Forgot your password?
typodupeerror

Please create an account to participate in the Slashdot moderation system

Security

Internet Explorer Vulnerabilities Increase 100% 116

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities. Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.
Security

The Psychology of Phishing 118

Posted by samzenpus
from the click-and-release dept.
An anonymous reader writes Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals understand that we are a generation of clickers and they use this to their advantage. They will take the time to create sophisticated phishing emails because they understand that today users can tell-apart spam annoyances from useful email, however they still find it difficult identifying phishing emails, particularly when they are tailored to suit each recipient individually. Fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link. To put that into context a legitimate marketing department at a FTSE 100 company typically expects less than a 2% click rate on their advertising campaigns. So, how are the cybercriminals out-marketing the marketing experts?
Software

UK Cabinet Office Adopts ODF As Exclusive Standard For Sharable Documents 163

Posted by Soulskill
from the won-the-battle,-working-on-the-war dept.
Andy Updegrove writes: "The U.K. Cabinet Office accomplished today what the Commonwealth of Massachusetts set out (unsuccessfully) to achieve ten years ago: it formally required compliance with the Open Document Format (ODF) by software to be purchased in the future across all government bodies. Compliance with any of the existing versions of OOXML, the competing document format championed by Microsoft, is neither required nor relevant. The announcement was made today by The Minister for the Cabinet Office, Francis Maude. Henceforth, ODF compliance will be required for documents intended to be shared or subject to collaboration. PDF/A or HTML compliance will be required for viewable government documents. The decision follows a long process that invited, and received, very extensive public input – over 500 comments in all."
Media

Open-Source Blu-Ray Library Now Supports BD-J Java 93

Posted by Soulskill
from the hack-it-until-it-works dept.
An anonymous reader writes: Updates to the open-source libbluray, libaacs, and libbdplus libraries have improved the open-source Blu-ray disc support to now enable the Blu-ray Java interactivity layer (BD-J). The Blu-ray Java code is in turn executed by OpenJDK or the Oracle JDK and is working well enough to play a Blu-ray disc on the Raspberry Pi when paired with the VLC media player."
Linux

Ask Slashdot: Linux Login and Resource Management In a Computer Lab? 98

Posted by timothy
from the explain-your-system dept.
New submitter rongten (756490) writes I am managing a computer lab composed of various kinds of Linux workstations, from small desktops to powerful workstations with plenty of RAM and cores. The users' $HOME is NFS mounted, and they either access via console (no user switch allowed), ssh or x2go. In the past, the powerful workstations were reserved to certain power users, but now even "regular" students may need to have access to high memory machines for some tasks. Is there a sort of resource management that would allow the following tasks? To forbid a same user to log graphically more than once (like UserLock); to limit the amount of ssh sessions (i.e. no user using distcc and spamming the rest of the machines, or even worse, running in parallel); to give priority to the console user (i.e. automatically renicing remote users jobs and restricting their memory usage); and to avoid swapping and waiting (i.e. all the users trying to log into the latest and greatest machine, so have a limited amount of logins proportional to the capacity of the machine). The system being put in place uses Fedora 20, and LDAP PAM authentication; it is Puppet-managed, and NFS based. In the past I tried to achieve similar functionality via cron jobs, login scripts, ssh and nx management, and queuing system — but it is not an elegant solution, and it is hacked a lot. Since I think these requirements should be pretty standard for a computer lab, I am surprised to see that I cannot find something already written for it. Do you know of a similar system, preferably open source? A commercial solution could be acceptable as well.
Businesses

California In the Running For Tesla Gigafactory 171

Posted by samzenpus
from the if-you-build-it dept.
An anonymous reader writes Thanks to some clean-energy tax incentives approved late this spring, California appears to be in the running again for Tesla's "Gigafactory". From the article: "The decision should have been made by now, and ground broken, according to the company's timeline, but is on hold, allowing California, which was not in the race initially — CEO Elon Musk has called California an improbable choice, citing regulations — to throw its hat in the ring. 'In terms of viability, California has progressed. Now it's a four-plus-one race,' said Simon Sproule, Tesla's vice president of global communication and marketing, referring to the four named finalists — Texas, Arizona, New Mexico and Nevada — for the prize. That's heartening. Having the Gigafactory would be a vindication of Gov. Jerry Brown's drive to make California the home of advanced manufacturing, of which Tesla's battery technology is a prime example. With its technology, 'Tesla may be in position to disrupt industries well beyond the realm of traditional auto manufacturing. It's not just cars,' a Morgan Stanley analyst told Quartz, an online business publication last year.
Wikipedia

Russian Government Edits Wikipedia On Flight MH17 665

Posted by samzenpus
from the writing-history dept.
An anonymous reader writes A political battle has broken out on Wikipedia over an entry relating to the crash of Malaysian Airlines flight MH17, with the Russian government reportedly removing sections which accuse it of providing 'terrorists' with missiles that were used to down the civilian airliner. A Twitter bot which monitors edits made to the online encyclopedia from Russian government IP addresses spotted that changes are being made to a page relating to the crash. All-Russia State Television and Radio Broadcasting Company (VGTRK) changed a Russian language version of a page listing civil aviation accidents to say that "The plane was shot down by Ukrainian soldiers." That edit replaced text – written just an hour earlier – which said MH17 had been shot down "by terrorists of the self-proclaimed Donetsk People's Republic with Buk system missiles, which the terrorists received from the Russian Federation."
Education

