Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.
We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
An anonymous reader writes: Brian Krebs reports on information from Columbia, Md.-based threat intelligence firm Cyber Engineering Services Inc. that attackers thought to be operating out of China hacked into the corporate networks of three top Israeli defense technology companies. The attackers were seeking technical documents related to Iron Dome, Israel's air defense system. "IAI was initially breached on April 16, 2012 by a series of specially crafted email phishing attacks. ... Once inside the IAI’s network, [the attackers] spent the next four months in 2012 using their access to install various tools and trojan horse programs on systems throughout company’s network and expanding their access to sensitive files, CyberESI said. The actors compromised privileged credentials, dumped password hashes, and gathered system, file, and network information for several systems. The actors also successfully used tools to dump Active Directory data from domain controllers on at least two different domains on the IAI’s network. All told, CyberESI was able to identify and acquire more than 700 files — totaling 762 MB total size — that were exfiltrated from IAI’s network during the compromise. The security firm said most of the data acquired was intellectual property and likely represented only a small portion of the entire data loss by IAI." Most of the stolen material pertained to Arrow III missiles, UAVs, and ballistic rockets.
schwit1 writes: "With a drive of 157 feet on Sunday, the Mars rover Opportunity broke the Soviet record, set by Lunokhod 2 in 1973, for the longest distance traveled by a vehicle on another planet. "If the rover can continue to operate the distance of a marathon — 26.2 miles (about 42.2 kilometers) — it will approach the next major investigation site mission scientists have dubbed "Marathon Valley." Observations from spacecraft orbiting Mars suggest several clay minerals are exposed close together at this valley site, surrounded by steep slopes where the relationships among different layers may be evident. The Russian Lunokhod 2 rover, a successor to the first Lunokhod mission in 1970, landed on Earth's moon on Jan. 15, 1973, where it drove about 24.2 miles (39 kilometers) in less than five months, according to calculations recently made using images from NASA's Lunar Reconnaissance Orbiter (LRO) cameras that reveal Lunokhod 2's tracks."
An anonymous reader writes: The first teaser trailer for the final installment of the Middle Earth saga, The Hobbit: The Battle of Five Armies, debuted at Comic-Con, and now Warner Bros have made it available online. While the trailer contains some nice shots on a visual level, very much in keeping with the Lord of the Rings trilogy, about 80% of the trailer's awesomeness is provided by the background music. Pippin's mournful song from Return of the King plays intercut with the doomed mission that Faramir leads on his father Denethor's orders.
The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual 'sandbox' environments that keep malicious programs from accessing sensitive data and other applications running on the Android device. The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.
Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.
Oddly, only 5% of adults have debt 30-180 days past due. This latter fact is partially accounted for by the fact that a broader range of debt can enter "in collections" status than "past due" status (e.g. parking tickets)... But also perhaps demonstrates that as one falls far enough along the debt spiral, escape becomes impossible. Particularly in the case of high-interest debt such as credit cards — the issuers of which cluster in states such as South Dakota, following a 1978 Supreme Court ruling that found that states' usury laws did not apply to banks headquartered in other states.
Even taking into account the folks who lost a parking ticket under their passenger seat, 35% is a pretty shocking number. Anyone have other theories why this number is so much higher than the 5% of people who are just "late"? How about some napkin math on the debt spiral?
An anonymous reader writes: Electronic Arts has announced a new program called "EA Access," a subscription-based service that will grant Xbox One users access to a small catalog of EA's popular games, as well as early trials of upcoming games. They're beta testing the service now, and the available games are FIFA 14, Madden NFL 25, Peggle 2, and Battlefield 4. (More titles will be added later.) They're charging $5 per month or $30 per year. It probably won't ever include their newest releases, but it's interesting to see such a major publisher experimenting with a Netflix-style subscription service.
An anonymous reader writes: Wladimir Palant is the creator of the Adblock Plus browser extension, but he often gets asked how it compares to a similar extension for Chrome called Adblock. In the past, he's told people the two extensions achieve largely the same end, but in slightly different ways. However, recent changes to the Adblock project have him worried. "AdBlock covertly moved from an open development model towards hiding changes from its users. Users were neither informed about that decision nor the reasons behind it." He goes through the changelog and highlights some updates that call into question the integrity of Adblock. For example, from an update on June 6th: "Calling home functionality has been extended. It now sends user's locale in addition to the unique user ID, AdBlock version, operating system and whether Google Search ads are being allowed. Also, AdBlock will tell getadblock.com (or any other website if asked nicely) whether AdBlock has just been installed or has been used for a while — again, in addition to the unique user ID." Of course, Palant has skin in this game, and Adblock Plus has dealt with fallout from their "acceptable ads policy," but at least it's still developed in the open.
