judgecorp writes "Fujitsu has launched a laptop which authenticates users using the veins of their palm. The contactless technology is hard to deceive and — since it detects haemoglobin in the veins, is not so likely to be breakable using the gruesome method of cutting off a hand."
Slashdot is powered by your submissions, so send in your scoop
CowboyRobot writes "The incentives are high for many businesses and government agencies to not be too heavy handed in combating the global botnet pandemic. There's money to be had and, with each passing day, more interesting ways are being uncovered in how to package the data, and how to employ it. It used to be that the worlds of bug hunters and malware analysts were separate and far between. In the last couple of years the ability to analyze malware samples and identify exploitable vulnerabilities in them has become very important. Given that some botnets have a bigger pool of victims than many commercial software vendors have licensed customers, the value of an exploit that grants reliable remote control of a popular malware agent is rising in value. In many ways, botnets have become a golden goose to those charged with gathering intelligence on the populations of foreign entities. The bulk of the victim's data is useful for mapping populations, communication profiles, and as egress points for counter intelligence exercises. Then, given how many botnet victims there are, the probability that a few 'interesting' computers will have succumbed along the way is similarly high — providing direct insight in to a pool of high value targets."
wiredmikey writes "A new Windows kernel zero-day vulnerability is being exploited in targeted attacks against Windows XP users. Microsoft confirmed the issue and published a security advisory to acknowledge the flaw after anti-malware vendor FireEye warned that the Windows bug is being used in conjunction with an Adobe Reader exploit to infect Windows machines with malware. Microsoft described the issue as an elevation of privilege vulnerability that allows an attacker to run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights."
hypnosec writes "A white hat hacker managed to break into multiple email accounts thereby forcing the European Parliament to cutoff its public Wi-Fi access. The French security researcher apparently performed man-in-the-middle attacks on multiple email accounts in a bid to expose the poor security at the Parliament. Through an internal mailer, members of the Parliament were informed that a 'hacker has captured the communication between private smartphones and the public Wi-Fi of the Parliament (EP-EXT Network).' The public Wi-Fi has been cut-off indefinitely and users at located at Brussels, Strasbourg and Luxembourg have been advised to apply for certificates and switch to more secure networks."
Daniel_Stuckey writes "Since Edward Snowden's disclosures about widespread NSA surveillance, Americans and people everywhere have been presented with a digital variation on an old analog threat: the erosion of freedoms and privacy in exchange, presumably, for safety and security. Bruce Schneier knows the debate well. He's an expert in cryptography and he wrote the book on computer security; Applied Cryptography is one of the field's basic resources, 'the book the NSA never wanted to be published,' raved Wired in 1994. He knows the evidence well too: lately he's been helping the Guardian and the journalist Glenn Greenwald review the documents they have gathered from Snowden, in order to help explain some of the agency's top secret and highly complex spying programs. To do that, Schneier has taken his careful digital privacy regime to a new level, relying on a laptop with an encrypted hard drive that he never connects to the internet. That couldn't prevent a pilfered laptop during, say, a 'black bag operation,' of course. 'I know that if some government really wanted to get my data, there'd be little I could do to stop them,' he says."
Barence writes "Anti-spam outfit Spamhaus has called on the UK government to fine those who are running Internet infrastructure that could be exploited by criminals. Those who leave open Domain Name Server resolvers vulnerable to attack should be fined, if they have previously received a warning, said chief information officer of Spamhaus, Richard Cox. When Spamhaus was hit by a massive distributed DDoS possibly the biggest ever recorded at more than 300Gbits/sec — open DNS resolvers were used to amplify the hit, which was aimed at one of the organization's upstream partners. 'Once they know it can be used for attacks and fraud, that should be an offense,' Cox said. 'You should be subject to something like a parking ticket... where the fine is greater than the cost of fixing it."
caferace writes "I've been around the block. I'm a long-time worker in the tech industry (nearly 30 years), absolutely kickass SQA and Hardware person, networking, you name it. But I'm 50+ now, and finding new regular or contract work is a pain. And it shouldn't be. I have the skills and the aptitude to absorb and adapt to any new situations and languages way beyond what any of my college age brethren might have. But when I send out a perfectly good resume and use the more obvious resources there are still precious few bites for someone requiring to work remotely. Am I just whining, or is this common? Are we being put out to pasture far too early?"
JackAcme writes "Searching for product reviews via Google mostly turns up sales sites masquerading as review sites. Consumer reviews on Amazon and other big retailers are suspect since so many manufacturers are paying for positive reviews. Where do Slashdotters turn for reliable, informed reviews of new hardware and software?"
