Communications

Academics Build a New Tor Client Designed To Beat the NSA 60

Posted by timothy
from the non-spy-vs-spy dept.
An anonymous reader writes: In response to a slew of new research about network-level attacks against Tor, academics from the U.S. and Israel built a new Tor client called Astoria designed to beat adversaries like the NSA, GCHQ, or Chinese intelligence who can monitor a user's Tor traffic from entry to exit. Astoria differs most significantly from Tor's default client in how it selects the circuits that connect a user to the network and then to the outside Internet. The tool is an algorithm designed to more accurately predict attacks and then securely select relays that mitigate timing attack opportunities for top-tier adversaries.
Government

US Proposes Tighter Export Rules For Computer Security Tools 124

Posted by timothy
from the we'd-like-to-inspect-that-package dept.
itwbennett writes: The U.S. Commerce Department has proposed tighter export rules for computer security tools and could prohibit the export of penetration testing tools without a license. The proposal would modify rules added to the Wassenaar Arrangement in 2013 that limit the export of technologies related to intrusion and traffic inspection. The definition of intrusion software would also encompass 'proprietary research on the vulnerabilities and exploitation of computers and network-capable devices,' the proposal said.
Security

Telstra Says Newly Acquired Pacnet Hacked, Customer Data Exposed 15

Posted by samzenpus
from the getting-to-know-all-about-you dept.
An anonymous reader writes: Telstra’s Asian-based data center and undersea cable operator Pacnet has been hacked exposing many of the telco’s customers to a massive security breach. The company said it could not determine whether personal details of customers had been stolen, but it acknowledged the possibility. The Stack reports: "Telstra said that an unauthorized third party had been able to gain access to the Pacnet business management systems through a malicious software installed via a vulnerability on an SQL server. The hack had taken place just weeks before Telstra acquired the Asian internet service provider for $550mn on 16 April this year. The telecom company confirmed that it had not been aware of the hack when it signed the deal in December 2014."
China

Huawei's LiteOS Internet of Things Operating System Is a Minuscule 10KB 161

Posted by samzenpus
from the in-the-future dept.
Mark Wilson writes: Chinese firm Huawei today announces its IoT OS at an event in Beijing. The company predicts that within a decade there will be 100 billion connected devices and it is keen for its ultra-lightweight operating system to be at the heart of the infrastructure. Based on Linux, LiteOS weighs in at a mere 10KB — smaller than a Word document — but manages to pack in support for zero configuration, auto-discovery, and auto-networking. The operating system will be open for developers to tinker with, and is destined for use in smart homes, wearables, and connected vehicles. LiteOS will run on Huawei's newly announced Agile Network 3.0 Architecture and the company hopes that by promoting a standard infrastructure, it will be able to push the development of internet and IoT applications
Networking

Ask Slashdot: Best Way To Solve a Unique Networking Issue? 367

Posted by timothy
from the that-seems-like-a-decent-way dept.
New submitter petro-tech writes: I work as a service technician, maintaining and repairing gas pumps and POS equipment. In my day to day activities, one that consumes a ton of time and is relatively regular is the process of upgrading the software on pumps. This is done by connecting to the pump via direct ethernet from my laptop, then running a manufacturer-provided program that connects to the device and pushes the new software. Some sites have 8+ pumps with 2 devices in each, and at 20-30 minutes apiece this can be quite time consuming. Unfortunately the devices are not actually on a network, and as such cannot be updated remotely, also since they are not on a network, they are all configured with the same IP address. Additionally the software doesn't allow you to specify the adapter to use. I would like to be able to get to a site, connect a cable to each pump, and load them all at the same time. The only way I can figure to accomplish this with the software we've been provided is to do this: Get a 16-port powered USB hub, with a usb-ethernet adaptor in each port; Set up 16 VM's with extremely stripped down XP running on each, with only one USB-ethernet adaptor assigned to each VM; Set XP to boot the application for loading software as its shell; and load each device that way at the same time. Is there a better way to accomplish this?
Networking

Critical Vulnerability In NetUSB Driver Exposes Millions of Routers To Hacking 69

