We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
TechCurmudgeon sends word that LibreOffice 4.4 has been released. "The Document foundation announced availability of the latest version of LibreOffice on Thursday, which it says is the most beautiful version of the open source productivity suite yet. LibreOffice 4.4 also fixes some compatibility issues with files that are saved in Microsoft's OOXML formats. LibreOffice 4.4 has got a lot of UX and design love," Jan "Kendy" Holesovsky, who leads the design team for Libreoffice, said in a statement. LibreOffice 4.4 is currently available for Windows."
103 comments | 10 hours ago
An anonymous reader writes At least one and likely more D-Link routers as well as those of other manufacturers using the same firmware are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered. Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Link's DSL-2740R ADSL modem/wireless router. The firmware in question is implemented in many networking equipment manufactured by D-Link, TP-Link Technologies and ZTE.
56 comments | 11 hours ago
New submitter rsanford, apropos today's FCC announcement about what is officially consided "broadband" speed by that agency, asks In the early and middle 90's I recall spending countless hours on IRC 'Trout-slapping' people in #hottub and engaging in channel wars. The people from Europe were always complaining about how slow their internet was and there was no choice. This was odd to me, who at the time had 3 local ISPs to choose from, all offering the fastest modem connections at the time, while living in rural America 60 miles away from the nearest city with 1,000 or more people. Was that the reality back then? If so, what changed, and when?
383 comments | yesterday
TechCurmudgeon writes According to The Register, "Mozilla has given the Tor network a capacity kick with the launch of 14 relays that will help distribute user traffic. Engineers working under the Foundation's Polaris Project inked in November pulled Mozilla's spare and decommissioned hardware out of the cupboard for dedicated use in the Tor network. It included a pair of Juniper EX4200 switches and three HP SL170zG6 (48GB ram, 2*Xeon L5640, 2*1Gbps NIC) servers, along with a dedicated existing IP transit provider (2 X 10Gbps). French Mozilla engineer Arzhel Younsi (@xionoxfr) said its network was designed to fall no lower than half of its network capacity in the event of maintenance or failure. The Polaris initiative was a effort of Mozilla, the Tor Project and the Centre for Democracy and Technology to help build more privacy controls into technology."
69 comments | yesterday
An anonymous reader writes Hacked has a piece about Georgia Institute of Technology researchers keylogging from a distance using the electromagnetic radiation of CPUs. They can reportedly do this from up to 6 meters away. In this video, using two Ubuntu laptops, they demonstrate that keystrokes are easily interpreted with the software they have developed. In their white paper they talk about the need for more research in this area so that hardware and software manufacturers will be able to develop more secure devices. For now, Farraday cages don't seem as crazy as they used to, or do they?
82 comments | yesterday
HughPickens.com writes Nick Summers has an interesting article at Bloomberg about the epidemic of 90 ATM bombings that has hit Britain since 2013. ATM machines are vulnerable because the strongbox inside an ATM has two essential holes: a small slot in front that spits out bills to customers and a big door in back through which employees load reams of cash in large cassettes. "Criminals have learned to see this simple enclosure as a physics problem," writes Summers. "Gas is pumped in, and when it's detonated, the weakest part—the large hinged door—is forced open. After an ATM blast, thieves force their way into the bank itself, where the now gaping rear of the cash machine is either exposed in the lobby or inside a trivially secured room. Set off with skill, the shock wave leaves the money neatly stacked, sometimes with a whiff of the distinctive acetylene odor of garlic." The rise in gas attacks has created a market opportunity for the companies that construct ATM components. Several manufacturers now make various anti-gas-attack modules: Some absorb shock waves, some detect gas and render it harmless, and some emit sound, fog, or dye to discourage thieves in the act.
As far as anyone knows, there has never been a gas attack on an American ATM. The leading theory points to the country's primitive ATM cards. Along with Mongolia, Papua New Guinea, and not many other countries, the U.S. doesn't require its plastic to contain an encryption chip, so stealing cards remains an effective, nonviolent way to get at the cash in an ATM. Encryption chip requirements are coming to the U.S. later this year, though. And given the gas raid's many advantages, it may be only a matter of time until the back of an American ATM comes rocketing off.
