Slashdot.org

Syndicate content Slashdot
News for nerds, stuff that matters
Updated: 1 hour 1 min ago

Slashdot Asks: Does Your Company Have A Breach Response Team?

Sun, 06/19/2016 - 12:35
This week HelpNetSecurity reported on a study that found that "the average data breach cost has grown to $4 million, representing a 29 percent increase since 2013.. 'The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don't have a plan in place to deal with this process efficiently," said Caleb Barlow, Vice President, of IBM Security." But the most stunning part of the study was that each compromised record costs a company $158 (on average), and up to $355 per record in more highly-regulated industries like healthcare, according to the study -- $100 more than in 2013. And yet it also found that having an "incident response team" greatly reduces the cost of a data breach. So I'd be curious how many Slashdot readers work for a company that actually has a team in place to handle data breaches. Leave your answers in the comments. Does your company have an incident response team ?

Read more of this story at Slashdot.

Big Tech Squashes New York's 'Right To Repair' Bill

Sun, 06/19/2016 - 11:30
Damon Beres, writing for The Huffington Post: Major tech companies like Apple have trampled legislation that would have helped consumers and small businesses fix broken gadgets. New York state legislation that would have required manufacturers to provide information about how to repair devices like the iPhone failed to get a vote, ending any chance of passage this legislative session. Similar measures have met the same fate in Minnesota, Nebraska, Massachusetts and, yes, even previously in New York. Essentially, politicians never get to vote on so-called right to repair legislation because groups petitioning on behalf of the electronics industry gum up the proceedings. "We were disappointed that it wasn't brought to the floor, but we were successful in bringing more attention to the issue," New York state Sen. Phil Boyle (R), a sponsor of the bill, told The Huffington Post.

Read more of this story at Slashdot.

KDE Bug Fixed After 13 Years

Sun, 06/19/2016 - 10:30
About 50 KDE developers met this week in the Swiss Alps for the annual Randa Meetings, "seven days of intense in-person work, pushing KDE technologies forward and discussing how to address the next-generation demands for software systems." Christoph Cullmann, who maintains the Kate editor, blogs that during this year's sprint, they finally fixed a 13-year-old bug. He'd filed the bug report himself -- back in 2003 -- and writes that over the next 13 years, no one ever found the time to fix it. (Even though the bug received 333 "importance" votes...) After finally being marked Resolved, the bug's tracking page at KDE.org began receiving additional comments marveling at how much time had passed. Just think, when this bug was first reported: -- The current Linux Kernel was 2.6.31... -- Windows XP was the most current desktop verison. Vista was still 3 years away. -- Top 2 Linux verions? Mandrake and Redhat (Fedora wouldn't be released for another 2 months, Ubuntu's first was more than a year away.)

Read more of this story at Slashdot.

South Australia Refuses To Stop Using An Expired, MS-DOS-Based Health Software

Sun, 06/19/2016 - 09:30
jaa101 writes: The Australian state of South Australia is being sued for refusing to stop using CHIRON, an MS-DOS-based software from the '90s that stores patient records. Their license expired in March of 2015, but they claim it would be risky to stop using it. CHIRON's vendor, Working Systems, says SA Health has been the only user of CHIRON since 2008 when they declined to migrate to the successor product MasterCare ePAS. SA Health has 64 sites across South Australia -- all of which are apparently still using the MS-DOS-based health software from the 1990s.

Read more of this story at Slashdot.

Mattel Sells Out Of 'Game Developer Barbie'

Sun, 06/19/2016 - 08:30
Long-time Slashdot reader sandbagger writes: The Mattel people have released a new Barbie doll figurine touted as Game Developer Barbie. Dressed in jeans and a t-shirt, she was apparently designed by a game developer. It's already sold out on Mattel's web site, with CNET saying it provides a better role model than a 2014 book In which "computer engineer" Barbie designed a cute game about puppies, then admitted "I'll need Steven's and Brian's help to turn it into a real game," before her laptop crashed with a virus. Mattel says that with this new doll, "young techies can play out the creative fun of this exciting profession," and the doll even comes with a laptop showing an IDE on the screen. Sandbagger's original submission ended with a question. Do Slashdot readers think this will inspire a new generation of programmers to stay up late writing code?

