Jah-Wren Ryel sends this quote from Ars: "Newegg, an online retailer that has made a name for itself fighting the non-practicing patent holders sometimes called 'patent trolls,' sits on the losing end of a lawsuit tonight. An eight-person jury came back shortly after 7:00pm and found that the company infringed all four asserted claims of a patent owned by TQP Development, a company owned by patent enforcement expert Erich Spangenberg. The jury also found that the patent was valid, apparently rejecting arguments by famed cryptographer Whitfield Diffie. Diffie took the stand on Friday to argue on behalf of Newegg and against the patent. In total, the jury ordered Newegg to pay $2.3 million, a bit less than half of the $5.1 million TQP's damage expert suggested. ... TQP's single patent is tied to a failed modem business run by Michael Jones, formerly president of Telequip. TQP has acquired more than $45 million in patent licensing fees by getting settlements from a total of 139 companies since TQP argues that its patent covers SSL or TLS combined with the RC4 cipher, a common Internet security system used by retailers like Newegg."
Catch up on stories from the past week (and beyond) at the Slashdot story archive
itwbennett writes "A timely CareerBuilder survey finds that 23% of IT pros spend the holiday with coworkers, either in the office or at another location. But the findings vary widely by city. In Boston, for example, you're pretty sure to be on your own for the holiday — only 6% of coworkers there nosh together. While in Atlanta (35%) or Dallas (30%) things are downright chummy."
An anonymous reader writes "The Xeon Phi co-processor requires a Xeon CPU to operate... for now. The next generation of Xeon Phi, codenamed Knights Landing and due in 2015, will be its own CPU and accelerator. This will free up a lot of space in the server but more important, it eliminates the buses between CPU memory and co-processor memory, which will translate to much faster performance even before we get to chip improvements. ITworld has a look."
cartechboy writes "The Tesla Model S, for all its technical and design wizardry, has a dirty little secret: Its a vampire. The car has an odd and substantial appetite for kilowatt-hours even when turned off and parked. This phenomenon has been dubbed the 'vampire' draw, and Tesla promised long ago to fix this issue with a software update. Well, a few software updates have come and gone since then, and the Model S is still a vampire sucking down energy when it's shut down. While this is a concern for many Model S owners and would be owners, the larger question becomes: After nine months, and multiple software updates,why can't Tesla fix this known issue? Tesla has recognized the issue and said a fix would come, yet the latest fix is only a tiny improvement — and the problem remains unsolved. Is Tesla stumped? Can the issue be fixed?"
An anonymous reader writes "Researchers at Fraunhofer FKIE, Germany have presented a paper on covert acoustical communications between laptop computers. In their paper 'On Covert Acoustical Mesh Networks in Air', they describe how acoustical communication can be used to secretly bridge air gaps between computers and connect computers and networks that are thought to be completely isolated from each other. By using ad-hoc routing protocols, they are able to build up a complete mesh network of infected computers that leaks data over multiple hops. A multi-hop acoustical keylogger is also presented where keystrokes are forwarded to an attacker over multiple hops between different office rooms. The fundamental part of the communication system is a piece of software that has originally been developed for acoustic underwater communications. The researchers also provide different countermeasures against malicious participation in a covert acoustical network. The limitations of air gaps have been discussed recently in the context of a highly advanced malware, although reports on this so-called badBIOS malware could not yet be confirmed."
Hugh Pickens DOT Com writes "The Washington Post reports that a rigorous, six-month training program launched by successful tech entrepreneurs for inmates in the decaying San Quentin State Prison is teaching carefully selected inmates the ins and outs of designing and launching technology firms, using local experts as volunteer instructors and the graduates, now trickling out of the penal system, are landing real jobs at real dot-coms. 'We believe that when incarcerated people are released into the world, they need the tools to function in today's high-tech, wired world,' says co-founder Beverly Parenti, who with her husband, Chris Redlitz, has launched thriving companies, including AdAuction, the first online media exchange. During twice-a-week evening lessons, students — many locked up before smartphones or Google— practice tweeting, brainstorm new companies and discuss business books assigned as homework. Banned from the Internet to prevent networking with other criminals, they take notes on keyboard-like word processors or with pencil on paper. The program is still 'bootstrapping,' as its organizers say, with just 12 graduates in its first two years and now a few dozen in classes in San Quentin and Twin Towers. But the five graduates released so far are working in the tech sector. 'This program will go a long way to not only providing these guys with jobs, but it is my hope that they hire people like them who have changed their lives and are now ready to contribute to society, pay taxes, follow the law, support their families,' says former California Department of Corrections and Rehabilitation director Matthew Cate who adds he made the right decision to approve the training course. 'All those things contribute to the economy.'"
