whose ages range from nine to twenty, charged President Obama, the fossil fuel industry, and other federal agencies with violating their constitutional rights by declining to take action against climate change. "Federal courts too often have been cautious and overly deferential in the arena of environmental law, and the world has suffered for it," wrote Judge Aiken in her ruling. [PDF] Several groups -- including the U.S. government and the American Petroleum Institute -- had asked the judge to throw out the case, but the judge ruled instead that climate change would "threaten plaintiffs' fundamental constitutional rights to life and liberty," calling man-made climate change an "undisputed" fact. In a related story, Slashdot reader devinp shares a new study which suggests "Global changes in temperature due to human-induced climate change have already impacted every aspect of life on Earth from genes to entire ecosystems, with increasingly unpredictable consequences for humans."

    Read more of this story at Slashdot.

  • 1 Billion Mobile Apps Exposed To Account Hijacking Through OAuth 2.0 Flaw
    Threatpost, the security news service of Kaspersky Lab, is reporting a new exploit which allows hijacking of third-party apps that support single sign-on from Google or Facebook (and support the OAuth 2.0 protocol). msm1267 quotes their article: Three Chinese University of Hong Kong researchers presented at Black Hat EU last week a paper called "Signing into One Billion Mobile LApp Accounts Effortlessly with OAuth 2.0"... The researchers examined 600 top U.S. and Chinese mobile apps that use OAuth 2.0 APIs from Facebook, Google and Sina -- which operates Weibo in China -- and support single sign-on for third-party apps. The researchers found that 41.2% of the apps they tested were vulnerable to their attack... None of the apps were named in the paper, but some have been downloaded hundreds of millions of times and can be exploited for anything from free phone calls to fraudulent purchases. "The researchers said the apps they tested had been downloaded more than 2.4 billion times in aggregate."

    Read more of this story at Slashdot.

  • German Police Mock 'Not Very Clever' ATM Robbers
    An anonymous reader quotes Bleeping Computer: German police mocked a group of bungling crooks that tried to rob an ATM, but instead of malware they chose explosives, which they unwittingly placed near a device that issued bank statements, and not the actual money-dispensing ATM... The crooks placed small explosive charges next to a machine they thought to be an ATM, in the hopes of breaking its outer casing and getting access to the money vault inside... After being called in to investigate the loud blast that woke up the bank's neighbors German police discovered a partially destroyed bank statement printing machine... No money was stolen in the failed robbery, police reported. In a statement on the Berlin police department's official web site, they described the ATM thieves as "not very clever."

    Read more of this story at Slashdot.

  • Ethernet Consortia Wants To Unlock a More Time-Sensitive Network
    Does Ethernet need new features like "stream reservation" and time synchronization to make sure time-sensitive data isn't delayed on the network? coondoggie quotes Network World: The demand from Internet of Things, automotive networking and video applications are driving changes to Ethernet technology that will make it more time-sensitive. Key to those changes are a number of developing standards but also a push this week from the University of New Hampshire InterOperability Laboratory to set up three new industry specific Ethernet Time-Sensitive Networking consortiums -- Automotive Networking, Industrial Networking, and ProAV Networking aimed at developing deterministic performance within standard Ethernet for real-time, mission critical applications. "Standards-based precise time, guaranteed bandwidth, and guaranteed worst-case latency in a converged Ethernet network is a game-changer to many industries," said Bob Noseworthy, Chief Engineer, UNH-IOL. The article also acknowledges the work of the Avnu Alliance, which is also trying to build an ecosystem of "low-latency, time-synchronized, highly reliable synchronized networked devices using open standards through certification."

    Read more of this story at Slashdot.