From the Firepick website: 'We are developing a really cool robotic machine that is capable of assembling electronic circuit boards (it also 3D prints, and does some other stuff!). It uses a vacuum nozzle to pick really tiny resistors and computer chips up, and place them down very carefully on a printed circuit board.' There are lots of companies here and in China that will happily place and solder components on your printed circuit board, but hardly any that will do a one-off prototype or a small quantity. And the components have gotten small enough that this is really a job for a robot (or at least a Waldo), not human fingers. || There are obviously other devices on the market that do this, but Firepick Delta creator Neil Jansen says they are far too expensive for small companies, let alone individual makers.
The Firepick Delta Hackaday page talks about a $300 price for this machine. That may be too optimistic, but even if it ends up costing two or three times that amount, that's still a huge step forward for small-time inventors and custom manufacturers who need to populate just a few circuit boards, not thousands. They have a Haxlr8rpitch video, and have been noticed by TechCrunch, 3DPrintBoard.com, and Adafruit, just to name a few. Kickstarter? Not yet. Maybe next year. Open source? Totally, complete with GitHub repository. And they were at OSCON 2014, which is where Timothy found them. (Alternate Video Link)
astroengine writes: New observations from NASA's Saturn-orbiting Cassini spacecraft have revealed at least 101 individual geysers erupting from Enceladus' crust and, through careful analysis, planetary scientists have uncovered their origin. From the cracked ice in this region, fissures blast out water vapor mixed with organic compounds as huge geysers. Associated with these geysers are surface "hotspots" but until now there has been some ambiguity as to whether the hotspots are creating the geysers or whether the geysers are creating the hotspots. "Once we had these results in hand, we knew right away heat was not causing the geysers, but vice versa," said Carolyn Porco, leader of the Cassini imaging team from the Space Science Institute in Boulder, Colo., and lead author of one of the research papers. "It also told us the geysers are not a near-surface phenomenon, but have much deeper roots." And those roots point to a large subsurface source of liquid water — adding Enceladus as one of the few tantalizing destinations for future astrobiology missions.
An anonymous reader writes: Today Senator Patrick Leahy (D-VT) introduced a bill that would ban bulk collection of telephone records and internet data for U.S. citizens. This is a stronger version of the legislation that passed the U.S. House in May, and it has support from the executive branch as well. "The bill, called the USA Freedom Act, would prohibit the government from collecting all information from a particular service provider or a broad geographic area, such as a city or area code, according to a release from Leahy's office. It would expand government and company reporting to the public and reform the Foreign Intelligence Surveillance Court, which reviews NSA intelligence activities. Both House and Senate measures would keep information out of NSA computers, but the Senate bill would impose stricter limits on how much data the spy agency could seek."
cartechboy writes: Tesla's been pretty quiet regarding its upcoming gigafactory lately, but that's about to change. It seems the Silicon Valley startup has reached an agreement with Panasonic in regards to the gigafactory, and Panasonic's going to end up having skin in the game. While the electronics giant was originally skeptical of Tesla's battery factory, it now isn't just on board, it's actually going to participate in the construction of this new facility. It's reported that Panasonic will invest 20 billion to 30 billion yen (194 million to $291 million at current exchange rates), and supply fabrication machinery necessary for cell production. That means Pansonic could end up footing the bill for $1 billion of the total $5 billion anticipated investment required for the gigafactory to get off the ground. If things continue to move forward, the Gigafactory should be online by the end of 2017.
Qbertino (265505) writes I've been musing about a security setup to allow my coworkers/users access to files from the outside. I want security to be a little safer than pure key- or password-based SSH access, and some super-expensive RSA Token setup is out of question. I've been wondering whether there are any feasible and working FOSS and open hardware-based security token generator projects out there. It'd be best with ready-made server-side scripts/daemons. Perhaps something Arduino or Raspberry Pi based? Has anybody tried something like this? What are your experiences? What do you use? How would you attempt an open hardware FOSS solution to this problem?
jradavenport (3020071) writes "Using two years of continuous monitoring of my MacBook Air battery usage (once every minute), I have been able to study my own computer use patterns in amazing detail. This dataset includes 293k measurements, or more than 204 days of use over two years. I use the laptop over 50 hours per week on average, and my most productive day is Tuesday. Changes in my work/life balance have begun to appear over the two-year span, and I am curious whether such data can help inform how much computer use is healthy/productive."
Vigile (99919) writes "Last week NVIDIA announced the SHIELD Tablet and SHIELD Controller, and reviews are finally appearing this morning. Based on the high performance Tegra K1 SoC that integrates 192 Kepler architecture CUDA cores, benchmarks reveal that that the SHIELD Tablet is basically unmatched by any other mobile device on the market when it comes to graphics performance — it is more than 2.5x the performance of the Apple A7 in some instances. With that power NVIDIA is able to showcase full OpenGL versions of games like Portal and Half-Life 2 running at 1080p locally on the 19:12 display or output to a TV in a "console mode." PC Perspective has impressions of that experience as well as using the NVIDIA Game Stream technology to play your PC games on the SHIELD Tablet and controller. To go even further down the rabbit hole, you can stream your PC games from your desktop to your tablet, output them to the TV in console mode, stream your game play to Twitch from the tablet while overlaying your image through the front facing camera AND record your sessions locally via ShadowPlay and using the Wi-Fi Direct powered controller to send and receive audio. It is incredibly impressive hardware but the question remains as to whether or not there is, or will be, a market for Android-based gaming devices, even those with the power and performance that NVIDIA has built."
