Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

VeraCrypt Security Audit Reveals Many Flaws, Some Already Patched ( 8

Orome1 quotes Help Net Security: VeraCrypt, the free, open source disk encryption software based on TrueCrypt, has been audited by experts from cybersecurity company Quarkslab. The researchers found 8 critical, 3 medium, and 15 low-severity vulnerabilities, and some of them have already been addressed in version 1.19 of the software, which was released on the same day as the audit report [which has mitigations for the still-unpatched vulnerabilities].
Anyone want to share their experiences with VeraCrypt? Two Quarkslab engineers spent more than a month on the audit, which was funded (and requested) by the non-profit Open Source Technology Improvement Fund "to evaluate the security of the features brought by VeraCrypt since the publication of the audit results on TrueCrypt 7.1a conducted by the Open Crypto Audit Project." Their report concludes that VeraCrypt's security "is improving which is a good thing for people who want to use a disk encryption software," adding that its main developer "was very positive along the audit, answering all questions, raising issues, discussing findings constructively..."
United States

American 'Vigilante Hacker' Defaces Russian Ministry's Website ( 65

An anonymous Slashdot reader quotes CNN Money: An American vigilante hacker -- who calls himself "The Jester" -- has defaced the website of the Russian Ministry of Foreign Affairs in retaliation for attacks on American targets... "Comrades! We interrupt regular scheduled Russian Foreign Affairs Website programming to bring you the following important message," he wrote. "Knock it off. You may be able to push around nations around you, but this is America. Nobody is impressed."
In early 2015, CNN Money profiled The Jester as "the vigilante who hacks jihadists," noting he's a former U.S. soldier who now "single-handedly taken down dozens of websites that, he deems, support jihadist propaganda and recruitment efforts. He stopped counting at 179." That article argues that "the fact that he hasn't yet been hunted down and arrested says a lot about federal prosecutors and the FBI. Several cybersecurity experts see it as tacit approval."

"In an exclusive interview with CNNMoney this weekend, Jester said he chose to attack Russia out of frustration for the massive DNS cyberattack that knocked out a portion of the internet in the United States on Friday... 'I'm not gonna sit around watching these f----rs laughing at us.'"

Dyn Executive Responds To Friday's DDOS Attack ( 41

"It is said that eternal vigilance is the price of liberty...We must continue to work together to make the internet a more resilient place to work, play and communicate," wrote Dyn's Chief Strategy Officer in a Saturday blog post. An anonymous reader reports: Dyn CSO Kyle York says they're still investigating Friday's attack, "conducting a thorough root cause and forensic analysis" while "carefully monitoring" for any additional attacks. In a section titled "What We Know," he describes "a sophisticated attack across multiple attack vectors and internet source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack." But he warns that "we are unlikely to share all details of the attack and our mitigation efforts to preserve future defenses."

He posted a timeline of the attacks (7:00 EST and 12:00 EST), adding "While there was a third attack attempted, we were able to successfully mitigate it without customer impact... We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these." He predicts Friday's attack will be seen as "historic," and acknowledges his staff's efforts to fight the attack as well as the support received from "the technology community, from the operations teams of the world's top internet companies, to law enforcement and the standards community, to our competition and vendors... On behalf of Dyn, I'd like to extend our sincere thanks and appreciation to the entire internet infrastructure community for their ongoing show of support."

Online businesses may have lost up to $110 million in sales and revenue, according to the CEO of Dynatrace, who tells CNN more than half of the 150 websites they monitor were affected.

Feds Walk Into a Building, Demand Everyone's Fingerprints To Open Phones ( 234

An anonymous Slashdot reader quotes the Daily Herald: Investigators in Lancaster, California, were granted a search warrant last May with a scope that allowed them to force anyone inside the premises at the time of search to open up their phones via fingerprint recognition, Forbes reported Sunday. The government argued that this did not violate the citizens' Fifth Amendment protection against self incrimination because no actual passcode was handed over to authorities...

