Spam

Attackers Use Email Spam To Infect Point-of-Sale Terminals 68

Posted by samzenpus
from the protect-ya-neck dept.
jfruh writes: Point-of-sale software has meant that in many cases where once you'd have seen a cash register, you now see a general-purpose PC running point-of-sale (PoS) software. Unfortunately, those PCs have all the usual vulnerabilities, and when you run software on it that processes credit card payments, they become a tempting target for hackers. One of the latest attacks on PoS software comes in the form of malicious Word macros downloaded from spam emails.
Firefox

Firefox's Optional Tracking Protection Reduces Load Time For News Sites By 44% 191

Posted by Soulskill
from the definition-of-a-win-win dept.
An anonymous reader writes: Former Mozilla software engineer Monica Chew and Computer Science researcher Georgios Kontaxis recently released a paper (PDF) that examines Firefox's optional Tracking Protection feature. The duo found that with Tracking Protection enabled, the Alexa top 200 news sites saw a 67.5 percent reduction in the number of HTTP cookies set. Furthermore, performance benefits included a 44 percent median reduction in page load time and 39 percent reduction in data usage.
Blackberry

Microsoft Reportedly May Acquire BlackBerry 124

Posted by samzenpus
from the circle-of-business dept.
New submitter techtsp writes: Microsoft is just one one of many companies reportedly looking to get a bigger piece of the enterprise mobile market by buying BlackBerry. Reports claim that Chinese firms including Huawei, Lenovo and Xiaomi are also interested in picking up BlackBerry following the company's recent return to profitability. This report comes on the heels of BlackBerry announcing it is cutting jobs across its global business units in an attempt to consolidate its software, hardware and applications business.
Mars

Software Patch Fixes Mars Curiosity Rover's Auto-focus Glitch 53

Posted by Soulskill
from the careful-with-those-semi-colons dept.
An anonymous reader writes: Scientists from Los Alamos National Laboratory have successfully uploaded and applied a software patch to NASA's Curiosity Rover on Mars. The patch fixes a focusing problem that cropped up in November when the laser that helps to focus one of its cameras failed. "Without this laser rangefinder, the ChemCam instrument was somewhat blind," said Roger Wiens, ChemCam principal investigator at Los Alamos. "The main laser that creates flashes of plasma when it analyzes rocks and soils up to 25 feet [7.6 meters] from the rover was not affected, but the laser analyses only work when the telescope projecting the laser light to the target is in focus." Before the fix, scientists had to shoot images at nine different focus settings to distill a decent set of data. Now, they say the new software results in better images in a single shot than even before the laser broke down. The program that runs the instrument is only 40 kilobytes in size.
Sci-Fi

The Hoverboard Flies Closer To Reality 74

Posted by Soulskill
from the for-when-you-want-to-travel-in-a-highly-inefficient-manner dept.
Dave Knott writes: Fans of 1980s cinema were disappointed when the year 2015 arrived without a practical version Marty McFly's hoverboard. Now, a Montréal-based man has brought it closer to reality by setting a new record for longest "flight" by hoverboard. In a filmed test recognized by the Guiness Book of World Records, Catalin Alexandru Duru pilots his somewhat cumbersome looking rig for 250 meters — five times the previous record — at a height of five meters above Quebec's Lake Ouareau. Duru and his business partner "hope to have a new prototype finished by the end of the year and then have hoverboards available for purchase across the country. He wouldn't say how much the prototype cost to build, but said that the first generation of the machine will likely be 'quite expensive.'" "This thing is still quite dangerous," he added, explaining that the pilot uses only his or her feet to fly the contraption. The commercial version's software will limit it to flying below a height of about one-and-a-half meters above the ground.
Operating Systems

Google Developing 'Brillo' OS For Internet of Things 222

Posted by Soulskill
from the won't-run-on-your-brilloPad dept.
An anonymous reader writes: A new report from The Information (paywalled) says Google is working on an operating system called "Brillo" that would be a platform for Internet-of-things devices. It's supposedly a lightweight version of Android, capable of running on devices with extremely limited hardware — as little as 32 MB of RAM, for example. The company is expected to launch the code for Brillo at its I/O event next week. This is particularly relevant now that Google has acquired Nest, Dropcam, and Revolv — a trio of "smart home" companies whose devices could potentially by unified by Brillo.
Cloud

A Conversation with Druva Co-Founder Jaspreet Singh (Video) 39

Posted by Roblimo
from the doo-wop-is-now-de-dupe dept.
This was originally going to be an interview about the state of enterprise-level backup software in an increasingly edge computing-focused world, but we rapidly drifted into talking about how Druva started in Pune (near Bangalore) and ended up moving to Silicon Valley. We hear plenty about American software companies moving to India, but not a lot about Indian software companies moving here. Druva had good reasons for the move, the chief one being a financing deal with Sequoia Capital. Aside from that, though, Jaspreet says the talent pool -- not just developers but software marketing people and other important staffers -- is more concentrated in Silicon Valley than almost anywhere else in the world. 'It's like Hollywood for geeks,' Jaspreet says. This doesn't mean business is necessarily easy in the USA: Jaspreet ended up laying off his entire staff. Twice. And he made other mistakes as a young, new CEO bringing a company to life in a crowded field.