redletterdave (2493036) writes "Sharron Laverne Parrish Jr., 24, allegedly scammed Apple not once, but 42 times, cheating the company out of more than $300,000 — and his scam was breathtakingly simple. According to a Secret Service criminal complaint, Parrish allegedly visited Apple Stores and tried to buy products with four different debit cards, which were all closed by his respective financial institutions. When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank — except, he wasn't really calling his bank. So he would allegedly offer the Apple Store employees a fake authorization code with a certain number of digits, which is normally provided by credit card issuers to create a record of the credit or debit override. But that's the problem with this system: as long as the number of digits is correct, the override code itself doesn't matter."
hawkinspeter (831501) writes Amazon has given the green light to produce the Hugo award-winning "The Man in the High Castle". This is after the four-hour mini-series was rejected by Syfy and afterwards by the BBC.
Philip K Dick's novel takes place in an alternate universe where the Axis Powers won the Second World War. It's one of his most successful works, probably due to him actually spending the time to do some editing on it (most of his fiction was produced rapidly in order to get some money). Ridley Scott has previously adapted PKD's "Do Androids Dream of Electric Sheep" as the film Blade Runner, so it will be interesting to see how close he keeps to the source material this time. This news has been picked up by a few sites: International Business Times; The Register and Deadline.
cold fjord (826450) writes with an excerpt from ZDNet At OSCon, The Department of Homeland Security (DHS) ... quietly announced that they're now offering a service for checking out your open-source code for security holes and bugs: the Software Assurance Marketplace (SWAMP). ... Patrick Beyer, SWAMP's Project Manager at Morgridge Institute for Research, the project's prime contractor, explained, "With open source's popularity, more and more government branches are using open-source code. Some are grabbing code from here, there, and everywhere." Understandably, "there's more and more concern about the safety and quality of this code. We're the one place you can go to check into the code" ... funded by a $23.4 million grant from the Department of Homeland Security Science & Technology Directorate (DHS S&T), SWAMP is designed by researchers from the Morgridge Institute, the University of Illinois-Champaign/Urbana, Indiana University, and the University of Wisconsin-Madison. Each brings broad experience in software assurance, security, open source software development, national distributed facilities and identity management to the project. ... SWAMP opened its services to the community in February of 2014 offering five open-source static analysis tools that analyze source code for possible security defects without having to execute the program. ... In addition, SWAMP hosts almost 400 open source software packages to enable tool developers to add enhancements in both the precision and scope of their tools. On top of that the SWAMP provides developers with software packages from the National Institute for Standards and Technology's (NIST) Juliet Test Suite. I got a chance to talk with Beyer at OSCON, and he emphasized that anyone's code is eligible — and that there's no cost to participants, while the center is covered by a grant.
mrspoonsi (2955715) writes "The City of London police has started placing banner advertisements on websites believed to be offering pirated content illegally. The messages, which will appear instead of paid-for ads, will ask users to close their web browsers. The move comes as part of a continuing effort to stop piracy sites from earning money through advertising. Police said the ads would make it harder for piracy site owners to make their pages look authentic. "When adverts from well known brands appear on illegal websites, they lend them a look of legitimacy and inadvertently fool consumers into thinking the site is authentic," said Detective Chief Inspector Andy Fyfe from the City of London Police Intellectual Property Crime Unit (Pipcu). "This new initiative is another step forward for the unit in tackling IP crime and disrupting criminal profits. "Copyright infringing websites are making huge sums of money though advert placement, therefore disrupting advertising on these sites is crucial and this is why it is an integral part of Operation Creative.""
The ed17 (2834807) writes Galleries, libraries, archives, and museums (GLAMs) are now facing fewer barriers to uploading their content to Wikimedia Commons — the website that stores most of Wikipedia's images and videos. Previously, these institutions had to build customized scripts or be lucky enough to find a Wikimedia volunteer to do the work for them. According to the toolset's coordinator Liam Wyatt, 'this is a giant leap forward in giving GLAMs the agency to share with Commons on their own terms.'
The Netherlands Institute for Sound and Vision has a short article on their use of the new toolkit to upload hundreds of videos of birds. See also the GWToolset project page and documentation on the upload system (includes screencasts). Before the toolset, organizations wishing to donate collections had to write one-off tools to translate between their metadata schema and Wikimedia's schema. The GWToolset allows the organization to generate and upload a single XML file containing metadata (using arbitrary, even mixed, schemas, with some limitations) for all items in a batch upload, prompts for mappings between the vocabulary used by the organization and the vocabulary accepted by Mediawiki, and then pulls the files into the Commons.