"I was frankly a bit shocked," said Andrew Crocker, a staff attorney at the Electronic Frontier Foundation, when he learned about the scope of search warrant. "As far as I know, this warrant application was unprecedented"... He also described requiring phones to be unlocked via fingerprint, which does not technically count as handing over a self-incriminating password, as a "clever end-run" around constitutional rights.


Quantum Researchers Achieve 10-Fold Boost In Superposition Stability ( 56

An anonymous reader quotes The Stack: A team of Australian researchers has developed a qubit offering ten times the stability of existing technologies. The computer scientists claim that the new innovation could significantly increase the reliability of quantum computing calculations... The new technology, developed at the University of New South Wales, has been named a 'dressed' quantum bit as it combines a single atom with an electromagnetic field. This process allows the qubit to remain in a superposition state for ten times longer than has previously been achieved. The researchers argue that this extra time in superposition could boost the performance stability of quantum computing calculations... Previously fragile and short-lived, retaining a state of superposition has been one of the major barriers to the development of quantum computing. The ability to remain in two states simultaneously is the key to scaling and strengthening the technology further.
Do you ever wonder what the world will look like when everyone has their own personal quantum computer?

Should Journalists Ignore Some Leaked Emails? ( 260

Tuesday Lawrence Lessig issued a comment about a leaked email which showed complaints about his smugness from a Clinton campaign staffer: "I'm a big believer in leaks for the public interest... But I can't for the life of me see the public good in a leak like this..." Now mirandakatz shares an article by tech journalist Steven Levy arguing that instead, "The press is mining the dirty work of Russian hackers for gossipy inside-beltway accounts." This is perfectly legal. As long as journalists don't do the stealing themselves, they are solidly allowed to publish what thieves expose, especially if, as in this case, the contents are available to all... [But] is the exploitation of stolen personal emails a moral act? By diving into this corpus to expose anything unseemly or embarrassing, reporters may be, however unwillingly, participating in a scheme by a foreign power to mess with our election...

As a 'good' journalist, I know that I'm supposed to cheer on the availability of information... But it's difficult to argue that these discoveries were unearthed by reporters for the sake of public good...

He's sympathetic to the idea that minutiae from campaigns lets journalists "examine the failings of 'business as usual'," but "it would be so much nicer if some disgruntled colleague of Podesta's was providing information to reporters, rather than Vladimir Putin using them as stooges to undermine our democracy." He ultimately asks, "is it moral to amplify anything that's already exposed on the internet, even if the exposers are lawbreakers with an agenda?"
Classic Games (Games)

New Text Adventures Compete In 22nd 'Interactive Fiction Competition' ( 16

An anonymous Slashdot reader writes: 58 brand-new text adventures are now available free online for the 22nd Annual Interactive Fiction Competition. The public is encouraged to play the games, and on November 16th the contest's organizers will announce which ones received the highest average ratings. After 22 years, the contest is now under "the auspices of the Interactive Fiction Technology Foundation, a new, charitable non-profit corporation dedicated to supporting the technologies and services that enable IF creation and play..." according to the contest's organizers. "[T]he competition now runs on servers paid for by the IF-loving public, and for this I feel sincere gratitude."

New Smart Guns Will Have Fingerprint Readers ( 295

A recent article in the Wall Street Journal described the International San Francisco Smart Gun Symposium, and the "Mark Zuckerberg of guns," a Colorado 18-year-old who's developing a gun which only fires when its owner's fingerprint makes contact with the pistol grip. But it looks like he'll have competition. Lucas123 writes: Armatix LLC's new iP9 smart gun will go on sale in the U.S. in mid-2017 and...will have a fingerprint reader that can store multiple scans like a smartphone. The iP9 is expected to retail for about $1,365, which is more than twice the price of many conventional 9mm semi-automatic pistols...
The company's previous product was a smart gun which only fired when it was within 10 inches of radio waves emanating from its owner's watch, but they had trouble attracting buyers. Armatix now also hopes to interest shooting ranges in a gun which only fires when its built-in RFID system recognizes that it's pointing at a shooting target.
The Media