Those mistakes, which Jaspreet shares freely with us, are like a business school 'Start-Up Pitfalls' class. You may never want to do your own startup, but if you're a developer or otherwise involved with the software industry, there's a good chance that you'll have a chance to work for one at some point. And if you have that chance, you'll be glad you watched this video (or read the transcript) before you take the startup plunge.
Google

NSA Planned To Hijack Google App Store To Hack Smartphones 94

Posted by samzenpus
from the all-the-better-to-see-you-with dept.
Advocatus Diaboli writes: A newly released top secret document reveals that the NSA planned to hijack Google and Samsung app stores to plant spying software on smartphones. The report on the surveillance project, dubbed "IRRITANT HORN," shows the U.S. and its "Five Eyes" alliance: Canada, the United Kingdom, New Zealand and Australia, were looking at ways to hack smartphones and spy on users. According to The Intercept: "The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012."
Businesses

Security Researchers Wary of Wassenaar Rules 34

Posted by samzenpus
from the rules-of-the-game dept.
msm1267 writes: The Commerce Department's Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement, and computer security specialists are wary of its language and vagaries. For starters, its definition of "intrusion software" that originally was meant to stem the effect of spying software such as FinFisher and Hacking Team, has also apparently snared many penetration testing tools. Also, despite the Commerce Department's insistence that vulnerability research does not fall under Wassenaar, researchers say that's up for interpretation.
Government

US Proposes Tighter Export Rules For Computer Security Tools 126

Posted by timothy
from the we'd-like-to-inspect-that-package dept.
itwbennett writes: The U.S. Commerce Department has proposed tighter export rules for computer security tools and could prohibit the export of penetration testing tools without a license. The proposal would modify rules added to the Wassenaar Arrangement in 2013 that limit the export of technologies related to intrusion and traffic inspection. The definition of intrusion software would also encompass 'proprietary research on the vulnerabilities and exploitation of computers and network-capable devices,' the proposal said.
Security

Telstra Says Newly Acquired Pacnet Hacked, Customer Data Exposed 15

Posted by samzenpus
from the getting-to-know-all-about-you dept.
An anonymous reader writes: Telstra’s Asian-based data center and undersea cable operator Pacnet has been hacked exposing many of the telco’s customers to a massive security breach. The company said it could not determine whether personal details of customers had been stolen, but it acknowledged the possibility. The Stack reports: "Telstra said that an unauthorized third party had been able to gain access to the Pacnet business management systems through a malicious software installed via a vulnerability on an SQL server. The hack had taken place just weeks before Telstra acquired the Asian internet service provider for $550mn on 16 April this year. The telecom company confirmed that it had not been aware of the hack when it signed the deal in December 2014."
Chrome

New Chrome Extension Uses Sound To Share URLs Between Devices 77

Posted by samzenpus
from the sound-of-malware dept.
itwbennett writes: Google Tone is an experimental feature that could be used to easily and instantly share browser pages, search results, videos and other pages among devices, according to Google Research. "The initial prototype used an efficient audio transmission scheme that sounded terrible, so we played it beyond the range of human hearing," researcher Alex Kauffmann and software engineer Boris Smus wrote in a post on the Google Research blog.
Security

How 1990s Encryption Backdoors Put Today's Internet In Jeopardy 42

Posted by samzenpus
from the grunge-net dept.
An anonymous reader writes: While debate swirls in Washington D.C. about new encryption laws, the consequences of the last crypto war is still being felt. Logjam vulnerabilities making headlines today is "a direct result of weakening cryptography legislation in the 1990s," researcher J. Alex Halderman said. "Thanks to Moore's law and improvements in cryptanalysis, the ability to break that crypto is something really anyone can do with open-source software. The backdoor might have seemed like a good idea at the time. Maybe the arguments 20 years ago convinced people this was going to be safe. History has shown otherwise. This is the second time in two months we've seen 90s era crypto blow up and put the safety of everyone on the internet in jeopardy."
Firefox

Adblock Plus Launches Adblock Browser: a Fork of Firefox For Android 111

Posted by Soulskill
from the unblocking-the-blocked-blocker dept.
An anonymous reader writes: Adblock Plus has launched Adblock Browser for Android. Currently in beta, the company's first browser was created by taking the open source Firefox for Android and including Adblock Plus out-of-the-box. The Firefox Sync functionality is disabled, as is the ability to use other addons. "Adblock Plus for Android got kicked out of Google Play along with other ad blocking apps in March 2013, because Google’s developer distribution agreement states apps cannot interfere with the functionality of other apps. Williams thus believes Adblock Browser “should be fine” as it only blocks ads that are shown as you browse the Web."
Networking