Read more of this story at Slashdot.

The Geek Behind Google's Takeover of the Map

Sun, 06/19/2016 - 06:30
tedlistens writes: Google's map isn't just a map. It's a living, complex manifestation of the data that billions of users and a team of thousands of engineers and designers feed it every day. The public face of the company's mapping effort is Ed Parsons, a gregarious Briton and geographer who as Google's Geospatial Technologist evangelizes for its mission of organizing the world's geographic information. He also works on building the trust the company needs to make Google Maps and Google Earth more detailed, useful, and increasingly, 3-D and interactive -- what he describes as "a selfie for the planet." The terrain isn't easy: that mission faces challenges from cartographical purists, hoping to preserve the art of cartography, and the democratic mappers of OpenStreetMap ("it's become almost a parody"); from governments seeking to police sensitive borders; from a host of tech companies fighting over the map business; and from privacy defenders concerned about what Google does with that data. "We're kind of looking at what to do with it. We've got a very rich source of data there, but also one that we have to be very careful of," he says. "Your location on the planet is one of the most sensitive pieces of information that anyone can hold on you."

Read more of this story at Slashdot.

Bill Gates' Donation of Thousands of Chickens Rejected by Bolivia

Sun, 06/19/2016 - 02:30
HughPickens.com shares an article from The Verge: Bill Gates' philanthropic efforts are usually greeted with near-universal praise, but a recent attempt by the US billionaire to donate 100,000 chickens ruffled some feathers. The leftist government of Bolivia...has refused the donation, describing Gates' gift as "offensive." "He does not know Bolivia's reality to think we are living 500 years ago, in the middle of the jungle not knowing how to produce," said Cesar Cocarico [Bolivia's minister of land and rural development]... "Respectfully, he should stop talking about Bolivia, and once he knows more, apologize to us." Gates' "Coop Dreams" initiative partnered with Heifer International, a group which fights poverty by delivering livestock and agricultural training, to deliver 100,000 chickens around the world, mostly to sub-Saharan Africa, as a way to improve the lives of people making $2 a day. In a blog post Gates noted that chickens are cheap and easy to take care, while selling flocks of chickens can be a profitable business, and raising chickens offers other benefits to children and families. "Our foundation is betting on chickens..." Gates writes, adding "if I were in their shoes, that's what I would do -- I would raise chickens."

Read more of this story at Slashdot.

Open and Rich Co-exist But Don't Mingle So Much

Sat, 06/18/2016 - 22:30
In an interview with The Atlantic, Ev Williams, best known for co-founding Blogger, Twitter, and Medium, says the web is about money now -- and not creativity. According to him, the burst of creativity has repeatedly been followed by big companies showing up and locking it down. From the article: But the thing about dreaming up a future, and making it real, is then you have to live in it. Back in San Francisco, coming out of the BART station on Market Street, he admits that the web game has changed since he came up. [Editor's note: he is talking about web services that allow you to book a taxi with an app, pay for stuff you purchase with your phone]. "There were always ecommerce startups," he says. "I was never part of that world, and we kind of looked down on them when the whole boom was happening. We were creating businesses, but ours had more creativity, ours weren't just for the money. Or maybe ours were even for utility but not just money, whereas clearly there are ways for both." He laughs. "Even the Google guys -- they were trying to create something really useful and good for the world, and they made all the money." Software developer and writer Dave Winer disagrees. He believes that not all technologies are money-driven -- at least when you look at it from a different perspective. He writes: The fun is over. Now it's about money. I guess that's what you see from his perspective. And from Facebook, Apple and Google, and maybe Oracle and Salesforce, and a few others. But there are technologies that went a different way. My favorite example is Manhattan's relationship to Central Park. The apartment buildings around the park are the money, and the creativity is in the park. The buildings are exclusive, the most expensive real estate in the world. The park is open to anyone, rich or poor, from anywhere in the world. The park is the engine of renewal. It's where the new stuff comes from. The buildings are where the money is parked. In the interview Williams did with the Atlantic, in NYC, they looked into the park from a nearby hotel. That's one valid perspective of course. Or you could go for a walk and see wha''s happening inside the park. You can see a great concert at Lincoln Center or Carnegie Hall, but there's great music in the park too. It's different. But it's good music. And the price is right.