High School Students Not Waiting For Schools To Go Online 82

Posted by samzenpus
from the on-my-own dept.
lpress writes UCLA conducts an annual survey of first-time, full-time college freshman and this year they included questions about the use of online education sites like Coursera and The Khan Academy. It turns out that over 40 percent of the incoming freshmen were frequently or occasionally assigned to use an online instructional website during the past year and nearly 70 percent had used online sites on their own. Students enrolling in historically black colleges were much more likely than others to have used online teaching material. They also compile a "habits of mind" index, and conclude that "Students who chose to independently use online instructional websites are also more likely to exhibit behaviors and traits associated with academic success and lifelong learning." The survey covers many other characteristics of incoming freshmen — you can download the full report here
Ubuntu

MicroxWin Creates Linux Distribution That Runs Debian/Ubuntu & Android Apps 42

Posted by samzenpus
from the all-in-one dept.
An anonymous reader writes VolksPC who developed MicroXwin as a lightweight X Window Server has come up with their own Linux distribution. Setting apart VolksPC's distribution from others is that it's based on both Debian and Android and has the capability to run Debian/Ubuntu/Android apps together in a native ARM experience. The implementation doesn't depend on VNC or other similar solutions of the past that have tried to join desktop apps with mobile Android apps. This distribution is also reportedly compatible with all Android applications. The distribution is expected to begin shipping on an ARM mini-PC stick.
Security

New Mayhem Malware Targets Linux and UNIX-Like Servers 165

Posted by Soulskill
from the keep-calm-and-patch-on dept.
Bismillah writes: Russian security researchers have spotted a new malware named Mayhem that has spread to 1,400 or so Linux and FreeBSD servers around the world, and continues to look for new machines to infect. And, it doesn't need root to operate. "The malware can have different functionality depending on the type of plug-in downloaded to it by the botmaster in control, and stashed away in a hidden file system on the compromised server. Some of the plug-ins provide brute force cracking of password functionality, while others crawl web pages to scrape information. According to the researchers, Mayhem appears to be the continuation of the Fort Disco brute-force password cracking attack campaign that began in May 2013."
X

X.Org Server 1.16 Brings XWayland, GLAMOR, Systemd Integration 224

Posted by Unknown Lamer
from the x11-will-outlast-us-all dept.
An anonymous reader writes The much anticipated Xorg Server 1.16 release is now available. The X.Org "Marionberry Pie" release features XWayland integration, GLAMOR support, systemd support, and many other features. XWayland support allows for legacy X11 support in Wayland environments via GL acceleration, GLAMOR provides generic 2D acceleration, non-PCI GPU device improvements, and countless other changes. The systemd integration finally allows the X server to run without root privileges, something in the works for a very long time. The non-PCI device improvements mean System-on-a-Chip graphics will work more smoothly, auto-enumerating just like PCI graphics devices do. As covered previously, GLAMOR (the pure OpenGL acceleration backend) has seen quite a bit of improvement, and now works with Xephyr and XWayland.
Botnet

Pushdo Trojan Infects 11,000 Systems In 24 Hours 31

Posted by Unknown Lamer
from the bots-everywhere dept.
An anonymous reader writes Bitdefender has discovered that a new variant of the Trojan component, Pushdo, has emerged. 77 machines have been infected in the UK via the botnet in the past 24 hours, with more than 11,000 infections reported worldwide in the same period. The countries most affected so far by the Pushdo variant are India, Vietnam and Turkey. Since Pushdo has resurfaced, the public and private keys used to protect the communication between the bots and the Command and Control Servers have been changed, but the communication protocol remains the same.
Security

Breaches Exposed 22.8 Million Personal Records of New Yorkers 41

Posted by Unknown Lamer
from the what-is-security dept.
An anonymous reader writes Attorney General Eric T. Schneiderman issued a new report examining the growing number, complexity, and costs of data breaches in the New York State. The report reveals that the number of reported data security breaches in New York more than tripled between 2006 and 2013. In that same period, 22.8 million personal records of New Yorkers have been exposed in nearly 5,000 data breaches, which have cost the public and private sectors in New York upward of $1.37 billion in 2013. The demand on secondary markets for stolen information remains robust. Freshly acquired stolen credit card numbers can fetch up to $45 per record, while other types of personal information, such as Social Security numbers and online account information, can command even higher prices.
The Internet

French Blogger Fined For Negative Restaurant Review 424

Posted by Soulskill
from the enjoy-your-streisand-effect dept.
An anonymous reader sends an article about another case in which a business who received a negative review online decided to retaliate with legal complaints. In August of last year, a French food blogger posted a review of an Italian restaurant called Il Giardino. The restaurant owners responded with legal threats based on the claim that they lost business from search results which included the review. The blogger deleted the post, but that wasn't enough. She was brought to court, and a fine of €1,500 ($2,040) was imposed. She also had to pay court costs, which added another €1,000 ($1,360). The blogger said, "Recently several writers in France were sentenced in similar proceedings for defamation, invasion of privacy, and so on. ... I don't see the point of criticism if it's only positive. It's clear that online, people are suspicious of places that only get positive reviews."
Businesses