wabrandsma writes "Two Israeli computer scientists say they may have uncovered a puzzling financial link between Ross William Ulbricht, the recently arrested operator of the Internet black market known as the Silk Road, and the secretive inventor of bitcoin, the anonymous online currency, used to make Silk Road purchases."
An anonymous reader writes "I'm currently being targeted by an overseas debt collection scam. My landline rings every 10-15 minutes all day every day. I considered getting a blacklisting device to block the incoming calls, but the call center spoofs a different number on my caller ID each time, and it's gotten to the point where I've just unplugged the phones. I'm already on the Do No Call Registry and have filed a complaint with the FTC. Aside from ditching my landline, changing my number, and/or blowing a whistle into the receiver anytime I actually pick up, are there any real solutions out there? Has anybody had luck with a blacklisting device?"
jones_supa writes "A couple of weeks ago hacker Oona Räisänen told about finding a 16 kbps data stream on FM broadcast frequencies, and her suspicion was that it's being used by the public transit display system in Helsinki, Finland. Now it's time to find out the truth. She had the opportunity to observe a display stuck in the middle of its bootup sequence, displaying a version string. This revealed that the system is called IBus and it's made by the Swedish company Axentia. Sure enough, their website talks about DARC and how it requires no return channel, making it possible to use battery-powered displays in remote areas. Other than that, there are no public specs for the proprietary protocol. So she implemented the five-layer DARC protocol stack in Perl and was left with a stream of fully error-corrected packets on top of Layer 5, separated into hundreds of subchannels. Some of these contained human-readable strings with names of terminal stations. They seemed like an easy starting point for reverse engineering..."
Fnord666 writes with this excerpt from Tech Crunch "Twitter has enabled Perfect Forward Secrecy across its mobile site, website and API feeds in order to protect against future cracking of the service's encryption. The PFS method ensures that, if the encryption key Twitter uses is cracked in the future, all of the past data transported through the network does not become an open book right away. 'If an adversary is currently recording all Twitter users' encrypted traffic, and they later crack or steal Twitter's private keys, they should not be able to use those keys to decrypt the recorded traffic,' says Twitter's Jacob Hoffman-Andrews. 'As the Electronic Frontier Foundation points out, this type of protection is increasingly important on today's Internet.'" Of course, they are also using Elliptic Curve ciphers.
msm1267 writes "Attackers are using route injection attacks against BGP-speaking routers to insert additional hops in the traffic stream, redirecting traffic to third-party locations where it can be inspected before it's sent to its destination. Internet intelligence company Renesys has detected close to 1,500 IP address blocks that have been hijacked on more than 60 days this year, a disturbing trend that indicates attackers could finally have an increased interest in weaknesses inherent in core Internet infrastructure."
rtoz writes "The American intelligence service — NSA — infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information, documents provided by former NSA-employee Edward Snowden show."
Bruce66423 writes with news that the IRS hasn't made much progress improving its poor IT security. From the article: "The Treasury Inspector General for Tax Administration found that the IRS had only partially implemented 42 percent of the corrective plans it checked off as completed in recent years. ... The review (PDF) showed that the IRS failed to properly track its progress toward completing many of the fixes auditors had recommended in recent years. The agency closed most of the cases without adequate documentation and did not always upload the necessary information into a database that helps ensure compliance."