Read more of this story at Slashdot.

Political Party's Videoconference System Hacked, Allowed Spying On Demand

Sat, 06/18/2016 - 20:30
The political party heading the Quebec parliament "had its internal videoconference system hacked in what seems to be a default password hack," writes Slashdot reader courteaudotbiz , citing reports in a Canadian newspaper. "Quebec Liberals got a lesson in how not to use the internet," joked one Quebec news station, writing that the security flaw "allowed anyone to gain access to strategy meetings and watch any of the party's live video conferences; and at least one person did... According to the source it was as easy as using a commonly used password, that is often the default code that never gets changed." While the default password has since been changed, it represents the second high-profile Canadian password screw-up, since last week in Winnipeg, "Two 14-year-old high school students managed to hack into a Bank of Montreal ATM at a super market during their lunch break using an operator's manual they found online... They notified a nearby BMO branch manager, who was nice enough to write the pair notes for being absent from school as they showed security personnel how they did it."

Read more of this story at Slashdot.

Delete Or Update All Adobe Flash Player Instances, Experts Warn

Sat, 06/18/2016 - 18:33
An anonymous reader quotes an article from BankInfoSecurity: Security experts are once again warning enterprises to immediately update -- or delete -- all instances of the Adobe Flash Player they may have installed on any system in the wake of reports that a zero-day flaw in the web browser plug-in is being targeted by an advanced persistent threat group.... The bug exists in Adobe Flash Player 21.0.0.242 and earlier versions -- running on Windows, Mac, Linux, and Chrome OS -- and "successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system." Thursday Adobe released an updated version of Flash patching 36 separate vulnerabilities, including the critical vulnerability which "if exploited would allow malicious native-code to execute, potentially without a user being aware." While applauding Adobe's quick response, researchers at Kaspersky Lab say it's already been exploited in Russia, Nepal, South Korea, China, India, Kuwait and Romania, and BankInfoSecurity writes that "The latest warning over this campaign reinforces just how often APT attackers target Flash, thus making a potential business case for banning it for inside the enterprise."

Read more of this story at Slashdot.

New Algorithm Could Help Predict Future ISIS Attacks

Sat, 06/18/2016 - 16:26
An anonymous reader writes: Researchers have developed a new algorithm which may help law enforcement agencies predict potential terror attacks. The computer model has a particular focus on the behavioral patterns associated with Islamic State (ISIS) supporters... For eight months in 2015, the researchers tracked 108,086 individual followers on ISIS-related social media pages, noting that sudden increases in the number of pages "preceded the onset of violence in a way that would not have been detected by looking at social media references to ISIS alone." According to The Stack, the University of Miami team "used a mathematical equation typically applied in physics and chemistry to monitor the development and growth of pro-ISIS groups. 'It was like watching crystals forming. We were able to see how people were materializing around certain social groups; they were discussing and sharing information -- all in real-time... This removes the guess work. With that road map, law enforcement can better navigate what is going on, who is doing what, while state security agencies can better monitor what might be developing,..."

Read more of this story at Slashdot.

Fedora QA Lead Pans Canonical 'Propaganda' On Snap Apps

Sat, 06/18/2016 - 15:30
Long-time Slashdot reader JImbob0i0 shares a scathing article by Red Hat's Fedora QA "community monkey"/senior QA engineer on Canonical's announcement about their application delivery mechanism "snap"... ...and how it's going to unite all distributions and kill apt and rpm! This is, to put it diplomatically, a heaping pile of steaming bullshit... The press release and the stories together give you the strong impression that this thing called Snappy is going to be the cross-distribution future of application delivery, and it's all ready for use today and lots of major distributions are buying into it... The stories have headlines like "Adios apt and yum? Ubuntu's snap apps are coming to distros everywhere" and "Snap Packages Become Universal Binary Format for All GNU/Linux Distributions"... Now, does Snappy actually have the cross-distribution buy-in that the press release claims (but never outright states) that it has? No... The sum total of communication between Canonical and Fedora before the release of this press release was that they mailed us asking about the process of packaging snappy for Fedora, and we told them about the main packaging process and COPR. They certainly did not in any way inform Fedora that they were going to send out a press release strongly implying that Fedora, along with every other distro in the world, was now a happy traveler on the Snappy bandwagon... They just decided to send out a wildly misleading press release and actively encourage the specialist press to report that Snappy was all set to take over the world and everyone was super happy with that.