Ask Slashdot: Best Way To Solve a Unique Networking Issue? 384

Posted by timothy
from the that-seems-like-a-decent-way dept.
New submitter petro-tech writes: I work as a service technician, maintaining and repairing gas pumps and POS equipment. In my day to day activities, one that consumes a ton of time and is relatively regular is the process of upgrading the software on pumps. This is done by connecting to the pump via direct ethernet from my laptop, then running a manufacturer-provided program that connects to the device and pushes the new software. Some sites have 8+ pumps with 2 devices in each, and at 20-30 minutes apiece this can be quite time consuming. Unfortunately the devices are not actually on a network, and as such cannot be updated remotely, also since they are not on a network, they are all configured with the same IP address. Additionally the software doesn't allow you to specify the adapter to use. I would like to be able to get to a site, connect a cable to each pump, and load them all at the same time. The only way I can figure to accomplish this with the software we've been provided is to do this: Get a 16-port powered USB hub, with a usb-ethernet adaptor in each port; Set up 16 VM's with extremely stripped down XP running on each, with only one USB-ethernet adaptor assigned to each VM; Set XP to boot the application for loading software as its shell; and load each device that way at the same time. Is there a better way to accomplish this?
Encryption

Australian Law Could Criminalize the Teaching of Encryption 205

Posted by Soulskill
from the technophobes-writing-laws dept.
New submitter petherfile writes: According to Daniel Mathews, new laws passed in Australia (but not yet in effect) could criminalize the teaching of encryption. He explains how a ridiculously broad law could effectively make any encryption stronger than 512 bits criminal if your client is not Australian. He says, "In short, the DSGL casts an extremely wide net, potentially catching open source privacy software, information security research and education, and the entire computer security industry in its snare. Most ridiculous, though, are some badly flawed technicalities. As I have argued before, the specifications are so imprecise that they potentially include a little algorithm you learned at primary school called division. If so, then division has become a potential weapon, and your calculator (or smartphone, computer, or any electronic device) is a potential delivery system for it."
Programming

Choosing the Right IDE 441

Posted by Soulskill
from the whichever-one-reminds-me-when-my-code-sucks dept.
Nerval's Lobster writes: Modern software development often requires working with multiple tools in a variety of languages. The complexity can give even the most skilled developer a nasty headache, which is why many try to rely on Integrated Development Environments (IDEs) to accomplish most of the work; in addition to source-code editors and automation, some even feature intelligent code completion. With so much choice out there, it's hard to settle on an IDE, so we interviewed several developers, who collectively offered up a list of useful questions to ask when evaluating a particular IDE for use. But do developers even need an IDE at all? When you go to smaller, newer developer shops, you're seeing a lot more standalone editors and command-line tools; depending on what you do, you might just need a good editor, and to master the command-line tools for the languages you use. What IDE do you prefer, if any, and why?
Software

Software Glitch Caused Crash of Airbus A400M Military Transport Aircraft 120

Posted by Soulskill
from the complexity-breeds-failures dept.
An anonymous reader writes: A software glitch caused the crash of an Airbus A400M military transport aircraft, claims German newspaper Der Spiegel (Google translation). The accident, which happened in Seville on the vehicle's first production test flight on 9 May, killed four crew members. Airbus is investigating the system controlling the aircraft's engines. The early suspicions are that it was an installation problem, rather than a design problem.
Television

Why Apple Ditched Its Plan To Build a Television 243

Posted by Soulskill
from the team-shifted-to-smellovision-development dept.
Apple has been rumored to be developing their own line of HDTVs for years, but a new report from the Wall Street Journal (paywalled) says while those plans did exist, they've been abandoned. Apple began pondering the idea of jumping into the television market roughly a decade ago, as iTunes started hosting video content. The AppleTV made a foray into living rooms in 2007, and other devices reached the prototype stage. The company continued to do research and work on their ideas, but eventually gave up more than a year ago. Apple had searched for breakthrough features to justify building an Apple-branded television set, those people said. In addition to an ultra-high-definition display, Apple considered adding sensor-equipped cameras so viewers could make video calls through the set, they said. Ultimately, though, Apple executives didn't consider any of those features compelling enough to enter the highly competitive television market, led by Samsung Electronics Co. Apple typically likes to enter a new product area with innovative technology and easier-to-use software.
Encryption

Trojanized, Info-Stealing PuTTY Version Lurking Online 216

Posted by timothy
from the at-your-command-prompt dept.
One of the best first steps in setting up a Windows machine is to install PuTTY on it, so you have a highly evolved secure shell at your command. An anonymous reader writes, though, with a note of caution if you're installing PuTTY from a source other than the project's own official page. A malicious version with information-stealing abilities has been found in the wild. According to the article: Compiled from source, this malicious version is apparently capable of stealing the credentials needed to connect to those servers. "Data that is sent through SSH connections may be sensitive and is often considered a gold mine for a malicious actor. Attackers can ultimately use this sensitive information to get the highest level of privileges on a computer or server, (known as 'root' access) which can give them complete control over the targeted system," the researchers explained. The Symantec report linked above also shows that (at least for this iteration) the malware version is easy to spot, by hitting the "About" information for the app.