Journalist Cleared of Riot Charges in South Dakota ( 54

Her video went viral, viewed more than 14 million times, and triggering concerns online when she was threatened with prison. But a North Dakota judge "refused to authorize riot charges against award-winning journalist Amy Goodman for her reporting on an attack against Native American-led anti-pipeline protesters." An anonymous Slashdot reader quotes NBC News: Goodman described the victory as a "great vindication of the First Amendment," although McLean County State's Attorney Ladd Erickson told The New York Times that additional charges were possible. "I believe they want to keep the investigation open and see if there is any evidence in the unedited and unpublished videos that we could better detail in an affidavit for the judge," Erickson told the newspaper.
The native Americans "were attempting to block the destruction of sacred sites, including ancestral burial grounds," according to a new article co-authored by Goodman about her experiences, which argues that "Attempts to criminalize nonviolent land and water defenders, humiliate them and arrest journalists should not pave the way for this pipeline."

Canonical Names Ubuntu Linux 17.04 'Zesty Zapus' ( 53

"Linux distributions and silly names go together like peanut butter and jelly," notes BetaNews. BrianFagioli writes: One of the most well-known Linux distributions to use funny names is Ubuntu. It famously uses the convention of an adjective and a lesser-known animal, each starting with the same letter... For example, Ubuntu 16.10 uses the letter "Y" -- "Yakkety Yak". The next version of the operating system will use the letter "Z" [and] Canonical has chosen "Zesty Zapus"... It is apparently a type of jumping mouse...

"As we come to the end of the alphabet, I want to thank everyone who makes this fun. Your passion and focus and intellect, and occasionally your sharp differences, all make it a privilege to be part of this body incorporate. Right now, Ubuntu is moving even faster to the centre of the cloud and edge operations. From AWS to the zaniest new devices, Ubuntu helps people get things done faster, cleaner, and more efficiently, thanks to you...", says Mark Shuttleworth, CEO, Canonical... "we are a tiny band in a market of giants, but our focus on delivering free software freely together with enterprise support, services and solutions appears to be opening doors, and minds, everywhere. So, in honour of the valiantly tiny leaping long-tailed over the obstacles of life, our next release which will be Ubuntu 17.04, is hereby code named the Zesty Zapus".

My favorite was Xenial Xerus.

John McAfee Thinks North Korea Hacked Dyn, and Iran Hacked the DNC ( 134

"The Dark Web is rife with speculation that North Korea is responsible for the Dyn hack" says John McAfee, according to a new article on CSO: McAfee said they certainly have the capability and if it's true...then forensic analysis will point to either Russia, China, or some group within the U.S. [And] who hacked the Democratic National Committee? McAfee -- in an email exchange and follow up phone call -- said sources within the Dark Web suggest it was Iran, and he absolutely agrees. While Russian hackers get more media attention nowadays, Iranian hackers have had their share... "The Iranians view Trump as a destabilizing force within America," said McAfee. "They would like nothing more than to have Trump as President....

"If all evidence points to the Russians, then, with 100% certainty, it is not the Russians. Anyone who is capable of carrying out a hack of such sophistication is also capable, with far less effort than that involved in the hack, of hiding their tracks or making it appear that the hack came from some other quarter..."

Bruce Schneier writes that "we don't know anything much of anything" about yesterday's massive DDOS attacks. "If I had to guess, though, I don't think it's China. I think it's more likely related to the DDoS attacks against Brian Krebs than the probing attacks against the Internet infrastructure..." Earlier this month Krebs had warned that source code had been released for the massive DDOS attacks he endured in September, "virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices."
Classic Games (Games)

Super Mario 'Speed Runners' Are Setting New World Records ( 56

Virginia software engineer Brad Myers has played Super Mario 22,000 times, and just set a new speed record earlier this month -- 4 minutes and 56.878 seconds. An anonymous Slashdot reader summarizes a new article at FiveThirtyEight: "In this 31-year-old video game, there is a full-on, high-speed assault on Bowser's castle under way right now..." writes Oliver Roeder, describing a collaborative community of both theorists and experimentalists "who test the theories in game after callus-creating game... 'Everything in my run, so many people contributed so much knowledge at various points in the game's history,' Myers told me. 'Now someone can come along and use that as their starting point.'"

