A-1 News Page
angry tapir writes "Windows CE-based ATMs can easily be made to dole out cash, according to security researcher Barnaby Jack. Exploiting bugs in two different ATM machines at Black Hat, the researcher from IOActive was able to get them to spit out money on demand and record sensitive data from the cards of people who used them. Jack believes a large number of ATMs have remote management tools that can be accessed over a telephone. After experimenting with two machines he purchased, Jack developed a way of bypassing the remote authentication system and installing a homemade rootkit, named Scrooge," 
Read more of this story at Slashdot.
Posted on 29 July 2010 | 12:57 pm
netbuzz writes "Some 230,000 New Zealanders have been informed that their personal information has apparently fallen into the hands of hackers who compromised the network of a locally famous food chain, Hell Pizza. The company says it suspects 'a rogue employee,' but one security expert says Hell's ordering portal is 'about 50 steps of fail.' Several New Zealand celebrities are among the victims and at least one is taking the matter in stride, musing: 'My Twitter has been hacked, my Facebook has been hacked and I'm pretty sure half of New Zealand has my phone number already. I have nothing bad to say about Hell.'"
Read more of this story at Slashdot.
Posted on 29 July 2010 | 6:12 am
snydeq writes "AT&T says it won't interfere with a highly anticipated talk on intercepting cell phone calls at the Black Hat conference this week. Hacker Chris Paget last week said that he plans to demonstrate on Saturday how to set up what's essentially a fake cell tower that allows him listen in on nearby mobile calls. But Tuesday, he wrote on his blog that he had 'heard that AT&T may be considering suing me to stop my talk.' AT&T, however, has insisted it has no plans to interfere with the talk."
Read more of this story at Slashdot.
Posted on 29 July 2010 | 3:37 am
crabel writes "In Java 1.6.0_21, the company field was changed from 'Sun Microsystems, Inc' to 'Oracle.' Apparently not the best idea, because some applications depend on that field to identify the virtual machine. All Eclipse versions since 3.3 (released 2007) until and including the recent Helios release (2010) have been reported to crash with an OutOfMemoryError due to this change. This is particularly funny since the update is deployed through automatic update and suddenly applications cease to work."
Read more of this story at Slashdot.
Posted on 28 July 2010 | 11:22 pm
eecue writes "The folks at DefCon, the world's largest hacker convention [previously on Slashdot], have been making awesome badges for years. Last year along with the convention badge, a group of hackers known as the Ninjas created an electronic badge for their exclusive party. This year the Ninjas have taken the whole electronic badge thing to the next level with an interactive, wireless, encrypted ninja battle video game badge. I convinced the Ninjas to give Wired.com an exclusive sneak peek, and let me tell you, this thing is awesome."
Read more of this story at Slashdot.
Posted on 28 July 2010 | 9:12 pm
Julie188 writes "GNOME 3.0 was scheduled to be released in September but during the developers conference, GUADEC 2010 in Den Haag, the organization had to face facts: the much ballyhooed GNOME Shell really wasn't ready. The Shell is supposed to bring 'a whole new user experience to the desktop.' So now, in September, what users will see is GNOME 2.32, distributed as a new stable release. Next target date for 3.0: March 2011."
Read more of this story at Slashdot.
Posted on 28 July 2010 | 8:29 pm
Stoobalou writes "A directory containing personal details about more than 100 million Facebook users has surfaced on an Internet file-sharing site. The 2.8GB torrent was compiled by hacker Ron Bowes of Skull Security, who created a web crawler program that harvested data on users contained in Facebook's open access directory, which lists all users who haven't bothered to change their privacy settings to make their pages unavailable to search engines."
Read more of this story at Slashdot.
Posted on 28 July 2010 | 3:09 pm
krebsonsecurity writes "One big reason why rogue anti-virus continues to make major bucks for scam artists: relatively few victims ever ask their credit card company or bank to reverse the charges for the phony security software — even when the victims don't even receive the worthless software they were promised. I recently found several caches of data for affiliates of a rogue anti-virus distribution program, and the data showed that in one set of attacks only 367 out of more than 2,000 scammed disputed the charge. A second rogue anti-virus campaign scammed more than 1,600 people, and yet fewer than 10 percent fought the charges."
Read more of this story at Slashdot.
Posted on 28 July 2010 | 12:04 am
nk497 writes "When it comes to security flaws, who should be warned first: users or software vendors? The debate has flared up again, after Google researcher Tavis Ormandy published a flaw in Windows Support. As previously noted on Slashdot, Google has since promised to back researchers that give vendors at least 60-days to sort out a solution to reported flaws, while Microsoft has responded by renaming responsible disclosure as 'coordinated vulnerability disclosure.' Microsoft is set to announce something related to community-based defense at Black Hat, but it's not likely to be a bug bounty, as the firm has again said it won't pay for vulnerabilities. So what other methods for managing disclosures could the security industry develop, that balance vendors need for time to develop a solution and researchers' needs to work together and publish?"