344 comments | yesterday
alphadogg writes Amazon Web Services today launched a new product to its expansive service catalog in the cloud: WorkMail is a hosted email platform for enterprises that could wind up as a replacement for Microsoft and Google messaging systems. The service is expected to cost $4 per user per month for a 50GB email inbox. It's integrated with many of AWS's other cloud services too, including its Zocalo file synchronization and sharing platform. The combination will allow IT shops to set up a hosted email platform and link it to a file sharing system.
62 comments | yesterday
195 comments | yesterday
benrothke writes Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators. This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues. In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. Keep reading for the rest of Ben's review
29 comments | 2 days ago
jones_supa writes: One thing we all remember from Windows NT is the security feature requiring the user to press CTRL-ALT-DEL to unlock the workstation (this can still be enabled with a policy setting). The motivation was to make it impossible for other programs to mimic a lock screen, as they couldn't react to the special key combination. Martin Gräßlin from the KDE team takes a look at the lock screen security on X11. On a protocol level, X11 doesn't know anything of screen lockers. Also the X server doesn't know that the screen is locked as it doesn't understand the concept. This means the screen locker can only use the core functionality available to emulate screen locking. That in turn also means that any other client can do the same and prevent the screen locker from working (for example opening a context menu on any window prevents the screen locker from activating). That's quite a bummer: any process connected to the X server can block the screen locker, and even more it could fake your screen locker.
360 comments | 2 days ago
Jason Koebler writes: Leslie Caldwell, an assistant attorney general at the Justice Department, said Tuesday that the department is "very concerned" by the Google's and Apple's decision to automatically encrypt all data on Android and iOS devices.
"We understand the value of encryption and the importance of security," she said. "But we're very concerned they not lead to the creation of what I would call a 'zone of lawlessness,' where there's evidence that we could have lawful access through a court order that we're prohibited from getting because of a company's technological choices.
418 comments | 2 days ago
mask.of.sanity sends this report from El Reg: The maker of BlackPhone – a mobile marketed as offering unusually high levels of security – has patched a critical vulnerability that allows hackers to run malicious code on the handsets. Attackers need little more than a phone number to send a message that can compromise the devices via the Silent Text application.
The impact of the flaw is troubling because BlackPhone attracts what hackers see as high-value victims: those willing to invest AU$765 (£415, $630) in a phone that claims to put security above form and features may well have valuable calls and texts to hide from eavesdroppers.
46 comments | 2 days ago
An anonymous reader writes: Lizard Squad, the hacking collaborative that went after the PlayStation Network, Xbox Live, and the North Korean internet last year, has now targeted Malaysia Airlines with an attack. Bloomberg links to images of the hacks (including the rather heartless 404 jab on its home page) and columnist Adam Minter wonders why Malaysia Airlines, which has had so much bad press in the past 12 months, was worthy of Lizard Squad's ire. In apparent answer, @LizardMafia (the org's reputed Twitter handle) messaged Mr. Minter this morning: "More to come soon. Side Note: We're still organizing the @MAS email dump, stay tuned for that."
41 comments | 2 days ago
An anonymous reader writes What would be the best media to store a backup of important files in a lockbox? Like a lot of people we have a lot of important information on our computers, and have a lot of files that we don't want backed up in the cloud, but want to preserve. Everything from our personally ripped media, family pictures, important documents, etc.. We are considering BluRay, HDD, and SSD but wanted to ask the Slashdot community what they would do. So, in 2015, what technology (or technologies!) would you employ to best ensure your data's long-term survival? Where would you put that lockbox?
250 comments | 2 days ago
HughPickens.com writes The Washington Post reports that the intrusion by a recreational drone onto the White House lawn has exposed a security gap at the compound that the Secret Service has spent years studying but has so far been unable to fix. Commercial technology is available that can use a combination of sensitive radar and acoustic trackers to detect small drones, though coming up with an effective way to stop them has been more elusive. "To do something about the problem, you have to find it, you have to track it, you have to identify it and you have to decide what to do with it," says Frederick F. Roggero. "But especially in an urban environment, it would be tough to detect and tough to defeat kinetically without shooting it down and causing collateral damage." Most recreational drones, like the one that crashed Monday, weigh only a few pounds and lack the power to do much harm. Larger models that can carry payloads of up to 30 pounds are available on the market and are expected to become more common. The FAA imposes strict safety regulations on drones flown by government agencies or anyone who operates them for commercial purposes. In contrast, hardly any rules apply to people who fly drones as a hobby, other than FAA guidelines that advise them to keep the aircraft below 400 feet and five miles from an airport. "With the discovery of an unauthorized drone on the White House lawn, the eagle has crash-landed in Washington," says Senator Charles Schumer. "There is no stronger sign that clear FAA guidelines for drones are needed."