Read more of this story at Slashdot.

Ask Slashdot: Should You Store Medical Details In The Cloud?

Sat, 06/18/2016 - 14:30
"Paper forms are a security risk", warns the web site for CareMonkey, which maintains digital and up-to-date medical information in the cloud "for any organization with a duty of care". This is raising concerns for long-time Slashdot reader rolandw, who says he's being asked by his daughter's school to approve using the site to store "her full medical details". CareMonkey say that this data is stored on AWS and their security page says that it is secured by every protocol ever claimed by AWS (apparently). As a sysadmin and developer who has used AWS extensively for non-secure information my alarm bells are sounding. Should he ignore those alarm bells and approve the storage of his daughter's medical history in the cloud? And if not, what specific reason would you give for refusing?

Read more of this story at Slashdot.

Court Slams Record Companies in New Vimeo/DMCA Ruling

Sat, 06/18/2016 - 13:30
Remember when Capitol Records sued Vimeo over copyright-violating videos? They just lost in court again, when an Appeals court overruled three lower court decisions. Slashdot reader NewYorkCountryLawyer shares the specifics of the Appeals court's findings: [T]he Copyright Office was dead wrong in concluding that pre-1972 sound recordings aren't covered by the DMCA... the judge was wrong to think that Vimeo employees' merely viewing infringing videos was sufficient evidence of "red flag knowledge"... a few sporadic instances of employees being cavalier about copyright law did not amount to a "policy of willful blindness" on the part of the company. "The decision once again affirms that the DMCA extends immunity to a service provider for the infringement of their customers if the service provider removes material at the request of the right holder," writes Ars Technica.

Read more of this story at Slashdot.

Those 100,000 Lost Air Force Files Have Been Found Again

Sat, 06/18/2016 - 12:30
The Air Force now says it will be able to recover those 100,000 investigation files dating back to 2004, after "aggressively leveraging all vendor and department capabilities." An anonymous reader quotes a report from Government Executive about the mysteriously corrupted database: In a short, four-sentence statement released midday on Wednesday, service officials said the Air Force continues to investigate the embarrassing incident in which the files and their backups were corrupted. "Through extensive data recovery efforts over the weekend and this week, the Air Force has been able to regain access to the data in the Air Force Inspector General Automated Case Tracking System..." the statement reads. Earlier on Wednesday, the Air Force chief of staff said that the effort to recover the files involved Lockheed Martin and Oracle, the two defense contractors that run the database, plus Air Force cyber and defense cyber crime personnel. The Chief of Staff hopes "there won't be a long-term impact, other than making sure we understand exactly what happened, how it happened and how we keep it from ever happening again." The Air Force is conducting an independent review, while Lockheed Martin is now also performing a separate internal review.

Read more of this story at Slashdot.

At Black Hat's Oscars: an Award For Hacking Junk

Sat, 06/18/2016 - 11:30
chicksdaddy shares an article from Security Ledger: The Pwnies, a long-running awards ceremony that is the hacker community's equivalent of The Oscars (or at least The People's Choice Awards) is adding an award for "Junk Hacking" to its 2016 roster... [I]n a nod to the security industry's penchant for stunt hacking and the technology industry's penchant for unwarranted complexity, the award will be given to researchers who "discovered and performed the most needlessly sophisticated attack against the most needlessly Internet-enabled 'Thing.'" Among other new categories that are being added are Pwnies for the "Best Cryptographic Attack," the "Best Backdoor," and the closely related "Best Stunt Hack," awarded to "the researchers, their PR team, and participating journalists for the best, most high-profile, and fear-inducing public spectacle that resulted in the most panic-stricken phone calls from our less-technical friends and family members"... Anyone can nominate a recipient for a Pwnie using the organizationâ(TM)s web site. Though the award targets pointless products on the Internet of Things, one judge points out that "It may be that there's some exploit in your connected toothbrush that could also be used against a home security system..."