Read more of this story at Slashdot.
Posted on 27 July 2010 | 3:20 pm
An interesting article at Ars Technica takes a look at some compelling data (the longer-than-normal processor update cycles in Apple's personal computer lineup) and speculates that Apple's enthusiasm for its partnership with Intel might be cooling. Like Apple's soured relationship with once-BFF Google, this may be the result of Intel's increasing activities in the mobile computing space.
Posted on 27 July 2010 | 8:44 am
Fraunhofer's FIT . . . has recently appeared on the YouTubes, where we must say it looks pretty darn good. Not only does it not require special gloves or markers, this thing also works in real time and can support multiple users (and multiple fingers).
Posted on 27 July 2010 | 8:38 am
Some people hate the idea of adding proprietary software to their desktop Linux. For these people, there are Linux distributions such as gNewSense that use only free software. For the rest of us, who use distributions such as Fedora, openSUSE and Ubuntu, there are times we either want to, or feel forced to, add proprietary programs such as Adobe Flash or Skype or the ability to play proprietary audio and video formats such as MP3 or commercial DVDs to your Linux desktop. Here's how to do it.
Posted on 27 July 2010 | 8:35 am
Real-Time apps have been popularized by social-notification tools like Twitter and Friendfeed. With a Real-Time web app you can get website information as soon as it's published. Learn techniques that allow you to create responsive, continually updated web applications that conserve server resources while providing a slick user experience using jQuery, XMPP and PHP.
Posted on 27 July 2010 | 8:34 am
CentOS, with almost 30% of all Linux servers. The Red Hat Enterprise Linux-derived distro is #1 according to Web Technology Surveys.
Posted on 27 July 2010 | 8:31 am
pspahn writes "I am currently enrolled at a very well-known online school. I was hesitant when I enrolled; now more than a year has gone by, and I am regretting my decision. The main problem is that I am not learning anything. I have several years' experience with Web design, yet I was not allowed to bypass Intro to Web Design 1. Similarly, there are other classes on my list that will teach me very little I don't already know, yet will cost me money all the same. Now, I do have a great desire to learn and to further myself academically, but I just don't see much value in continuing to take classes I could have aced in ninth grade. It is also difficult when fellow classmates clearly have very little intelligent input to offer and our online discussions are reminiscent of an AOL chat room. While it is possible simply to attend a local school in person, I would much prefer an online environment as it seems to be a more natural medium considering the content of my studies. I am interested specifically in Information Security programs. What online education programs have Slashdot readers been happy with and considered successful?"
Read more of this story at Slashdot.
Posted on 27 July 2010 | 4:29 am
WesternActor writes "The Khronos Group has announced full details for the OpenGL 4.1 specification. Among the new features of the spec, which comes just five months after the release of the 4.0 specification, is full support for OpenGL ES, which simplifies porting between mobile and desktop platforms. It'll be interesting to see what effect, if any, this new spec has on the graphics industry — more compatibility could change the way many embedded systems are designed. There are lots of other changes and additions in the spec, as well." Reader suraj.sun contributes insight from Ars, which brings OpenGL's competition into focus: "OpenGL 4.0 brought feature parity with Direct3D 11's new features — in particular, compute shaders and tessellation — and with 4.1, the Khronos Group claims that it is surpassing the functionality offered in Microsoft's 3D API. ... Whether this truly constitutes a leapfrogging of Direct3D 11 is not obvious."
Read more of this story at Slashdot.
Posted on 27 July 2010 | 2:37 am
snydeq writes "InfoWorld's Bob Violino reports on the quiet threat to today's business: cyber spies on network systems. According to observers, 75 percent of companies have been infected with undetected, targeted attacks — ones that typically exploit multiple weaknesses with the ultimate goal of compromising a specific account. Such attacks often begin by correlating publicly available information to access a single system. From there, the entire environment can be gradually traversed enabling attackers to place monitoring software in out-of-the-way systems, such as log servers, where IT often doesn't look for intrusions. 'They collect the data and send it out, such as via FTP, in small amounts over time, so they don't rise over the noise of normal traffic and call attention to themselves,' Violino writes. 'There's probably no way you can completely protect your organization against the increasingly sophisticated attacks by foreign and domestic spies. That's especially true if the attacks are coming from foreign governments, because nations have resources that most companies do not possess.'"
Read more of this story at Slashdot.
Posted on 26 July 2010 | 11:52 pm
ChrisPaget writes "I'm planning a pretty significant demonstration of GSM insecurity at Defcon next week, where I'll intercept and record cellular calls made by my attendees, live on-stage, no user-input required. As you can imagine, intercepting cellphones is a Very Big Deal in the eyes of the law; this blog post is an attempt to reassure everyone that their privacy is being taken seriously despite the nature of the demo. I'm not just making it up either — the EFF have helped significantly with the details."
Read more of this story at Slashdot.