  • OWASP ModSecurity Core Rule Set Version 3.0 Released
    Need a new set of generic attack detection rules for your web application firewall? Try the new OWASP ModSecurity Core Rule Set version 3.0.0! Long-time Slashdot reader dune73 writes: The OWASP CRS is a widely-used Open Source set of generic rules designed to protect users against threats like the OWASP Top 10. The rule set is most often deployed in conjunction with an existing Web Application Firewall like ModSecurity. Four years in the making, this release comes with dozens of new features including reduced false positives (by over 90% in the default setup), improved detection of SQLi, XSS, RCE and PHP injections, the introduction of a Paranoia Mode which allows assigning a certain security level to a site, and better documentation that takes the pain out of ModSecurity. There's rumors this new rule set is even being made into a movie

    Read more of this story at Slashdot.

  • 'Here Be Dragons': The Seven Most Vexing Problems In Programming
    InfoWorld has identified "seven of the gnarliest corners of the programming world," which Slashdot reader snydeq describes as "worthy of large markers reading, 'Here be dragons.'" Some examples: Multithreading. "It sounded like a good idea," according to the article, but it just leads to a myriad of thread-managing tools, and "When they don't work, it's pure chaos. The data doesn't make sense. The columns don't add up. Money disappears from accounts with a poof. It's all bits in memory. And good luck trying to pin down any of it..."NP-complete problems. "Everyone runs with fear from these problems because they're the perfect example of one of the biggest bogeymen in Silicon Valley: algorithms that won't scale." The other dangerous corners include closures, security, encryption, and identity management, as well as that moment "when the machine runs out of RAM." What else needs to be on a definitive list of the most dangerous "gotchas" in professional programming?

    Read more of this story at Slashdot.

  • 'Flash Crash' Trader Pleads Guilty, Facing Up To 30 Years In Prison
    Slashdot reader whoever57 writes; Navinder Sarao, the British trader who was accused of causing the "flash crash" in 2010 and was extradited to the U.S. this week has pleaded guilty to one count of wire fraud and one count of spoofing. No details of the plea deal have been released, but it's believed that he's agreed to forfeit $13 million. Several years of jail time are also expected for Mr. Sarao. From the Telegraph: Sarao, a 37-year-old working out of a modest suburban home in Hounslow in west London, allegedly made tens of millions of dollars with a computer program that could automatically manipulate prices... "Navinder Sarao abused sophisticated technology to make a quick profit, and jeopardised the integrity of US financial markets," said Assistant Attorney General Leslie Caldwell. Sentencing guidelines suggest he'll spend at least six and a half years in prison, though he faced a maximum possible sentence of 30 years and still faces the possibility of $38 million in sanctions.

    Read more of this story at Slashdot.

  • Scammers Bite Chrome Users With Forgotten 2014 Bug
    "Tech support scammers have started exploiting a two-year-old bug in Google Chrome to trick victims into believing their PC is infected with malware," reports security researcher Sophos. It begins by freezing the browser, BrianFagioli reports, sharing an article from Beta News: These bad guys pose as Microsoft tech support and display an in-browser message that says the user's computer is infected with "Virus Trojan.worm! 055BCCAC9FEC". To make matters worse, Google has apparently known about the exploit for more than two years and simply failed to patch it. "The bug was discovered in Chrome 35 in July 2014 in the history.pushState() HTML5 function, a way of adding web pages into the session history without actually loading the page in question. The developer who reported the issue published code showing how to add so many items into Chrome's history list that the browser would effectively freeze", says Sophos... "Users can either close Chrome using the Task Manager or, in cases where the browser is using up so much processor power that Task Manager doesn't appear, by rebooting the computer. The chances of encountering this particular scam are small -- it's only been spotted on a single website -- but its existence underlines how small bugs that don't seem terribly important may nevertheless be abused by cybercriminals down the line."

    Read more of this story at Slashdot.