Read more of this story at Slashdot.

The NSA Would Be Eliminated Under President Gary Johnson

Sat, 06/18/2016 - 10:30
An anonymous reader writes: Libertarian presidential nominee Gary Johnson says he'd sign an executive order eliminating America's National Security Agency if he wins the 2016 election. And he's also forcefully arguing that domestic surveillance of internet activity and phone calls in the United States is worse than in China. Johnson took issue with an interviewer at The Daily Beast who pointed out that China monitors political dissidents, saying "What do you call the NSA and the satellites that are trained on us and the fact that 110 million Verizon users are having everything we do on our cell phones being data-collected?" Johnson also wants to abolish the Internal Revenue Service, replacing both income taxes and corporate taxes with a single federal consumption tax, and says he'd be willing to sign legislation eliminating the Department of Education, the Department of Housing and Urban Development, and the Department of Commerce, which he says fuels "crony capitalism". "I'll sign legislation to eliminate any federal agency that they present me with." Johnson has also said that if he were elected President, he'd pardon Edward Snowden.

Read more of this story at Slashdot.

Businesses Lose $3.1 Billion to Email Scams, FBI Warns

Sat, 06/18/2016 - 09:30
Business have lost over $3 billion because of compromised e-mail accounts, the FBI reports, citing "a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments." 22,143 business have been affected -- 14,302 within the U.S. -- with a total dollar loss of $3,086,250,090, representing an increase of 1,300% since January of 2015. Using social engineering or "computer intrusion techniques," the attackers target employees responsible for wire transfers (or issuing checks) using five scenarios, which include bogus invoices or executive requests for a wire transfer of funds, with some attackers even impersonating a corporate law firm. "Victims report that IP addresses frequently trace back to free domain registrars," warns the FBI's Internet Crime Complaint Center, which also urges businesses to avoid free web-based e-mail accounts.

Read more of this story at Slashdot.

Microsoft Tests New Tool To Remove OEM Crapware

Sat, 06/18/2016 - 08:30
An anonymous reader quotes a report from Ars Technica: Windows 10 already includes ways to clear out applications and data to repair misbehaving systems or prepare them to be sold, courtesy of the Refresh and Reset features added in Windows 8. Microsoft is now adding a third option: a new refresh tool. Currently available only for Windows Insiders, the new tool fetches a copy of Windows online and performs a clean installation. The only option is whether or not you want to preserve your personal data. Any other software that's installed will be blown away, including the various applications and utilities that OEMs continue to bundle with their systems. Ars Technica points out that the tool isn't perfect. For example, "it installs a preview build from the fast track, but Microsoft notes that the new tool can sometimes install a version older than the one currently installed. When this kind of version mismatch occurs, the option to preserve your files is removed."

Read more of this story at Slashdot.

NASA Unveils Plans For Electric-Powered Plane

Sat, 06/18/2016 - 06:30
An anonymous reader quotes a report from New York Times: A new experimental airplane being built by NASA could help push electric-powered aviation from a technical curiosity and pipe dream into something that might become commercially viable for small aircraft. At a conference on Friday of the American Institute of Aeronautics and Astronautics in Washington, Charles F. Bolden Jr., the NASA administrator, announced plans for an all-electric airplane (Warning: source may be paywalled) designated as X-57 and nicknamed "Maxwell," part of the agency's efforts to make aviation more efficient and less of a polluter. "The X-57 will take the first giant step in opening a new era of aviation," Mr. Bolden declared. Maxwell is equipped with 14 electric propeller-turning motors located along the wings, which will all be used to create sufficient thrust during take-off and landing. Only two large motors on the tips of the wings will be used once it's up in the air. The plane is a result of NASA's "New Aviation Horizons" initiative: a 10-year program to create a new generation of X-planes that will make use of greener energy, use half as much fuel, and be half as loud as commercial aircraft in use today.

Read more of this story at Slashdot.

Comment