Posted on 26 July 2010 | 9:50 pm
So, there I am enjoying a nice Gilmore Girls episode after a long day's work, and Engadget's iPhone application brings the good news: the US Library of Congress has added a DMCA exemption for jailbreaking or rooting mobile phones! This is a major blow to Apple, who actively tried to keep jailbreaking a criminal offence, and a major win for everyone who believes that the phone you buy is actually yours, and not the manufacturer's.
Posted on 26 July 2010 | 6:48 pm
hankwang writes "Belgian authorities uncovered an international network of online banking fraud (Google translation; Dutch original), which has been going on since 2007. The fraud targeted customers of several major banks, which used supposedly secure two-factor systems that require the customer to generate authorization codes from transaction information (random code and amount or recipient's account number) that is manually keyed into a cryptographic device (Flash demo from one of the banks; manufacturer's website). Trojan horses that were planted onto the victims' computers would generate a fake error message and request that the victim re-enter the authorization code. This way, amounts up to €4,000 were transferred to money mules and thence to Eastern Europe. The worrying part is that many cases were never reported to the police, because the bank preferred to refund the money to the victim rather than risking its reputation. The extent of this type of fraud is unknown." The article mentions in passing that similar crimes are occurring in Germany and Sweden.
Read more of this story at Slashdot.
Posted on 26 July 2010 | 9:37 am
CIO.com highlights a number of new multimedia features in RIM's new BlackBerry OS, which used to mostly business-focused.
Posted on 26 July 2010 | 2:13 am
While browsing through dealextreme.com, a popular online shop for electronic products here in Asia, I was really surprised to see several iPad-like tablet computers that are sold for as low as $99 (US). Another surprising thing is that they are all powered by Android.
Posted on 26 July 2010 | 2:10 am
For years, researchers have touted graphene as the magic material for the next generation of high-speed electronics, but so far it hasn't proved practical. Now a new way of making nanoscale strips of carbon--the building block of graphene--could kick-start a shift toward superfast graphene components.
Posted on 26 July 2010 | 2:08 am
Humane PC and its Humane Reader child are open source hardware projects with some seriously low-cost internal components. At volume the PC could retail for as low as $20, and that's with 2GB of microSD storage, USB / PS/2 plugs, and video out. The PC is primarily designed to output low-res, black and white text to a TV, making it a low cost reader for developing countries, and the Humane Reader project pre-loads the device with thousands of Wikipedia articles (much in the vein of the OpenMoko WikiReader).
Posted on 26 July 2010 | 2:07 am
Wind River Linux Secure, a secure embedded Linux, is in evaluation by the National Information Assurance Partnership (NIAP) to be certified to Common Criteria Evaluation Assurance Level 4+ (EAL4+), conforming to the General Purpose Operating System Protection Profile. Upon certification completion to Common Criteria EAL4+, Wind River Linux Secure is expected to be the first commercial embedded Linux operating system accepted by NIAP.
Posted on 26 July 2010 | 2:02 am
Today's commercial-grade programming languages - C++ and Java, in particular - are way too complex and not adequately suited for today's computing environments, Google distinguished engineer Rob Pike argued in a talk at the O'Reilly Open Source Conference. Pike made his case against such "industrial programming languages" during his keynote at the conference in Portland, Oregon.
Posted on 26 July 2010 | 1:57 am
India's Human Resource Development Minister Kapil Sibal unveiled a touchscreen tablet that he claims they will be able to produce for just $35. The device is being aimed at students, and seems to be taking the One Laptop Per Child idea and running with it. "Despite the price, users will get a touch-screen, a PDF reader and a webcam for video conferencing. There has been no confirmation of its specifications but reports suggest 2GB of memory, Wi-Fi and Ethernet and power consumption at just 2W. Naturally, the device will run Linux."
Posted on 26 July 2010 | 1:44 am
Blogger Kevin Bowling takes a look at the never-ending stream of benchmarks from Phoronix, with various Linux distros pitted against each other and even different operating systems, and he wonders, are they bullshit? . Case in point, this Debian vs FreeBSD benchmark that was submitted to OSNews yesterday.
Posted on 26 July 2010 | 1:36 am
Just after 3 weeks of the binary compatible vp8 decoder release, the FFMpeg team still impressing us but this time with a new benchmark of their own vp8 decoder. The new ffvp8 decoder written independently using pre-existent FFMpeg code-base is now the fastest vp8 decoder with margins going more than 30% faster than Google's official codec specially on 64bit machines.
Posted on 26 July 2010 | 1:30 am
Trailrunner7 writes "As more information continues to come out about the Stuxnet worm and the vulnerabilities that it exploits, it's becoming increasingly clear that this kind of attack may be a preview of the attacks that are likely to become commonplace in the months and years ahead. The most interesting aspect of all of this is the fact that the attackers behind Stuxnet clearly knew about the vulnerability in the Siemens WinCC system before the malware was written. That implies the malware authors had some advance intelligence about the configuration of the Siemens software and knew exactly where there was a weakness."
Read more of this story at Slashdot.
Posted on 25 July 2010 | 2:28 pm
|