  • Uranium-Filled 'Lost Nuke' Missing Since 1950 May Have Been Found
    Although the U.S. government "does not believe the bomb contains active nuclear material," schwit1 shares this report from the BBC: A commercial diver may have discovered a lost decommissioned U.S. nuclear bomb off the coast of Canada. Sean Smyrichinsky was diving for sea cucumbers near British Columbia when he discovered a large metal device that looked a bit like a flying saucer. The Canadian Department of National Defence believes it could be a "lost nuke" from a US B-36 bomber that crashed in the area in 1950.... The plane was on a secret mission to simulate a nuclear strike and had a real Mark IV nuclear bomb on board to see if it could carry the payload required... The American military says the bomb was filled with lead, uranium and TNT but no plutonium, so it wasn't capable of a nuclear explosion... Several hours into its flight, its engines caught fire and the crew had to parachute to safety... The crew put the plane on autopilot and set it to crash in the middle of the ocean, but three years later, its wreckage was found hundreds of kilometers inland. The crew says they dumped their bomb-like cargo into the ocean first to avoid a detonation on land.

    Read more of this story at Slashdot.

  • 'Lurking Malice' Study Finds Malware Hiding In The Cloud
    "Cloud repositories have become the hub of malicious web activities," warns one computer engineering professor. An anonymous reader quotes SC magazine: A recent study detected more than 600 cloud repositories hosting malware and other malicious activities on major cloud platforms including Amazon, Google, Groupon and thousands of other sites. Researchers...scanned more than 140,000 sites on 20 major cloud hosting services and found that as many as 10 percent of the repositories hosted by them had been compromised, according to the "Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service" report [PDF]... [According to the researchers] threat actors are taking advantage of the cloud because of how difficult it can be to scan the large amount of storage they provide... service providers which are bound by privacy commitments and ethical concerns tend to avoid inspecting their customer's repositories without proper consent and even when they are willing to inspect them it is difficult to spot malicious content.

    Read more of this story at Slashdot.

  • WikiLeaks Calls for Pardons From President Obama -- Or President Trump
    "President Obama has a political moment to pardon Manning & Snowden," WikiLeaks tweeted on Friday, adding "If not, he hands a Trump presidency the freedom to take his prize." And a new online petition is also calling for a pardon of WikiLeaks founder Julian Assange, saying Assange is "a hero and must be honoured as such," attracting over 10,000 supporters in just a few days. An anonymous reader writes: Monday WikiLeaks also announced, "irrespective of the outcome of the 2016 U.S. Presidential election, the real victor is the U.S. public which is better informed as a result of our work." Addressing complaints that they specifically targeted Hillary Clinton's campaign, the group said "To date, we have not received information on Donald Trump's campaign, or Jill Stein's campaign, or Gary Johnson's campaign or any of the other candidates that fulfills our stated editorial criteria." But they also objected to the way their supporters were portrayed during the U.S. election, arguing that Trump and others "were painted with a broad, red brush. The Clinton campaign, when they were not spreading obvious untruths, pointed to unnamed sources or to speculative and vague statements from the intelligence community to suggest a nefarious allegiance with Russia. The campaign was unable to invoke evidence about our publications -- because none exists." Thursday a WikiLeaks representative expressed surprise that, despite the end of the U.S. election, Julian Assange's internet connection in the Ecuadorean Embassy in London has not yet been restored.

    Read more of this story at Slashdot.

  • Re-Discovering The 'Lost Civilization' of Dial-Up BBS's
    An anonymous Slashdot reader writes: Two new articles take a look at "social media's dial-up ancestor" from back in the 20th century. First a new article in IEEE Spectrum remembers a time when tens of thousands of dial-up bulletin board systems kept modems busy all around the world playing chintzy "door" games, downloading textfiles and ANSI art, and reading messages left on FidoNet's "echo" forums. "To understand how the Internet became a medium for social life, you have to widen your view beyond networking technology and peer into the makeshift laboratories of microcomputer hobbyists of the 1970s and 1980s...amateurs tinkering in their free time to build systems for computer-mediated collaboration and communication." And the former sysop at "The Cave" has also written a new article about visiting the few surviving BBSes, some still in operation since 1983, many now accessible via telnet, and some still even delivering messages over FidoNet's phone-to-phone network. Anyone else have fond memories of visiting (or running) a BBS?

