Government

Drone Maker Enforces No-Fly Zone Over DC, Hijacking Malware Demonstrated 28

Posted by samzenpus
from the fly-that-anywhere dept.
An anonymous reader writes A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem. Rahul Sasi, a security engineer at Citrix R&D, created MalDrone, the first backdoor malware for the AR drone ARM Linux system to target Parrot AR Drones, but says it can be modified to target others as well. The malware can be silently installed on a drone, and be used to control the drone remotely and to conduct remote surveillance. Meanwhile, the Chinese company that created the drone that crashed on the White House grounds has announced a software update for its "Phantom" series that will prohibit flight within 25 kilometers of the capital.
Businesses

One-in-five Developers Now Works On IoT Projects 156

Posted by samzenpus
from the that's-a-whole-lot-of-things dept.
dcblogs writes Evans Data Corp., which provides research and intelligence for the software development industry, said that of the estimated 19 million developers worldwide, 19% are now doing IoT-related work. A year ago, the first year IoT-specific data was collected, that figure was 17%. But when developers were asked whether they plan to work in IoT development over the next year, 44% of the respondents said they are planning to do so, said Michael Rasalan, director of research at Evans.
Books

Book Review: Designing and Building a Security Operations Center 21

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators. This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues. In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. Keep reading for the rest of Ben's review
Programming

Ask Slashdot: What Makes a Great Software Developer? 201

Posted by Soulskill
from the highlander-style-combat dept.
Nerval's Lobster writes: What does it take to become a great — or even just a good — software developer? According to developer Michael O. Church's posting on Quora (later posted on LifeHacker), it's a long list: great developers are unafraid to learn on the job, manage their careers aggressively, know the politics of software development (which he refers to as 'CS666'), avoid long days when feasible, and can tell fads from technologies that actually endure... and those are just a few of his points. Over at Salsita Software's corporate blog, meanwhile, CEO and founder Matthew Gertner boils it all down to a single point: experienced programmers and developers know when to slow down. What do you think separates the great developers from the not-so-fantastic ones?
GNU is Not Unix

Serious Network Function Vulnerability Found In Glibc 205

Posted by Soulskill
from the audits-finding-gold dept.
An anonymous reader writes: A very serious security problem has been found and patched in the GNU C Library (Glibc). A heap-based buffer overflow was found in __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to make an application call to either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the program. The vulnerability is easy to trigger as gethostbyname() can be called remotely for applications that do any kind of DNS resolving within the code. Qualys, who discovered the vulnerability (nicknamed "Ghost") during a code audit, wrote a mailing list entry with more details, including in-depth analysis and exploit vectors.
Opera

Opera Founder Is Back, WIth a Feature-Heavy, Chromium-Based Browser 156

Posted by timothy
from the sink-within-a-sink dept.
New submitter cdysthe writes Almost two years ago, the Norwegian browser firm Opera ripped out the guts of its product and adopted the more standard WebKit and Chromium technologies, essentially making it more like rivals Chrome and Safari. But it wasn't just Opera's innards that changed; the browser also became more streamlined and perhaps less geeky. Many Opera fans were deeply displeased at the loss of what they saw as key differentiating functionality. So now Jon von Tetzchner, the man who founded Opera and who would probably never have allowed those drastic feature changes, is back to serve this hard core with a new browser called Vivaldi. The project's front page links to downloads of a technical preview, available for Linux, Mac OS X, and Windows. Firefox users who likewise prefer a browser with more rather than fewer features (but otherwise want to stick with Firefox) might also consider SeaMonkey, which bundles not just a browser but email, newsgroup client and feed reader, HTML editor, IRC chat and web development tools.
Education