Posted by Soulskill
from the it's-not-even-another-day-yet dept.
itwbennett writes: NetUSB, a service that lets devices connected over USB to a computer be shared with other machines on a local network or the Internet, is implemented in Linux-based embedded systems, such as routers, as a kernel driver. Once enabled, it opens a server that listens on TCP port 20005 for connecting clients. Security researchers from a company called Sec Consult found that if a connecting computer has a name longer than 64 characters, a stack buffer overflow is triggered in the NetUSB service. The advisory notice has a list of affected routers.
Networking

Microwave Comms Betwen Population Centers Could Be Key To Easing Internet Bottlenecks 220

Posted by timothy
from the you'll-get-cancer-and-be-well-done dept.
itwbennett writes: Researchers from the University of Illinois at Urbana-Champaign and Duke University recently looked at the main causes of Internet latency and what it would take to achieve speed-of-light performance. The first part of the paper, titled Towards a Speed of Light Internet, is devoted to finding out where the slowdowns are coming from. They found that the bulk of the delay comes from the latency of the underlying infrastructure, which works in a multiplicative way by affecting each step in the request. The second part of the paper proposes what turns out to be a relatively cheap and potentially doable solution to bring Internet speeds close to the speed of light for the vast majority of us. The authors propose creating a network that would connect major population centers using microwave networks.
AI

New Chips Could Bring Deep Learning Algorithms To Your Smartphone 40

Posted by samzenpus
from the smarter-smart-phone dept.
catchblue22 writes: At the Embedded Vision Summit, a company called Synopsys, showed off a new image-processor core tailored for deep learning. It is expected to be added to chips that power smartphones, cameras, and cars. Synopsys showed a demo in which the new design recognized speed-limit signs in footage from a car. The company also presented results from using the chip to run a deep-learning network trained to recognize faces. A spokesperson said that it didn't hit the accuracy levels of the best research results, which have been achieved on powerful computers, but it came pretty close. "For applications like video surveillance it performs very well," he said. Being able to use deep learning on mobile chips will be vital to helping robots navigate and interact with the world, he said, and to efforts to develop autonomous cars.
China

Penn State Yanks Engineering Network From Internet After China-Based Attack 101

Posted by Soulskill
from the another-day-another-breach dept.
coondoggie writes: Penn State's College of Engineering has disconnected its network from the Internet in response to two sophisticated cyberattacks – one from a what the university called a "threat actor based in China" – in an attempt to recover all infected systems. The university said there was no indication that research data or personal information was stolen in the attacks, though usernames and passwords had been compromised.
Classic Games (Games)

(Hack) and Slash: Doing the LORD's Work 63

Posted by timothy
from the working-in-mysterious-ways dept.
Emmett Plant (former Slashdot editor as well as video interviewee) writes: Legend of the Red Dragon was written by Seth Robinson in 1989, and it remains one of the most popular games of the DOS BBS era. Chris England has been doing his part to keep the game alive for the past twelve years, adapting an installation that runs on Linux. I was only able to play for two days before I was overcome with curiosity -- I wrote to Chris, politely inquiring as to how it all came together. Read on below for a look into Chris's motivations, the state of the project, and just how deeply nested it can all get, when bringing games from early BBS days into the modern era.
United Kingdom

Microsoft Invests In Undersea Cable Projects 41

Posted by samzenpus
from the under-the-sea dept.
An anonymous reader writes: Microsoft announced today that it will partner with a group of telecom companies in order to build new undersea cables. A new cable will connect data centers in China, South Korea, and Japan to the West Coast. Microsoft hopes the New Cross Pacific (NCP) Cable Network will improve connection speeds and boost its competitiveness in cloud computing. They also made deals with Hibernia and Aqua Comms, to invest in a cable with each company connecting Microsoft's datacenter infrastructure from North America to Ireland and the United Kingdom. A company announcement reads in part: "Additionally, we joined a consortium comprised of China Mobile, China Telecom, China Unicom, Chunghwa Telecom, KT Corporation with TE SubCom as the cable supplier. As part of our participation in the consortium, Microsoft will invest in its first physical landing station in the US connecting North America to Asia. The New Cross Pacific (NCP) Cable Network will provide faster data connections for customers, aid Microsoft in competing on cloud costs, all while creating jobs and spurring local economies. The goal of our expansions and investments in subsea cables is so our customers have the greatest access to scale and highly available data, anywhere."
Businesses