MojoKid writes "When Intel debuted Haswell this year, it launched its first mobile processor with a massive 128MB L4 cache. Dubbed "Crystal Well," this on-package (not on-die) pool of memory wasn't just a graphics frame buffer, but a giant pool of RAM for the entire core to utilize. The performance impact from doing so is significant, though the Haswell processors that utilize the L4 cache don't appear to account for very much of Intel's total CPU volume. Right now, the L4 cache pool is only available on mobile parts, but that could change next year. Apparently Broadwell-K will change that. The 14nm desktop chips aren't due until the tail end of next year but we should see a desktop refresh in the spring with a second-generation Haswell part. Still, it's a sign that Intel intends to integrate the large L4 as standard on a wider range of parts. Using EDRAM instead of SRAM allows Intel's architecture to dedicate just one transistor per cell instead of the 6T configurations commonly used for L1 or L2 cache. That means the memory isn't quite as fast but it saves an enormous amount of die space. At 1.6GHz, L4 latencies are 50-60ns which is significantly higher than the L3 but just half the speed of main memory."
First time accepted submitter fasuin writes "Which is the most advanced cloud storage solution? Which is the impact of server locations? What are the benefits of advanced techniques to optimise data transfers? Researchers from Italy and The Netherlands have come out with a set of benchmarks that allowed them to compare Dropbox, CloudDrive, SkyDrive and Google Drive. Which is the best? You can check it by yourself by running the tests on your own if you like." What this kind of benchmarking can't well do, though, is predict which of these cloud storage companies are going to be around in five years, which might be at least as an important a factor.
linuxwrangler writes "San Francisco Bay Area commuters awoke this morning to the news that BART, the major regional transit system which carries hundreds of thousands of daily riders, was entirely shut down due to a computer failure. Commuters stood stranded at stations and traffic backed up as residents took to the roads. The system has returned to service and BART says the outage resulted from a botched software upgrade."
Daniel_Stuckey writes "Tor has been in the spotlight lately as a way to keep prying eyes away from your online activities. However, to your average internet user, the covert network of relays and whatchamacallits can come off as too complex and intimidating to bother with — even as people are increasingly concerned with their online privacy in light of the NSA scandal. So goes the thinking behind Safeplug, a new hardware adapter that basically puts Tor in a box. It takes 60 seconds and 50 bucks to plug the privacy box into your router, and you're good to go, the company claims. Like anonymous browsing for dummies. The adapter comes from hardware company Pogoplug, which announced its new product yesterday and hopes it will bring Tor to the mass market by offering more consumer-friendly access. 'We want to just take what is currently available today to a more technical crowd and democratize it, making it easier to use for an average user,' CEO Dan Putterman told GigaOM."
rjupstate sends an article comparing how an IT infrastructure would be built today compared to one built a decade ago. "Easily the biggest (and most expensive) task was connecting all the facilities together. Most of the residential facilities had just a couple of PCs in the staff office and one PC for clients to use. Larger programs that shared office space also shared a network resources and server space. There was, however, no connectivity between each site -- something my team resolved with a mix of solutions including site-to-site VPN. This made centralizing all other resources possible and it was the foundation for every other project that we took on. While you could argue this is still a core need today, there's also a compelling argument that it isn't. The residential facilities had very modest computing needs -- entering case notes, maintaining log books, documenting medication adherence, and reviewing or updating treatment plans. It's easy to contemplate these tasks being accomplished completely from a smartphone or tablet rather than a desktop PC." How has your approach (or your IT department's approach) changed in the past ten years?
mask.of.sanity writes "Users can be identified with a half percent margin of error based on the way they type. The research work has been spun into an application that could continuously authenticate users (PDF), rather than just relying on passwords, and could lock accounts if another person jumped on the computer. Researchers are now integrating mouse movements and clicks, and mobile touch patterns into the work."
kanad writes "High school students in Queensland, Australia would be able to do Microsoft certifications online and get credits. The exam fees will be free for students and courses include Microsoft's products like Sharepoint and SQL Server. Ostensibly this is for making kids ready for the workforce. but Australian IT entrepreneur Matt Barrie CEO of freelancer.com has criticised it for vendor lock-in and Microsoft's influence in the educational system."