Brought To You By the Letter R: Microsoft Acquiring Revolution Analytics 105

Posted by timothy
from the interesting-choice-of-letter dept.
theodp writes Maybe Bill Gates' Summer Reading this year will include The Art of R Programming. Pushing further into Big Data, Microsoft on Friday announced it's buying Revolution Analytics, the top commercial provider of software and services for the open-source R programming language for statistical computing and predictive analytics. "By leveraging Revolution Analytics technology and services," blogged Microsoft's Joseph Sirosh, "we will empower enterprises, R developers and data scientists to more easily and cost effectively build applications and analytics solutions at scale." Revolution Analytics' David Smith added, "Now, Microsoft might seem like a strange bedfellow for an open-source company [RedHat:Linux as Revolution Analytics:R], but the company continues to make great strides in the open-source arena recently." Now that it has Microsoft's blessing, is it finally time for AP Statistics to switch its computational vehicle to R?
Internet Explorer

In Addition To Project Spartan, Windows 10 Will Include Internet Explorer 99

Posted by timothy
from the ultra-backwards-compatible dept.
An anonymous reader writes After unveiling its new Project Spartan browser for Windows 10, Microsoft is now offering more details. The company confirmed that Windows 10 will also include Internet Explorer for enterprise sites, though it didn't say how exactly this will work. Spartan comes with a new rendering engine, which doesn't rely on the versioned document modes the company has historically used. It also provides compatibility with the millions of existing enterprise websites specifically designed for Internet Explorer by loading the IE11 engine when needed. In this way, the browser uses the new rendering engine for modern websites and the old one for legacy purposes.
Encryption

OpenSSL 1.0.2 Released 96

Posted by timothy
from the early-days dept.
kthreadd writes The OpenSSL project has released its second feature release of the OpenSSL 1.0 series, version 1.0.2 which is ABI compatible with the 1.0.0 and 1.0.1 series. Major new features in this release include Suite B support for TLS 1.2 and DTLS 1.2 and support for DTLS 1.2. selection. Other major changes include TLS automatic EC curve selection, an API to set TLS supported signature algorithms and curves, the SSL_CONF configuration API, support for TLS Brainpool, support for ALPN and support for CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
Communications

WhatsApp vs. WhatsApp Plus Fight Gets Ugly For Users 190

Posted by timothy
from the for-your-convenience-we-have-disabled-convenience dept.
BarbaraHudson writes WhatsApp is locking out users for 24 hours who use WhatsApp Plus to access the service. The company claims they brought in the temporary ban to make users aware that they are not using the correct version and their privacy could be comprised using the unofficial WhatsApp Plus. "Starting today, we are taking aggressive action against unauthorized apps and alerting the people who use them." Is this a more aggressive rerun of "This site best viewed with Internet Explorer"?
Security

Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid? 467

Posted by Soulskill
from the what-would-you-put-on-your-grandma's-computer dept.
CryoKeen writes: I got a new laptop recently after trading in my old laptop for store credit. While I was waiting to check out, the sales guy just handed me some random antivirus software (Trend Micro) that was included with the purchase. I don't think he or I realized at the time that the CD/DVD he gave me would not work because my new laptop does not have a CD/DVD player.

Anyway, it got me wondering whether I should use it or not. Would I be better off downloading something like Avast or Malwarebytes? Is there one piece of antivirus software that's significantly better than the others? Are any of the paid options worthwhile, or should I just stick to the free versions? What security software would you recommend in addition to anti-virus?
Transportation

Local Motors Looks To Disrupt the Auto Industry With 3D-Printed Car Bodies 128

Posted by Soulskill
from the you-wouldn't-download-a-car? dept.
An anonymous reader writes: Local Motors solicits design ideas through crowdsourcing, allows anyone to use open source software to contribute ideas, and then 3D prints car bodies according to the chosen specs in a matter of days. To prove they mean business, Local Motors 3D-printed a car on the floor of the Detroit Auto Show last week. "It took 44 hours to print the Strati’s 212 layers. Once 3D printing is complete, the Strati moves to a Thermwood CNC router—a computer-controlled cutting machine that mills the finer details—before undergoing the final assembly process, which adds the drivetrain, electrical components, wiring, tires, gauges, and a showroom-ready paint job."

