Oggi e' 30.07.2016
Sei qui: Home arrow Slashdot
Slashdot
Slashdot
News for nerds, stuff that matters

Slashdot
  • Babylon 5 Actor Jerry Doyle Dies
    Slashdot reader tiqui writes: Jerry Doyle, best known for playing Security Chief Michael Garibaldi on Babylon 5 has passed away in Las Vegas at only 60 years of age. His B5 character was often paired-up with G'Kar (played by Andreas Katsulas who died in 2006 at age 59) and with Jeffrey Sinclair (played by Michael O'Hare who died in 2012, also at age 60) He seems to have lead an interesting life. Cause of death not yet known. Slashdot reader The Grim Reefer quotes the BBC: Fellow Babylon 5 actor Bruce Boxleitner tweeted that he was "so devastated at the news of the untimely death of my good friend", while astronaut Scott Kelly said the news was "very sad to hear".

    Read more of this story at Slashdot.



  • Open Source Gardening Robot 'FarmBot' Raises $560,000
    Slashdot reader Paul Fernhout writes: FarmBot is an open-source gantry-crane-style outdoor robot for tending a garden bed. The project is crowdfunding a first production run and has raised US$561,486 of their US$100,000 goal -- with one day left to go... The onboard control system is based around a Raspberry Pi 3 computer and an Arduino Mega 2560 Microcontroller. Many of the parts are 3D printable. Two years ago Slashdot covered the genesis of this project, describing its goal as simply "to increase food production by automating as much of it as possible."

    Read more of this story at Slashdot.



  • Google Wi-Fi Kiosks in New York Promise No Privacy, 'Can Collect Anything'
    Here's the thing about those wi-fi kiosks replacing New York City's public payphones. They're owned by Google/Alphabet company Sidewalk Labs, they're covered with ads, and if you read the privacy policy on its web site, "it's not that one." An anonymous Slashdot reader quotes an article from the Observer: Columbia professor Benjamin Read got a big laugh at this weekend's Hackers on Planet Earth XI conference in Manhattan when he pointed out that the privacy policy on LinkNYC's website only applies to the website itself, not to the actual network of kiosks. The web page points out that it has two separate privacy policies in an easily-missed section near the top, and for their real-world kiosks, "They essentially have a privacy policy that says, 'we can collect anything and do anything' and that sets the outer bound'," says New York Civil Liberties Union attorney Mariko Hirose. The Observer reports that the policy "promises not to use facial recognition... however, nothing stops the company from retracting that guarantee. In fact, Hirose said that she's been told by the company that the kiosk's cameras haven't even been turned on yet, but it is also under no obligation to tell the public when the cameras go live." The article concludes that in general the public's sole line of defense is popular outrage, and that privacy policies "have been constructed primarily to guard companies against liability and discourage users from reading closely."

    Read more of this story at Slashdot.



  • Android Stagefright Bug Required 115 Patches, Millions Still At Risk
    eWeek reports that "hundreds of millions of users remain at risk" one year after Joshua Drake discovered the Stagefright Android flaw. Slashdot reader darthcamaro writes: A year ago, on July 27, 2015 news about the Android Stagefright flaw was first revealed with the initial reports claiming widespread impact with a billion users at risk. As it turns out, the impact of Stagefright has been more pervasive...over the last 12 months, Google has patched no less than 115 flaws in Stagefright and related Android media libraries. Joshua Drake, the researcher who first discovered the Stagefright flaw never expected it to go this far. "I expected shoring up the larger problem to take an extended and large effort, but I didn't expect it to be ongoing a year later." Drake believes targeted attacks use Stagefright vulnerabilities on unpatched systems, but adds that Android's bug bounty program appears to be working, paying out $550,000 in its first year.

    Read more of this story at Slashdot.



  • Xen Vulnerability Allows Hackers To Escape Qubes OS VM And Own the Host
    Slashdot reader Noryungi writes: Qubes OS certainly has an intriguing approach to security, but a newly discovered Xen vulnerability allows a hacker to escape a VM and own the host. If you are running Qubes, make sure you update the dom0 operating system to the latest version. "A malicious, paravirtualized guest administrator can raise their system privileges to that of the host on unpatched installations," according to an article in IT News, which quotes Xen as saying "The bits considered safe were too broad, and not actually safe." IT News is also reporting that Qubes will move to full hardware memory virtualization in its next 4.0 release. Xen's hypervisor "is used by cloud giants Amazon Web Services, IBM and Rackspace," according to the article, which quotes a Qubes security researcher who asks the age-old question. "Has Xen been written by competent developers? How many more bugs of this caliber are we going to witness in the future?"

    Read more of this story at Slashdot.



  • Cisco Finds $34 Million Ransomware Industry
    Ransomware is "generating huge profits," says Cisco. Slashdot reader coondoggie shares this report from Network World: Enterprise-targeting cyber enemies are deploying vast amounts of potent ransomware to generate revenue and huge profits -- nearly $34 million annually, according to Cisco's Mid-Year Cybersecurity Report out this week. Ransomware, Cisco wrote, has become a particularly effective moneymaker, and enterprise users appear to be the preferred target. Many of the victims were slow to patch their systems, according to the article. One study of Cisco devices running on fundamental infrastructure discovered that 23% had vulnerabilities dating back to 2011, and 16% even had vulnerabilities dating back to 2009. Popular attack vectors included vulnerabilities in JBoss and Adobe Flash, which was responsible for 80% of the successful attacks for one exploit kit. The article also reports that attackers are now hiding their activities better using HTTPS and TLS, with some even using a variant of Tor.

    Read more of this story at Slashdot.



  • The Chip Card Transition In the US Has Been a Disaster
    Ian Kar, writing for Quartz: Over the last year or so in the U.S., a lot of the plastic credit cards we carry around every day have been replaced by new one with chips embedded in them. The chips are supposed to make your credit and debit cards more secure -- a good thing! -- but there's one little secret no one wants to admit: The U.S.'s transition to chip cards has been an utter disaster. They're confusing to use, painstakingly slow, less secure than the alternatives, and aren't even the best solution for consumers. If you've shopped in a store and used a credit card, you've noticed the change. Retailers have likely asked you to insert the chip into the card reader, instead of swiping. But reading the chip seems to take much longer than just swiping. And on top of that, even though many retailers now have chip reading machines, some of them ask us just the opposite -- they say not to insert the card, and just swipe. It seems like there's no rhyme or reason to the whole thing.

    Read more of this story at Slashdot.