At last year's RSA security conference, we ran into the Pwnie Plug. The company has just come out with a new take on the same basic idea of pen-testing devices based on commodity hardware. Reader puddingebola writes with an excerpt from Wired: "The folks at security tools company Pwnie Express have built a tablet that can bash the heck out of corporate networks. Called the Pwn Pad, it's a full-fledged hacking toolkit built atop Google's Android operating system. Some important hacking tools have already been ported to Android, but Pwnie Express says that they've added some new ones. Most importantly, this is the first time that they've been able to get popular wireless hacking tools like Aircrack-ng and Kismet to work on an Android device." Pwnie Express will be back at RSA and so will Slashdot, so there's a good chance we'll get a close-up look at the new device, which runs about $800.
Sign up for the Slashdot Daily Newsletter! DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. ×
Questioning his belief in relational database dogma, new submitter Travis Brown happened to evaluate Amazon's Dynamo DB and MonogDB. His situation was the opposite of Jeff Cogswell's: he started off wanting to prefer Dynamo DB, but came to the conclusion that the benefits of Amazon managing the database for him didn't outweigh the features Mongo offers. From the article: "DynamoDB technically isn't a database, it's a database service. Amazon is responsible for the availability, durability, performance, configuration, optimization and all other manner of minutia that I didn't want occupying my mind. I've never been a big fan of managing the day-to-day operations of a database, so I liked the idea of taking that task off my plate. ... DynamoDB only allows you to query against the primary key, or the primary key and range. There are ways to periodically index your data using a separate service like CloudSearch, but we are quickly losing the initial simplicity of it being a database service. ... However, it turns out MongoDB isn't quite as difficult as the nerds had me believe, at least not at our scale. MongoDB works as advertised and auto-shards and provides a very simple way to get up and running with replica sets." His weblog entry has a few code snippets illustrating how he came to his conclusions.
Trailrunner7 writes "In the wake of high-profile compromises of companies such as Facebook, the New York Times, Apple and others, officials at Zendesk, an online customer support provider, said that the company also had been compromised and the attackers had made off with the email addresses of customers of Twitter, Tumblr and Pinterest, all of which use Zendesk's services. All three companies sent out emails to affected customers, notifying them of the incident and warning that their email addresses may have been compromised. In what has become an almost daily occurrence now, Zendesk officials posted a notice on the company's blog with the heading "We've been hacked". The Zendesk hack notice says that the company became aware of the attack on its network sometime this week and that the company then identified and patched the vulnerability the attackers had used."
mk1004 writes "Yahoo news has an article explaining how the text-based CAPTCHA is giving way to ad-based challenge/response. It's claimed that users are faster at responding to familiar logos, shortening the amount of time they spend proving that they are human. From the article: 'Rather than taking just a mere glance to figure out, recent studies show that a typical CAPTCHA takes, on average, 14 seconds to solve, with some taking much, much longer. Multiply that by the millions and millions of verifications per day, and Web users as a whole are wasting years and years of their lives just trying to prove they're not actually computers. This has led many companies to abandon the age-old system in favor of something not only more secure, but also easier to use for your average Webgoer: Ad-based verification, which can actually cut the time it takes to complete the task in half.'"
codegen writes "The Ontario Court of Appeal has just ruled that the police can search your cellphone if you are arrested without a warrant if it is not password protected. But the ruling also stated that if it is password protected, then the police need a warrant. Previous to this case there was no decision on if the police could search your phone without a warrant in Canada."