Comcast Customer Service Rep Just Won't Take No For an Answer 401

Posted by Soulskill
from the it's-comcastic dept.
RevWaldo writes: The Verge and other sources report on how AOL's Ryan Block ultimately succeeded in cancelling his Comcast account over the phone, but not before the customer service representative pressed him for eight solid minutes (audio) to explain his reasoning for leaving "the number one provider of TV and internet service in the country" in a manner that would cause a character in Glengarry Glen Ross to blush. Comcast has now issued an apology.
Networking

OpenWRT 14.07 RC1 Supports Native IPv6, Procd Init System 70

Posted by Unknown Lamer
from the bofh-excuse-#3847-replacing-router-os dept.
An anonymous reader writes Release Candidate One of OpenWRT 14.07 "Barrier Breaker" is released. Big for this tiny embedded Linux distribution for routers in 14.07 is native IPv6 support and the procd init system integration. The native IPv6 support is with the RA and DHCPv6+PD client and server support plus other changes. Procd is OpenWRT's new preinit, init, hotplug, and event system. Perhaps not too exciting is support for upgrading on devices with NAND, and file system snapshot/restore so you can experiment without fear of leaving your network broken. There's also experimental support for the musl standard C library.
Security

Critical Vulnerabilities In Web-Based Password Managers Found 114

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes A group of researchers from University of California, Berkeley, have analyzed five popular web-based password managers and have discovered vulnerabilities that could allow attackers to learn a user's credentials for arbitrary websites. The five password managers they analyzed are LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword. "Of the five vendors whose products were tested, only the last one (NeedMyPassword) didn't respond when they contacted them and responsibly shared their findings. The other four have fixed the vulnerabilities within days after disclosure. 'Since our analysis was manual, it is possible that other vulnerabilities lie undiscovered,' they pointed out. They also announced that they will be working on a tool that automatizes the process of identifying vulnerabilities, as well as on developing a 'principled, secure-by-construction password manager.'"
Education

Prof. Andy Tanenbaum Retires From Vrije University 136

Posted by timothy
from the congratulations-and-good-wishes dept.
When Linus Torvalds first announced his new operating system project ("just a hobby, won't be big and professional like gnu"), he aimed the announcement at users of Minix for a good reason: Minix (you can download the latest from the Minix home page) was the kind of OS that tinkerers could afford to look at, and it was intended as an educational tool. Minix's creator, Professor Andrew Stuart "Andy" Tanenbaum, described his academic-oriented microkernel OS as a hobby, too, in the now-famous online discussion with Linus and others. New submitter Thijssss (655388) writes with word that Tanenbaum, whose educational endeavors led indirectly to the birth of Linux, is finally retiring. "He has been at the Vrije Universiteit for 43 years, but everything must eventually end."
Networking

Alcatel-Lucent's XG-FAST Pushes 10,000Mbps Over Copper Phone Lines 149

Posted by Unknown Lamer
from the exhaust-your-uverse-cap-in-half-a-second dept.
Mark.JUK (1222360) writes The Bell Labs R&D division of telecoms giant Alcatel-Lucent has today claimed to set a new world record after they successfully pushed "ultra-broadband" speeds of 10,000 Megabits per second (Mbps) down a traditional copper telephone line using XG-FAST technology, which is an extension of G.fast (ITU G.9700).

G.fast is a hybrid-fiber technology, which is designed to deliver Internet speeds of up to 1000Mbps over runs of copper cable (up to around 250 meters via 106MHz+ radio spectrum). The idea is that a fiber optic cable is taken closer to homes and then G.fast works to deliver the last few meters of service, which saves money because the operator doesn't have to dig up your garden to lay new cables. XG-FAST works in a similar way but via an even shorter run of copper and using frequencies of up to 500MHz. For example, XG-FAST delivered its top speed of 10,000Mbps by bonding two copper lines together over just 30 meters of cable.
Games

Dwarf Fortress Gets Biggest Update In Years 138

Posted by Soulskill
from the games-more-complicated-than-particle-colliders dept.
An anonymous reader writes Dwarf Fortress, the epic, ASCII text-based, roguelike citybuilding game, just released its biggest update in years. The game is notable for its incredible depth, and the new release only extends it. Here are the release notes — they won't make much sense if you don't play the game, but they'll give you a sense of how massively complex Dwarf Fortress is. It's also worth noting the a team of modders has recently released a new version Stonesense utility, which renders the game in 3-D from an isometric point of view. "[T]he utility relies on DFHack, a community-made library that reads the game's memory and can be parsed, thus allowing for additional utilities to render things while bypassing the initial ASCII output." If you're unfamiliar with the game, here's an illustrated depiction of an amazing story generated by the game.

Memory fault -- brain fried

Working...