Here's another big difference from the current auto industry: "Customers can also bring their vehicles in at any time for hardware and software upgrades, or they can choose to melt their vehicle down and, for instance, add a seat. Because Local Motors uses a distributed manufacturing system to make only what is purchased, it doesn't stock inventory. Anyone can come into a Local Motors microfactory, use its design lab, and work on a vehicle project free of charge."
Crime

Fujitsu Psychology Tool Profiles Users At Risk of Cyberattacks 30

Posted by timothy
from the did-you-click-on-the-taboola-link? dept.
itwbennett writes Fujitsu Laboratories is developing an enterprise tool that can identify and advise people who are more vulnerable to cyberattacks, based on certain traits. For example, the researchers found that users who are more comfortable taking risks are also more susceptible to virus infections, while those who are confident of their computer knowledge were at greater risk for data leaks. Rather than being like an antivirus program, the software is more like "an action log analysis than looks into the potential risks of a user," said a spokesman for the lab. "It judges risk based on human behavior and then assigns a security countermeasure for a given user."
Security

Adobe Patches One Flash Zero Day, Another Still Unfixed 47

Posted by timothy
from the cross-platform dept.
Trailrunner7 writes Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit. The vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks. The patch for Flash comes just a day after Kafeine disclosed that some instances of the Angler exploit kit contained an exploit for a previously unknown vulnerability in the software. Adobe officials said Wednesday that they were investigating the reports. Kafeine initially saw Angler attacking the latest version of Flash in IE on Windows XP, Vista, 7 and 8, but said the exploit wasn't being used against Chrome or Firefox. On Thursday he said on Twitter that the group behind Angler had changed the code to exploit Firefox as well as fully patched IE 11 on Windows 8.1.
Blackberry

Blackberry CEO: Net Neutrality Means Mandating Cross-Platform Apps 307

Posted by timothy
from the fantasy-world-of-atlas-shrugged dept.
DW100 writes In a bizarre public blog post the CEO of BlackBerry, John Chen, has claimed that net neutrality laws should include forcing app developers to make their services available on all operating systems. Chen even goes as far as citing Apple's iMessage tool as a service that should be made available for BlackBerry, because at present the lack of an iMessage BlackBerry app is holding the firm back. Some excerpts from Chen's plea: Netflix, which has forcefully advocated carrier neutrality, has discriminated against BlackBerry customers by refusing to make its streaming movie service available to them. Many other applications providers similarly offer service only to iPhone and Android users. ... Neutrality must be mandated at the application and content layer if we truly want a free, open and non-discriminatory internet. All wireless broadband customers must have the ability to access any lawful applications and content they choose, and applications/content providers must be prohibited from discriminating based on the customer’s mobile operating system. Since "content providers" are writing code they think makes sense for one reason or another (expected returns financial or psychic), a mandate to write more code seems like a good way to re-learn why contract law frowns on specific performance.
Windows

Microsoft Reveals Windows 10 Will Be a Free Upgrade 570

Posted by samzenpus
from the try-it-free dept.
mpicpp was one of many to point out this bit of news about Windows 10."Microsoft just took another big step toward the release of Windows 10 and revealed it will be free for many current Windows users. The company unveiled the Windows 10 consumer preview on Wednesday, showcasing some of the new features in the latest version of the operating system that powers the vast majority of the world's desktop PCs. The developer preview has been available since Microsoft first announced Windows 10 in the fall, but it was buggy, limited in scope and very light on new features. Importantly, Windows 10 will be free for existing Windows users running versions of Windows back to Windows 7. That includes Windows 7, 8, 8.1 and Windows Phone. Microsoft specified it would only be free for the first year, indicating Windows would be software that users subscribe to, rather than buy outright. Microsoft Corporate Vice President of the Operating Systems Group Joe Belfiore showed off some of the new features in Windows 10. While Microsoft had already announced it would bring back the much-missed Start Menu, Belfiore revealed it would also have a full-screen mode that includes more of the Windows 8 Start screen. He said Windows machines would go back and forth between to two menus in a way that wouldn't confuse people. Belfiore also showed a new notification center for Windows, which puts a user's notifications in an Action Center menu that can appear along the right side, similar to how notifications work in Apple OS X. Microsoft Executive Vice President of Operating Systems Terry Myerson revealed that 1.7 million people had downloaded the Windows 10 developer preview, giving Microsoft over 800,000 individual piece of feedback. Myerson explained that Windows 10 has several main intents: the give users a mobility of experience from device to device, instill a sense of trust in users, and provide the most natural ways to interact with devices." More details are available directly from Microsoft.
Internet Explorer