Lasrick writes "David Axe at Wired's Danger Room explains: 'For the first time, America's top-of-the-line F-22 fighters and Britain's own cutting-edge Typhoon jets have come together for intensive, long-term training in high-tech warfare. If only the planes could talk to each other on equal terms. The F-22 and the twin-engine, delta-wing Typhoon — Europe’s latest warplane — are stuck with partially incompatible secure communications systems. For all their sophisticated engines, radars and weapons, the American and British pilots are reduced to one-way communication, from the Brits to the Yanks. That is, unless they want to talk via old-fashioned radio, which can be intercepted and triangulated and could betray the planes’ locations. That would undermine the whole purpose of the F-22s radar-evading stealth design, and could pose a major problem if the Raptor and the Typhoon ever have to go to war together.'"
netbuzz writes "Educause members and 7,000 university websites are being forced to change account passwords after a security breach involving the organization's .edu domain server. However, some initially hesitated to comply because the Educause notification email bore tell-tale markings of a phishing attempt. 'Given what is known about phishing and user behavior, this was bad form,' says Gene Spafford, a Purdue University computer science professor and security expert. 'For an education-oriented organization to do this is particularly troubling.'"
Lasrick writes "The Bulletin has an interesting article about the likelihood of terrorists obtaining nuclear material. 'Since 1993, the International Atomic Energy Agency (IAEA) has logged roughly 2,000 cases of illicit or unauthorized trafficking of nuclear and radioactive material. Thirty illicit radioactive trafficking incidents were reported in the former Soviet region alone from 2009 to 2011. As Obama said in December, "Make no mistake, if [terrorists] get [nuclear material], they will use it."'"
NeverVotedBush writes in with the latest installment of the Dreamliner: Boeing 787 saga. "A probe into the overheating of a lithium ion battery in an All Nippon Airways Boeing 787 that made an emergency landing found it was improperly wired, Japan's Transport Ministry said Wednesday. The Transport Safety Board said in a report that the battery for the aircraft's auxiliary power unit was incorrectly connected to the main battery that overheated, although a protective valve would have prevented power from the auxiliary unit from causing damage. Flickering of the plane's tail and wing lights after it landed and the fact the main battery was switched off led the investigators to conclude there was an abnormal current traveling from the auxiliary power unit due to miswiring."
coondoggie writes "Communications and effective system control are still big challenges unmanned aircraft developers are facing if they want unfettered access to U.S. airspace. Those were just a couple of the conclusions described in a recent Government Accountability Office report on the status of unmanned aircraft (PDF) and the national airspace. The bottom line for now seems to be that while research and development efforts are under way to mitigate obstacles to safe and routine integration of unmanned aircraft into the national airspace, these efforts cannot be completed and validated without safety, reliability, and performance standards, which have not yet been developed because of data limitations." The FAA and others seem mostly concerned about the drones hitting things if their GPS and ground communications are both disrupted.
KermMartian writes "The TI-84 Plus C Silver Edition isn't the first color-screen graphing calculator, or even TI's first color calculator, but it's a refresh of a 17-year-old line that many have mocked as antiquated and overpriced. From an advanced review model, the math features look familiar, solid, and augmented with some new goodies, while programming looks about on par with its siblings. The requisite teardown uncovers the new battery, Flash, ASIC/CPU, and LCD used in the device. Although there are some qualms about its speed and very gentle hardware upgrades beyond the screen, it looks to be an indication that TI will continue this inveterate line for years to come." Lots of screenshots and pictures of the innards too.
Trailrunner7 writes "A vulnerability exists in some components of BlackBerry mobile devices that could grant attackers access to instances of the company's Enterprise Server (BES), according to BlackBerry, which issued an alert and released a patch for the vulnerability last week via its Knowledge Base support site. BES, the software implicated by the vulnerability, helps companies deploy BlackBerry devices. The high severity advisory involves the way the phone views Tagged Image File Format (TIFF) files, specifically the way the phone's Mobile Data System Connection Service and Messaging Agent processes and renders the images. An attacker could rig a TIFF image with malware and get a user to either view the image via a specially crafted website or send it to the user via email or instant message. The last two exploit vectors could make it so the user wouldn't have to click the link or image, or view the email or instant message, for the attack to prove successful. Once executed, an attacker could access and execute code on Blackberry's Enterprise Server."