Dega704 writes with news that Edward Snowden is believed to have a collection of highly sensitive classified documents that will be released in the event he is detained, hurt, or killed. According to Reuters, "The data is protected with sophisticated encryption, and multiple passwords are needed to open it, said two of the sources, who like the others spoke on condition of anonymity to discuss intelligence matters. The passwords are in the possession of at least three different people and are valid for only a brief time window each day, they said. The identities of persons who might have the passwords are unknown." These details have caused several security experts to express skepticism, but multiple sources, including Glenn Greenwald, believe Snowden has not released all of the documents he appropriated. "U.S. officials and other sources said only a small proportion of the classified material Snowden downloaded during stints as a contract systems administrator for NSA has been made public. Some Obama Administration officials have said privately that Snowden downloaded enough material to fuel two more years of news stories." Whether or not it's true, U.S. and U.K. officials clearly believe it, which can only serve to protect Snowden.
New submitter johnslater writes "The Chicago Transit Authority's new 'Ventra' stored-value fare card system has another big problem. It had a difficult birth, with troubles earlier this fall when legitimate cards failed to allow passage, or sometimes double-billed the holders. Last week a server failure disabled a large portion of the system at rush hour. Now it is reported that some federal government employee ID cards allow free rides on the system. The system is being implemented by Cubic Transportation Systems for the bargain price of $454 million."
Jah-Wren Ryel sends this quote from Ars: "Newegg, an online retailer that has made a name for itself fighting the non-practicing patent holders sometimes called 'patent trolls,' sits on the losing end of a lawsuit tonight. An eight-person jury came back shortly after 7:00pm and found that the company infringed all four asserted claims of a patent owned by TQP Development, a company owned by patent enforcement expert Erich Spangenberg. The jury also found that the patent was valid, apparently rejecting arguments by famed cryptographer Whitfield Diffie. Diffie took the stand on Friday to argue on behalf of Newegg and against the patent. In total, the jury ordered Newegg to pay $2.3 million, a bit less than half of the $5.1 million TQP's damage expert suggested. ... TQP's single patent is tied to a failed modem business run by Michael Jones, formerly president of Telequip. TQP has acquired more than $45 million in patent licensing fees by getting settlements from a total of 139 companies since TQP argues that its patent covers SSL or TLS combined with the RC4 cipher, a common Internet security system used by retailers like Newegg."
itwbennett writes "A timely CareerBuilder survey finds that 23% of IT pros spend the holiday with coworkers, either in the office or at another location. But the findings vary widely by city. In Boston, for example, you're pretty sure to be on your own for the holiday — only 6% of coworkers there nosh together. While in Atlanta (35%) or Dallas (30%) things are downright chummy."
An anonymous reader writes "The Xeon Phi co-processor requires a Xeon CPU to operate... for now. The next generation of Xeon Phi, codenamed Knights Landing and due in 2015, will be its own CPU and accelerator. This will free up a lot of space in the server but more important, it eliminates the buses between CPU memory and co-processor memory, which will translate to much faster performance even before we get to chip improvements. ITworld has a look."
cartechboy writes "The Tesla Model S, for all its technical and design wizardry, has a dirty little secret: Its a vampire. The car has an odd and substantial appetite for kilowatt-hours even when turned off and parked. This phenomenon has been dubbed the 'vampire' draw, and Tesla promised long ago to fix this issue with a software update. Well, a few software updates have come and gone since then, and the Model S is still a vampire sucking down energy when it's shut down. While this is a concern for many Model S owners and would be owners, the larger question becomes: After nine months, and multiple software updates,why can't Tesla fix this known issue? Tesla has recognized the issue and said a fix would come, yet the latest fix is only a tiny improvement — and the problem remains unsolved. Is Tesla stumped? Can the issue be fixed?"
An anonymous reader writes "Researchers at Fraunhofer FKIE, Germany have presented a paper on covert acoustical communications between laptop computers. In their paper 'On Covert Acoustical Mesh Networks in Air', they describe how acoustical communication can be used to secretly bridge air gaps between computers and connect computers and networks that are thought to be completely isolated from each other. By using ad-hoc routing protocols, they are able to build up a complete mesh network of infected computers that leaks data over multiple hops. A multi-hop acoustical keylogger is also presented where keystrokes are forwarded to an attacker over multiple hops between different office rooms. The fundamental part of the communication system is a piece of software that has originally been developed for acoustic underwater communications. The researchers also provide different countermeasures against malicious participation in a covert acoustical network. The limitations of air gaps have been discussed recently in the context of a highly advanced malware, although reports on this so-called badBIOS malware could not yet be confirmed."