Time For Microsoft To Open Source Internet Explorer? 165

Posted by Soulskill
from the if-you-can't-beat-'em dept.
An anonymous reader writes: Ars Technica's Peter Bright argues that it's time for Microsoft to make Internet Explorer open source. He points out that IE's major competitors are all either fully open source (Firefox), or partially open source (Chrome, Safari, and Opera), and this puts Microsoft at a huge disadvantage. Bright says, "It's time for Microsoft to fit in with the rest of the browser industry and open up Trident. One might argue that this argument could be made of any software, and that Microsoft should by this logic open source everything. But I think that the browser is special. The community that exists around Web standards does not exist in the same way around, say, desktop software development, or file system drivers, or user interfaces. Development in the open is integral to the Web in an almost unique way. ... Although Microsoft has endeavored to be more open about how it's developing its browser, and which features it is prioritizing, that development nonetheless takes place in private. Developing in the open, with a public bug tracker, source code repositories, and public discussion of the browser's future direction is the next logical step."
Windows

Windows Server 2003 Reaches End of Life In July 156

Posted by Soulskill
from the countdown-to-crying dept.
Several readers sent word that we're now less than six months away from the end of support for Windows Server 2003. Though the operating system's usage peaked in 2009, it still runs on millions of machines, and many IT departments are just now starting to look at replacements. Although Microsoft publishes support deadlines long in advance -- and has been beating the drum to dump Server 2003 for months -- it's not unusual for customers to hang on too long. Last year, as Windows XP neared its final days of support, there were still huge numbers of systems running the aged OS. Companies lined up to pay Microsoft for extended support contracts and PC sales stabilized in part because enterprises bought new replacement machines. Problems replacing Windows Server 2003 may appear similar at first glance, but they're not: Servers are critical to a business because of the applications that run on them, which may have to be rewritten or replaced.

[In many cases, legacy applications are the sole reason for the continued use of Server 2003.] Those applications may themselves be unsupported at this point, the company that built them may be out of business or the in-house development team may have been disbanded. Any of those scenarios would make it difficult or even impossible to update the applications' code to run on a newer version of Windows Server. Complicating any move is the fact that many of those applications are 32-bit -- and have been kept on Windows Server 2003 for that reason -- and while Windows Server 2012 R2 offers a compatibility mode to run such applications, it's not foolproof.
Media

The Current State of Linux Video Editing 223

Posted by Soulskill
from the stop-motion-tux dept.
An anonymous reader writes: The VFX industry has for most of the last 30 years been reliant on Macs and Windows machines for video editing, primarily because all of the Linux-based FOSS tools have been less than great. This is a shame, because all of the best 3D and 2D tools, other than video, are entrenched in the Linux environment and perform best there. The lack of decent video editing tools on Linux prevents every VFX studio from becoming a Linux-only shop. That being said, there are some strides being made to bridge this gap. What setup do you use? What's still missing?
Input Devices

Your Entire PC In a Mouse 165

Posted by Soulskill
from the don't-click-to-hard dept.
slash-sa writes: A Polish software and hardware developer has created a prototype computer which is entirely housed within a mouse. Dubbed the Mouse-Box, it works like a conventional mouse, but contains a processor, flash storage, an HDMI connection, and Wi-Fi connectivity. It is connected to a monitor via the HDMI interface and connects to an Internet connection through standard Wi-Fi.