FreeMichael61 writes "In the latest episode of Spy vs. Spy, China rejects accusations it's hacking U.S. companies to steal IP or bring down the grid. But there's no doubt the grid can be hacked, CIO Journal's Steve Rosenbush and Rachael King report. Industrial control networks are supposed to be protected from the Internet by an air gap that, it turns out, is largely theoretical. Internal security is often lax, laptops and other devices are frequently moved between corporate networks and control networks, and some SCADA systems are still directly connected to the internet. What security standards actually exist are out of date and don't cover enough, and corporations often use questionable supply chains because they are cheaper."
New submitter genericmk writes "NPR is running an interesting story about the unfortunate status of the aging programmers in the IT industry. Older IT workers are opposing the H-1B visa overhaul. Large corporations want more visa, they claim, because of a shortage of IT talent. However, these companies are actively avoiding older, more experienced workers, and are bringing in large volumes of foreign staff. The younger, foreign workers are often easier to control, and they demand lower wages; indentured servitude is replacing higher cost labor."
snydeq writes "Apple was recently attacked by hackers who infected the Macintosh computers of some employees, the company said on Tuesday in an unprecedented disclosure that described the widest known cyber attacks against Apple-made computers to date, Reuters reports. 'The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. ... A person briefed on the investigation into the attacks said that hundreds of companies, including defense contractors, had been infected with the same malicious software, or malware. The attacks mark the highest-profile cyber attacks to date on businesses running Mac computers.'"
netbuzz writes "Fed up with phishers using Google Forms to commandeer campus email accounts as spam engines, Oxford University recently blocked access to Google Docs for two-and-a-half hours in what it called an 'extreme action' designed to get the attention of both its users and Google. 'Seeing multiple such incidents the other afternoon tipped things over the edge,' Oxford explains in a blog post. 'We considered these to be exceptional circumstances and felt that the impact on legitimate University business by temporarily suspending access to Google Docs was outweighed by the risks to University business by not taking such action.' The move generated widespread complaints from those affected, as well as criticism from outside network professionals."
Vigile writes "NVIDIA's new GeForce GTX TITAN graphics card is being announced today and is utilizing the GK110 GPU first announced in May of 2012 for HPC and supercomputing markets. The GPU touts computing horsepower at 4.5 TFLOPS provided by the 2,688 single precision cores, 896 double precision cores, a 384-bit memory bus and 6GB of on-board memory doubling the included frame buffer that AMD's Radeon HD 7970 uses. With a make up of 7.1 billion transistors and a 551 mm^2 die size, GK110 is very close to the reticle limit for current lithography technology! The GTX TITAN introduces a new GPU Boost revision based on real-time temperature monitoring and support for monitor refresh rate overclocking that will entice gamers and with a $999 price tag, the card could be one of the best GPGPU options on the market." HotHardware says the card "will easily be the most powerful single-GPU powered graphics card available when it ships, with relatively quiet operation and lower power consumption than the previous generation GeForce GTX 690 dual-GPU card."
judgecorp writes "The Chinese government has been accused of backing the APT1 hacking group, which appears to be part of the Chinese People's Liberation Army (PLA), according to the security firm which worked with the New York Times when it fell victim to an attack. The firm, Mandiant, says that APT1 is government sponsored, and seems to operate from the same location as PLA Unit 61398." Unsurprisingly, this claim is denied by Chinese officials. You can read the report itself online (PDF), or skim the highlights.
diegocg writes "Linux kernel 3.8 has been released. This release includes support in Ext4 for embedding very small files in the inode, which greatly improves the performance for these files and saves some disk space. There is also a new Btrfs feature that allows for quick disk replacement, a new filesystem F2FS optimized for SSDs; support for filesystem mount, UTS, IPC, PID, and network namespaces for unprivileged users; accounting of kernel memory in the memory resource controller; journal checksums in XFS; an improved NUMA policy redesign; and, of course, the removal of support for 386 processors. Many small features and new drivers and fixes are also available. Here's the full list of changes."