Businesses

Researchers: The Thermostat In Your Office May Be Sexist 10 10

sciencehabit writes: If you're constantly bundling up against your office building's air conditioning, blame Povl Ole Fanger. In the 1960s, this Danish scientist developed a model, still used in many office buildings around the world, which predicts comfortable indoor temperatures for the average worker. The problem? The average office worker in the 1960s was a 40-year-old man sporting a three-piece suit. But fear not, those for whom the 'work sweater' has become a mandatory addition to office attire: Researchers say they have built a better model.
Programming

Lessons From Your Toughest Software Bugs 150 150

Nerval's Lobster writes: Most programmers experience some tough bugs in their careers, but only occasionally do they encounter something truly memorable. In developer David Bolton's new posting, he discusses the bugs that he still remembers years later. One messed up the figures for a day's worth of oil trading by $800 million. ('The code was correct, but the exception happened because a new financial instrument being traded had a zero value for "number of days," and nobody had told us,' he writes.) Another program kept shutting down because a professor working on the project decided to sneak in and do a little DIY coding. While care and testing can sometimes allow you to snuff out serious bugs before they occur, some truly spectacular ones occasionally end up in the release... despite your best efforts.
Businesses

Counterterrorism Expert: It's Time To Give Companies Offensive Cybercapabilities 146 146

itwbennett writes: Juan Zarate, the former deputy national security advisor for counterterrorism during President George W. Bush's administration says the U.S. government should should consider allowing businesses to develop 'tailored hack-back capabilities,' deputizing them to strike back against cyberattackers. The government could issue cyberwarrants, giving a private company license 'to protect its system, to go and destroy data that's been stolen or maybe even something more aggressive,' Zarate said Monday at a forum on economic and cyberespionage hosted by think tank the Hudson Institute.
Microsoft

Microsoft Creates a Quantum Computer-Proof Version of TLS Encryption Protocol 98 98

holy_calamity writes: When (or if) quantum computers become practical they will make existing forms of encryption useless. But now researchers at Microsoft say they have made a quantum-proof version of the TLS encryption protocol we could use to keep online data secure in the quantum computing era. It is based on a mathematical problem very difficult for both conventional and quantum computers to crack. That tougher math means data moved about 20 percent slower in comparisons with conventional TLS, but Microsoft says the design could be practical if properly tuned up for use in the real world.
Security

Privacy Alert: Your Laptop Or Phone Battery Could Track You Online 69 69

Mark Wilson writes: Is the battery in your smartphone being used to track your online activities? It might seem unlikely, but it's not quite as farfetched as you might first think. This is not a case of malware or hacking, but a built-in component of the HTML5 specification. Originally designed to help reduce power consumption, the Battery Status API makes it possible for websites and apps to monitor the battery level of laptops, tablets, and phones. A paper published by a team of security researchers suggests that this represents a huge privacy risk. Using little more than the amount of power remaining in your battery, it is possible for people to be identified and tracked online. As reported by The Guardian, a paper entitled The Leaking Battery by Belgian and French privacy and security experts say that the API can be used in device fingerprinting.
Security

Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters 95 95

BIOS4breakfast writes: Wired reports that later this week at BlackHat and Defcon, Trammell Hudson will show the Thunderstrike 2 update to his Thunderstrike attack on Mac firmware (previously covered on Slashdot). Trammell teamed up with Xeno Kovah and Corey Kallenberg from LegbaCore, who have previously shown numerous exploits for PC firmware. They found multiple vulnerabilities that were already publicly disclosed were still present in Mac firmware. This allows a remote attacker to break into the Mac over the network, and infect its firmware. The infected firmware can then infect Apple Thunderbolt to Ethernet adapters' PCI Option ROM. And then those adapters can infect the firmware of any Mac they are plugged into — hence creating the self-propagating Thunderstrike 2 "firmworm." Unlike worms like Stuxnet, it never exists on the filesystem, it only ever lives in firmware (which no one ever checks.) A video showing the proof of concept attack is posted on YouTube.
Privacy

One In Four Indiana Residents' E-Record Data Exposed in Hack 60 60

Reader chicksdaddy reports that a data breach involving four million patients and more than 230 different data holders (from private practices to large hospitals) hit Indiana especially hard. It's the home state of Medical Informatics Engineering, maker of electronic records system NoMoreClipBoard. While data exposed in the breach affected 3.9 million people, 1.5 millon of them are in Indiana. According to the Security Ledger, though: [The] breach affects healthcare organizations from across the country, with healthcare providers ranging from prominent hospitals to individual physicians' offices and clinics are among 195 customers of the NoMoreClipboard product that had patient information exposed in the breach. And, more than a month after the breach was discovered, some healthcare organizations whose patients were affected are still waiting for data from EMI on how many and which patients had information exposed.