Philippines Gives Uber Its First Legal Framework To Operate In Asia 27

Posted by samzenpus
from the new-rules dept.
An anonymous reader writes: The Philippines has given Uber a rare boost in its hard-fought Asian territories, by granting new legislation that provides rules within which it may legally operate. To this end the country's Department of Transportation and Communications has created a new category of ride called the Transportation Network Vehicle Service (TNVS) classification — whilst at the same time mollifying beleaguered indigenous taxi-services by creating an equivalent classification for an app-hailed taxi able to accept credit cards. As with all its other negotiations in Asia, the fruits of Uber's consultation with the Philippine government was prefaced by unorganized invasion, trade complaints, bans and general conflict.
Facebook

Is Facebook Keeping You In a Political Bubble? 179

Posted by samzenpus
from the tell-me-what-I-want-to-hear dept.
sciencehabit writes: Does Facebook make it harder for people with different political views to get along? Political scientists have long wondered whether the social network's news feed selectively serves up ideologically charged news while filtering out content from different camps. Now, a study by Facebook's in-house social scientists finds that this does happen, though the effect seems to be very small. "There's a growing concern that social media platforms like Facebook and Twitter allow us to more precisely engineer our informational environments than ever before, so we only get info that's consistent with our prior beliefs," says David Lazer, a political and computer scientist who authored a commentary on the paper.
Microsoft

Microsoft Releases PowerShell DSC For Linux 265

Posted by timothy
from the do-what-you-want-to-do dept.
jones_supa writes: Microsoft is announcing that PowerShell Desired State Configuration (DSC) for Linux is available for download in form of RPM and DEB packages. DSC is a new management platform that provides a set of PowerShell extensions that you can use to declaratively specify how you want your software environment to be configured. You can now use the DSC platform to manage the configuration of both Windows and Linux workloads with the PowerShell interface. Microsoft says that bringing DSC to Linux is another step in the company's "broader commitment to common management of heterogeneous assets in your datacenter or the public cloud." Adds reader benjymouse: DSC is in the same space as Chef and Puppet (and others); but unlike those, Microsofts attempts to build a platform/infrastructure based on industry standards like OMI to allow DSC to configure and control both Windows, Linux and other OSes as well as network equipment like switches, etc.
Earth

Global Carbon Dioxide Levels Reach New Monthly Record 372

Posted by samzenpus
from the it's-getting-hot-in-here dept.
mrflash818 writes: For the first time since we began tracking carbon dioxide in the global atmosphere, the monthly global average concentration of carbon dioxide gas surpassed 400 parts per million in March 2015, according to NOAA's latest results. “It was only a matter of time that we would average 400 parts per million globally,” said Pieter Tans, lead scientist of NOAA’s Global Greenhouse Gas Reference Network. “We first reported 400 ppm when all of our Arctic sites reached that value in the spring of 2012. In 2013 the record at NOAA’s Mauna Loa Observatory first crossed the 400 ppm threshold. Reaching 400 parts per million as a global average is a significant milestone."
Security

Researcher: Drug Infusion Pump Is the "Least Secure IP Device" He's Ever Seen 83

Posted by samzenpus
from the bottom-of-the-barrel dept.
chicksdaddy writes: This is a bad month for the medical equipment maker Hospira. First, security researcher Billy Rios finds a raft of serious and remotely exploitable holes in the company's MedNet software, prompting a vulnerability alert from ICS CERT. Now, one month later, ICS CERT is again warning of a "10 out of 10" critical vulnerability, this time in Hospira's LifeCare PCA drug infusion pump. The problem? According to this report by Security Ledger the main problem was an almost total lack of security controls on the device. According to independent researcher Jeremy Williams, the PCA pump listens on Telnet port 23. Connecting to the device via Telnet, he was brought immediately to a root shell account that gave him total, administrator level access to the pump without authentication. "The only thing I needed to get in was an interest in the pump," he said. Richards found other examples of loose security on the PCA 3: a FTP server that could be accessed without authentication and an embedded web server that runs Common Gateway Interface (CGI). That could allow an attacker to tamper with the pump's operation using fairly simple scripts. Also: The PCA pump stores wireless keys used to connect to the local (medical device) wireless network in plain text on the device. That means anyone with physical access to the Pump (which has an ethernet port) could gain access to the local medical device network and other devices on it. The problems prompted Richards to call the PCA 3 pump "the least secure IP enabled device" he has ever worked with.
Mars