Online broadcasts form a kind of peer-review system, with an ever-expanding canon of tricks -- for example, intentionally bumping into objects for a slight increase in speed. But the success rate for the maneuver is estimated at 3%, meaning speed runners spend most of their time stating over. "On average, about 1 out of 1,000 times does a record-setting campaign continue beyond its halfway point..."


Rust Implements An IDE Protocol From Red Hat's Collaboration With Microsoft and Codenvy ( 42

An anonymous reader quotes InfoWorld: Developers of Mozilla's Rust language, devised for fast and safe system-level programming, have unveiled the first release of the Rust Language Service, a project that provides IDEs and editors with live, contextual information about Rust code. RLS is one of the first implementations of the Language Server Protocol, co-developed by Microsoft, Codenvy, and Red Hat to standardize communications between IDEs and language runtimes.

It's another sign of Rust's effort to be an A-list language across the board -- not only by providing better solutions to common programming problems, but also cultivating first-class, cutting-edge tooling support from beyond its ecosystem...

The Rust Language Service is "pre-alpha", and the whole Language Service Protocol is only currently supported by two IDEs -- Eclipse and Microsoft's Visual Studio Code. Earlier InfoWorld described it as "a JSON-based data exchange protocol for providing language services consistently across different code editors and IDEs," and one of the Rust developers has already developed a sample RLS client for Visual Studio Code.

Will Tesla Install Home Solar Panels To Charge Cars? ( 79

Earlier this week, Tesla signed a non-binding agreement to buy solar cells from a new Panasonic factory in Buffalo, New York -- but it's part of a much bigger maneuver. An anonymous Slashdot reader writes: "If all goes to plan, Tesla will be supplying customers with the solar panels that generate electricity that could then be used to charge the battery in their Tesla car or the battery in the Tesla Powerwall home energy storage system," reports the Christian Science Monitor. The Wall Street Journal reports that Musk's SolarCity "will sell, finance and install the panels."

But the Buffalo News suggests the deal is really "aimed squarely at skeptical shareholders" who may be leary of a proposed merger between Tesla and SolarCity," which one analyst calculates will require nearly $6 billion in extra capital. Panasonic could help shoulder the costs of the Buffalo factory, while also putting a more experienced manufacturer in charge of producing high-efficiency solar modules.

The Stack reports some shareholders have actually filed a lawsuit against the merger.

'Anonymous' Hacker Indicted As His Hunger Strike Continues ( 63

Eight months after being rescued at sea near Cuba and then arrested, Anonymous hacker Martin Gottesfeld now faces prosecution as well as death by hunger. Newsweek reports: A member of Anonymous has been indicted on hacking charges while on the third week of a prison hunger strike protesting perceived institutionalized torture and political prosecutions. Martin Gottesfeld, 32, was charged this week in relation to the hacking of Boston Children's Hospital in 2014 following the alleged mistreatment of one of its patients. Gottesfeld has previously admitted to targeting the hospital, though says he did it in defense of "an innocent, learning-disabled, 15-year-old girl"...

Since beginning his hunger strike on October 3, Gottesfeld tells Newsweek from prison he has lost 16.5 pounds. He says he will continue his hunger strike until two demands are met: a promise from the presidential candidates that children are not mistreated in the way he claims Pelletier was; and an end to the "political" style of prosecution waged by Carmen Ortiz, the U.S. attorney for Massachusetts.

The indictment claims that the hospital spent more than $300,000 to "mitigate" the damage from the 2014 attack.

Slashdot Top Deals