'We have received no information from MIE regarding that,' said a spokeswoman for Fort Wayne Radiology Association (http://www.fwradiology.com/), one of hundreds of healthcare organizations whose information was compromised in the attack on MIE..
Privacy

Ask Slashdot: Can You Disable Windows 10's Privacy-Invading Features? 472 472

An anonymous reader writes: I really want to upgrade to Windows 10, but have begun seeing stories come out about the new Terms and how they affect your privacy. It looks like the default Windows 10 system puts copies of your data out on the "cloud", gives your passwords out, and targets advertising to you. The main reason I am looking to upgrade is that Bitlocker is not available on Windows 7 Pro, but is on Windows 10 Pro, and Microsoft no longer offers Anytime Upgrades to Windows 7 Ultimate. However, I don't want to give away my privacy for security. The other option is to wait until October to see what the Windows 10 Enterprise version offers, but it may not be available through retail. Are the privacy minded Slashdot readers not going with Windows 10?

For reference, I am referring to these articles.
(Not to mention claims that it steals your bandwidth.)
Windows

Windows 10 Upgrade Strategies, Pitfalls and Fixes As MSFT Servers Are Hit Hard 183 183

MojoKid writes: The upgrade cycle begins, with Microsoft's latest operating system--the highly anticipated Windows 10--rolling out over Windows Update for free, for users of Windows 7, 8 and 8.1. For those that are ready to take the plunge over the weekend, there are some things to note. So far, Microsoft has been rolling out the upgrade in waves and stages. If you are not one of the 'lucky' ones to be in the first wave, you can take matters into your own hands and begin the upgrade process manually. While the process is mostly simple, it won't be for everyone. This guide steps through a few of the strategies and pitfalls. There are two main methods to upgrade, either through Windows Update or through the Media Creation Tool. In either case, you will need to have opted-in for the Windows 10 Free Upgrade program to reserve your license. Currently, the Windows Update method is hit or miss due to the requirement for additional updates needing to be installed first and Microsoft's servers being hit hard, leading to some rather humorous error messages like the oh-so helpful description, "Something Happened." Currently, it would be best to avoid the Windows Update upgrade, at least for the time being. Numerous issues with licensing have been reported, requiring manual activation either through the dreaded phone call, or by running slmgr.vbs /ato at the command prompt to force license registration.
Intel

10 Years of Intel Processors Compared 98 98

jjslash writes to Techspot's interesting look back at the evolution of Intel CPUs since the original Core 2 Duo E6600 and Core 2 Quad processors were introduced. The test pits the eight-year-old CPUs against their successors in the Nehalem, Sandy Bridge and Haswell families, including today's Celeron and Pentium parts which fare comparably well. A great reference just days before Intel's new Skylake processor debuts.
Communications

Questioning the Dispute Over Key Escrow 82 82

Nicola Hahn writes: The topic of key escrow encryption has once again taken center stage as former Secretary of Homeland Security Michael Chertoff has spoken out against key escrow both at this year's Aspen Security Forum and in an op-ed published recently by the Washington Post. However, the debate over cryptographic back doors has a glaring blind spot. As the trove of leaks from Hacking Team highlights, most back doors are implemented using zero-day exploits. Keep in mind that the Snowden documents reveal cooperation across the tech industry, on behalf of the NSA, to make products that were "exploitable." Hence, there are people who suggest the whole discussion over key escrow includes an element of theater. Is it, among other things, a public relations gambit, in the wake of the PRISM scandal, intended to cast Silicon Valley companies as defenders of privacy?
Networking

Critical BIND Denial-of-Service Flaw Could Take Down DNS Servers 62 62

alphadogg writes: Attackers could exploit a new vulnerability in BIND, the most popular Domain Name System (DNS) server software, to disrupt the Internet for many users. The vulnerability affects all versions of BIND 9, from BIND 9.1.0 to BIND 9.10.2-P2, and can be exploited to crash DNS servers that are powered by the software. The vulnerability announced and patched by the Internet Systems Consortium is critical because it can be used to crash both authoritative and recursive DNS servers with a single packet.
IT

System Administrator Appreciation Day 2015 44 44

ninjagin writes: They might be underneath a desk, hauling cables above your ceiling, swapping out a drive in your data center, putting the blue smoke back inside that old pizza box on the rack, up at 2 :00AM dealing with an alarm, or upgrading or patching your systems over the weekend. But wherever they are today, take a moment to thank your friendly neighborhood system administrator. We always look to them to fix things up when things go bad, but they are rarely recognized for the majority of their effort — the quiet work they do in the background to keep the bits flying and things running smoothly.
United States