NASA Will Award You $5,000 For Your Finest Mars City Idea 156

Posted by samzenpus
from the go-to-mars dept.
coondoggie writes with this snippet from Network World: NASA this week said it would look to the public for cool ideas on how to build a sustainable environment on Mars with the best plan earning as much as $5,000. With the Journey to Mars Challenge, NASA wants applicants to describe one or more Mars surface systems or capabilities and operations that are needed to set up and establish a technically achievable, economically sustainable human living space on the red planet. Think air, water, food, communications systems and the like.
Network

The Ambitions and Challenges of Mesh Networks and the Local Internet Movement 56

Posted by Soulskill
from the net-positives-and-net-negatives dept.
Lashdots writes: Two artists in New York are hatching a plan to teach kids about the internet by building their own. They'll be creating a small, decentralized network, similar to a mesh network, to access other computers, and they'll be developing their own simple social network to communicate with other people. It's part of a growing movement to supplement the Internet with resilient, local alternatives. "And yet, while the decentralized, ad hoc network architecture appeals philosophically to tech-savvy users fed up with monopolistic ISPs, nobody’s found a way to make mesh networks work easily and efficiently enough to replace home Internet connections. Built more for resiliency than for speed, each participating router must continuously search for the best paths to far-flung machines. For now, that makes them of limited interest to many ordinary consumers who simply want to check their email and watch movies."
Portables

Ask Slashdot: Most Chromebook-Like Unofficial ChromeOS Experience? 99

Posted by Soulskill
from the get-your-company-to-pay-for-it-wink-wink dept.
An anonymous reader writes: I am interested in Chromebooks, for the reasons that Google successfully pushes them: my carry-around laptops serve mostly as terminals, rather than CPU-heavy workhorses, and for the most part the whole reason I'm on my computer is to do something that requires a network connection anyhow. My email is Gmail, and without particularly endorsing any one element, I've moved a lot of things to online services like DropBox. (Some offline capabilities are nice, but since actual Chromebooks have been slowly gaining offline stuff, and theoretically will gain a lot more of that, soon, I no longer worry much about a machine being "useless" if the upstream connection happens to be broken or absent. It would just be useless in the same way my conventional desktop machine would be.) I have some decent but not high-end laptops (Core i3, 2GB-4GB of RAM) that I'd enjoy repurposing as Chromebooks without pedigree: they'd fall somewhat short of the high-end Pixel, but at no out-of-pocket expense for me unless I spring for some cheap SSDs, which I might.

So: how would you go about making a Chromebook-like laptop? Yes, I could just install any Linux distro, and then restrain myself from installing most apps other than a browser and a few utilities, but that's not quite the same; ChromeOS is nicely polished, and very pared down; it also seems to do well with low-memory systems (lots of the current models have just 2GB, which brings many Linux distros to a disk-swapping crawl), and starts up nicely quick.

It looks like the most "authentic" thing would be to dive into building Chromium OS (which looks like a fun hobby), but I'd like to find something more like Cr OS — only Cr OS hasn't been updated in quite a while. Perhaps some other browser-centric pared-down Linux would work as well. How would you build a system? And should I go ahead and order some low-end 16GB SSDs, which I now see from online vendors for less than $25?
Twitter

Twitter Stops Users From Playing DOS Games Inside Tweets 54

Posted by Soulskill
from the no-fun-allowed dept.
jones_supa writes: Twitter has killed off an interesting trend of playing DOS games in tweets. Last week, users discovered they could use the new "Twitter Cards" embedding feature to bundle full DOS games within tweets. Running DOSBox inside the web browser is possible thanks to an Emscripten port of DOSBox called Em-DOSBox. The games were pulled from Internet Archive's collection of 2,600 classic titles, many of which still lack proper republishing agreements with the copyright holder. So, is embedding games within Twitter Cards, against the social network's terms of service? Either way, Twitter has now blocked such activity, likely after seeing the various news reports and a stream of Street Fighter II, Wolfenstein 3D and Zool cheering up people's timelines.