234 comments | 2 days ago
An anonymous reader writes: The Electronic Frontier Foundation has published a detailed, global strategy for ridding ourselves of mass surveillance. They stress that this must be an international effort — while citizens of many countries can vote against politicians who support surveillance, there are also many countries where the citizens have to resort to other methods. The central part of the EFF's plan is: encryption, encryption, encryption. They say we need to build new secure communications tools, pressure existing tech companies to make their products secure against everyone, and get ordinary internet-goers to recognize that encryption is a fundamental part of communication in the surveillance age.
They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."
282 comments | 3 days ago
v3rgEz writes with this story of a top secret Cold War plan which would have brought the U.S. under martial law. Starting on April 19, 1956, the federal government practiced and planned for a near-doomsday scenario known as Plan C. When activated, Plan C would have brought the United States under martial law, rounded up over ten thousand individuals connected to 'subversive' organizations, implemented a censorship board, and prepared the country for life after nuclear attack. There was no Plan A or B....Details of this program were distributed to each FBI field office. Over the following months and years, Plan C would be adjusted as drills and meetings found holes in the defensive strategy: Communications were more closely held, authority was apparently more dispersed, and certain segments of the government, such as the U.S. Attorneys, had trouble actually delineating who was responsible for what. Bureau employees were encouraged to prepare their families for the worst, but had to keep secret the more in-depth plans for what the government would do if war did break out. Families were given a phone number and city for where the relocated agency locations would be, but not the exact location.
306 comments | 3 days ago
Vigile writes Over the weekend NVIDIA sent out its first official response to the claims of hampered performance on the GTX 970 and a potential lack of access to 1/8th of the on-board memory. Today NVIDIA has clarified the situation again, this time with some important changes to the specifications of the GPU. First, the ROP count and L2 cache capacity of the GTX 970 were incorrectly reported at launch (last September). The GTX 970 has 52 ROPs and 1792 KB of L2 cache compared to the GTX 980 that has 64 ROPs and 2048 KB of L2 cache; previously both GPUs claimed to have identical specs. Because of this change, one of the 32-bit memory channels is accessed differently, forcing NVIDIA to create 3.5GB and 0.5GB pools of memory to improve overall performance for the majority of use cases. The smaller, 500MB pool operates at 1/7th the speed of the 3.5GB pool and thus will lower total graphics system performance by 4-6% when added into the memory system. That occurs when games request MORE than 3.5GB of memory allocation though, which happens only in extreme cases and combinations of resolution and anti-aliasing. Still, the jury is out on whether NVIDIA has answered enough questions to temper the fire from consumers.
113 comments | 3 days ago
jones_supa writes Late last week, Microsoft pushed out a new build (9926) of Windows 10 to those of you who are running the Technical Preview. The latest version comes with many new features, some easily accessible, others bubbling under, but two big changes are now certain: the Charms bar is dead, and Start Screen for large devices is no more. Replacing the Charms bar is the Action Center, which has many of the same shortcuts as the Charms bar, but also has a plethora of other information too. Notifications are now bundled into the Action Center and the shortcuts to individual settings are still easily accessible from this window. The Start Screen is no longer present for desktop users, the options for opening it are gone. Continuum is the future, and it has taken over what the Start Screen initiated with Windows 8.
376 comments | 3 days ago
MojoKid writes If you're running Android 4.3 or earlier, you're pretty much out of luck when it comes to a baked-in defense against a WebView vulnerability that was discovered earlier this month by security analyst Tod Beardsley. The vulnerability leaves millions of users open to attack from hackers that choose to exploit the security hole. WebView is a core component of the Android operating system that renders web pages. The good news is that the version of WebView included in Android 4.4 KitKat and Android 5.0 Lollipop is based on Chromium and is not affected by the vulnerability. The bad news is that those running Android 4.3 and earlier are wide open, which means that 60 percent of Android users (or nearly one billion customers) are affected. What's most interesting is that Google has no trouble tossing grenades at the feet of Microsoft and Apple courtesy of its Project Zero program, but doesn't seem to have the resources to fix a vulnerability that affects a substantial portion of the Android user base.
577 comments | 3 days ago