    Read more of this story at Slashdot.

  • HTC Vive Goes Wireless
    One of the biggest cons with premium virtual-reality headsets is the fact that they need to be tethered to a powerful gaming PC or game console via annoying wires. In early September, HTC announced it was working on a method to remove the wires, and now their solution is officially available via a $220 add-on kit. UploadVR reports: HTC today announced a tether-less VR upgrade kit for its SteamVR device, made by TPCAST, one of the first of 33 companies to join the Vive X Accelerator. Speaking to UploadVR in a phone interview, [China Regional President of Vive at HTC Alvin W. Graylin] said that the experience would "greatly improve" the overall Vive experience, with no "noticeable difference" for factors like latency. The product will be available to pre-order with a standard battery, though Graylin said that a bigger battery will be sold eventually. We're told the standard battery can deliver around one and a half hours of power. The bigger battery would rest in a user's pocket. HTC expects the device to be adopted by "avid" Vive users, though it could also be useful for businesses. The upgrade kit will be available to pre-order on Vive's Chinese website "in limited quantity" for 1,499 RMB ($220.33). The kit is said to ship starting in Q1 2017. According to HTC, pre-orders go live at 7 a.m. Pacific on Friday. Graylin said anyone could order the unit from there and pay for shipping. According to HTC, in a press release, "Order fulfillment will be prioritized to existing customers who can provide a valid Vive serial number." You can watch some wireless HTC Vive test footage here.

    Read more of this story at Slashdot.

  • A Computer Program Has Ranked the Most Influential Brain Scientists of the Modern Era
    sciencehabit writes from a report via Science Magazine: A computer program has parsed the content of 2.5 million neuroscience articles, mapped all of the citations between them, and calculated a score of each author's influence on the rest to determine the most influential brain scientists of the modern era. The program, called Semantic Scholar, is an online tool built at the Allen Institute for Artificial Intelligence in Seattle, Washington. It hopes to expand to all of the biomedical literature next year, over 20 million papers. The program sees much more than the typical academic search engine, says the project leader. "We are using machine learning, natural language processing, and [machine] vision to begin to delve into the semantics."

    Read more of this story at Slashdot.

  • Atlas V Rocket Launches Sharp-Eyed Earth-Observing Satellite
    An anonymous reader quotes a report from Space.com: A super-powerful Earth-observing spacecraft has finally taken to the skies, nearly two months after a wildfire nixed its first launch attempt. The WorldView-4 satellite lifted off today (Nov. 11) at 1:30 p.m. EST (10:30 a.m. local time; 1830 GMT), riding a United Launch Alliance Atlas V 401 rocket from Space Launch Complex-3 at California's Vandenberg Air Force Base to a near sun-synchronous, pole-to-pole orbit. In addition, seven tiny cubesats were onboard in a "ridesharing" initiative. All of the cubesats manifested for the WorldView-4 mission are sponsored by the National Reconnaissance Office, the agency in charge of the United States' spy satellites, and are unclassified technology-demonstration programs. The Atlas-V that lofted WorldView-4 today had been scheduled to launch NASA's InSight Mars lander earlier this year, before issues with one of InSight's instruments delayed the Red Planet probe's liftoff until 2018. WorldView-4 is a multispectral, high-resolution commercial imaging satellite owned and operated by DigitalGlobe of Westminster, Colorado, and built by the aerospace company Lockheed Martin. Its mission is to provide high-resolution color imagery to commercial, government and international customers. Once in operation, WorldView-4 has a global capacity to image 260,000 square miles (680,000 square kilometers) per day. You can watch the launch video here via United Launch Alliance.

    Read more of this story at Slashdot.

  • Search Slashdot stories