Germany Won't Prosecute NSA, But Bloggers 107 107

tmk writes: Despite plenty of evidence that the U.S. spied on German top government officials, German Federal Prosecutor General Harald Range has declined to investigate any wrongdoings of the secret services of allied nations like the NSA or the British GCHQ. But after plans of the German secret service "Bundesamt für Verfassungsschutz" to gain some cyper spy capabilities like the NSA were revealed by the blog netzpolitik.org, Hange started an official investigation against the bloggers and their sources. They are now being probed for possible treason charges.
Windows

A Naysayer's Take On Windows 10: Potential Privacy Mess, and Worse 484 484

Lauren Weinstein writes: I had originally been considering accepting Microsoft's offer of a free upgrade from Windows 7 to Windows 10. After all, reports have suggested that it's a much more usable system than Windows 8/8.1 — but of course in keeping with the 'every other MS release of Windows is a dog' history, that's a pretty low bar. However, it appears that MS has significantly botched their deployment of Windows 10. I suppose we shouldn't be surprised, even though hope springs eternal. Since there are so many issues involved, and MS is very aggressively pushing this upgrade, I'm going to run through key points here quickly, and reference other sites' pages that can give you more information right now. But here's my executive summary: You may want to think twice, or three times, or many more times, about whether or not you wish to accept the Windows 10 free upgrade on your existing Windows 7 or 8/8.1 system. Now that we're into the first week of widespread availability for the new version, if you're a Windows user and upgrader, has your experience been good, horrible, or someplace between?
Bug

Samsung Finds, Fixes Bug In Linux Trim Code 181 181

New submitter Mokki writes: After many complaints that Samsung SSDs corrupted data when used with Linux, Samsung found out that the bug was in the Linux kernel and submitted a patch to fix it. It turns out that kernels without the final fix can corrupt data if the system is using linux md raid with raid0 or raid10 and issues trim/discard commands (either fstrim or by the filesystem itself). The vendor of the drive did not matter and the previous blacklisting of Samsung drives for broken queued trim support can be most likely lifted after further tests. According to this post the bug has been around for a long time.
Databases

Oracle To Debut Low-Cost SPARC Chip Next Month 91 91

jfruh writes: Of the many things Oracle acquired when it absorbed Sun, the SPARC processors have not exactly been making headlines. But that may change next month when the company debuts a new, lower-cost chip that will compete with Intel's Xeon. "Debut," in this case, means only an introduction, though -- not a marketplace debut. From the article: [T]he Sparc M7 will have technologies for encryption acceleration and memory protection built into the chip. It will also include coprocessors to accelerate database performance. "The idea of Sonoma is to take exactly those same technologies and bring them down to very low cost points, so that people can use them in cloud computing and for smaller applications, and even for smaller companies who need a lower entry point," [Oracle head of systems John] Fowler said. ... [Fowler] didn’t talk about prices or say how much cheaper the new Sparc systems will be, and it could potentially be years before Sonoma comes to market—Oracle isn’t yet saying. Its engineers are due to discuss Sonoma at the Hot Chips conference in Silicon Valley at the end of the month, so we might learn more then.
Businesses

Symantec: Hacking Group Black Vine Behind Anthem Breach 18 18

itwbennett writes: Symantec said in a report that the hacking group Black Vine, which has been active since 2012 and has gone after other businesses that deal with sensitive and critical data, including organizations in the aerospace, technology and finance industries, is behind the hack against Anthem. The Black Vine malware Mivast was used in the Anthem breach, according to Symantec.
Businesses

How Developers Can Fight Creeping Mediocrity 133 133

Nerval's Lobster writes: As the Slashdot community well knows, chasing features has never worked out for any software company. "Once management decides that's where the company is going to live, it's pretty simple to start counting down to the moment that company will eventually die," software engineer Zachary Forrest y Salazar writes in a new posting. But how does any developer overcome the management and deadlines that drive a lot of development straight into mediocrity, if not outright ruination? He suggests a damn-the-torpedoes approach: "It's taking the code into your own hands, building or applying tools to help you ship faster, and prototyping ideas," whether or not you really have the internal support. But given the management issues and bureaucracy confronting many companies, is this approach feasible?
Security

Research: Industrial Networks Are Vulnerable To Devastating Cyberattacks 76 76

Patrick O'Neill writes: New research into Industrial Ethernet Switches reveals a wide host of vulnerabilities that leave critical infrastructure facilities open to attackers. Many of the vulnerabilities reveal fundamental weaknesses: Widespread use of default passwords, hardcoded encryption keys, a lack of proper authentication for firmware updates, a lack of encrypted connections, and more. Combined with a lack of network monitoring, researchers say the situation showcases "a massive lack of security awareness in the industrial control systems community."