Advertising

Test Shows Big Data Text Analysis Inconsistent, Inaccurate 13

Posted by samzenpus
from the you'll-love-these-links dept.
DillyTonto writes The "state of the art" in big-data (text) analysis turns out to use a method of categorizing words and documents that, when tested, offered different results for the same data 20% of the time and was flat wrong another 10%, according to researchers at Northwestern. The Researchers offered a more accurate method, but only as an example of how to use community detection algorithms to improve on the leading method (LDA). Meanwhile, a certain percentage of answers from all those big data installations will continue to be flat wrong until they're re-run, which will make them wrong in a different way.
Security

OpenSSH Will Feature Key Discovery and Rotation For Easier Switching To Ed25519 64

Posted by Soulskill
from the all-about-the-upgrades dept.
ConstantineM writes: OpenSSH developer Damien Miller has posted about a new feature he implemented and committed for the next upcoming 6.8 release of OpenSSH hostkeys@openssh.com — an OpenSSH extension to the SSH protocol for sshd to automatically send all of its public keys to the client, and for the client to automatically replace all keys of such server within ~/.ssh/known_hosts with the fresh copies as supplied (provided the server is trusted in the first place, of course). The protocol extension is simple enough, and is aimed to make it easier to switch over from DSA to the OpenSSL-free Ed25519 public keys. It is also designed in such a way as to support the concept of spare host keys being stored offline, which could then seamlessly replace main active keys should they ever become compromised.
Graphics

GeForce GTX 980 and 970 Cards From MSI, EVGA, and Zotac Reviewed 60

Posted by Soulskill
from the price-vs.-performance-vs.-really-loud-fans dept.
MojoKid writes: In all of its iterations, NVIDIA's Maxwell architecture has proven to be a good performing, power-efficient GPU thus far. At the high-end of the product stack is where some of the most interesting products reside, however. When NVIDIA launches a new high-end GPU, cards based on the company's reference design trickle out first, and then board partners follow up with custom solutions packing unique cooling hardware, higher clocks, and sometimes additional features. With the GeForce GTX 970 and GTX 980, NVIDIA's board partners were ready with custom solutions very quickly. These three custom GeForce cards, from enthusiast favorites EVGA, MSI, and Zotac represent optimization at the high-end of Maxwell. Two of the cards are GTX 980s: the MSI GTX 980 Gaming 4G and the Zotac GeForce GTX 980 AMP! Omgea, the third is a GTX 970 from EVGA, their GeForce GTX 970 FTW with ACX 2.0. Besides their crazy long names, all of these cards are custom solutions, that ship overclocked from the manufacturer. In testing, NVIDIA's GeForce GTX 980 was the fastest, single-GPU available. The custom, factory overclocked MSI and Zotac cards cemented that fact. Overall, thanks to a higher default GPU-clock, the MSI GTX 980 Gaming 4G was the best performing card. EVGA's GeForce GTX 970 FTW was also relatively strong, despite its alleged memory bug. Although, as expected, it couldn't quite catch the higher-end GeForce GTX 980s, but occasionally outpaced the AMD's top-end Radeon R9 290X.
United Kingdom

BT Unveils 1000Mbps Capable G.fast Broadband Rollout For the United Kingdom 109

Posted by timothy
from the gee-that's-fast dept.
Mark.JUK writes The national telecoms operator for the United Kingdom, BT, has today announced that it will begin a country-wide deployment of the next generation hybrid-fibre G.fast (ITU G.9701) broadband technology from 2016/17, with most homes being told to expect speeds of up to 500Mbps (Megabits per second) and a premium service offering 1000Mbps will also be available.

At present BT already covers most of the UK with hybrid Fibre-to-the-Cabinet (FTTC) technology, which delivers download speeds of up to 80Mbps by running a fibre optic cable to a local street cabinet and then using VDSL2 over the remaining copper line from the cabinet to homes. G.fast follows a similar principal, but it brings the fibre optic cable even closer to homes (often by installing smaller remote nodes on telegraph poles) and uses more radio spectrum (17-106MHz) over a shorter remaining run of copper cable (ideally less than 250 metres). The reliance upon copper cable means that the real-world speeds for some, such as those living furthest away from the remote nodes, will probably struggle to match up to BT's claims. Nevertheless many telecoms operators see this as being a more cost effective approach to broadband than deploying a pure fibre optic / Fibre-to-the-Home (FTTH) network.
Networking

Wi-Fi Issues Continue For OS X Users Despite Updates 114

Posted by Soulskill
from the no-motivation-to-fix dept.
itwbennett writes: Although Apple has never officially acknowledged issues surrounding Yosemite and Wi-Fi connectivity, the company is clearly aware of the problem: Leading off the improvements offered in the update 10.10.2 update released Tuesday was 'resolves an issue that might cause Wi-Fi to disconnect,' according to the release notes. Despite this, Apple's support forum was filled with tales of frustrated users. And Mac owners aren't the only Apple users experiencing wireless connection failures after updating their OS. Wi-Fi connectivity issues have also dogged iOS 8 since Apple released the mobile OS on Sept. 17.
China

Tech Companies Worried Over China's New Rules For Selling To Banks 126

Posted by Soulskill
from the worried-all-the-way-to-the-bank dept.
An anonymous reader writes: China is putting into place a new set of regulations for how banks interact with technology, and it has many companies worried. While the rules might enhance security for the Chinese government, they devastate it for everyone else. For example, not only will China require that companies turn over source code for any software sold to banks, the companies building the software (and hardware) must also build back doors into their systems. The bad news for us is that most companies can't afford to simply refuse the rules and write China off. Tech industry spending is estimated to reach $465 billion in 2015, and it's projected for a huge amount of growth.
Businesses

LibreOffice Gets a Streamlined Makeover With 4.4 Release 146

Posted by samzenpus
from the check-it-out dept.
TechCurmudgeon sends word that LibreOffice 4.4 has been released. "The Document foundation announced availability of the latest version of LibreOffice on Thursday, which it says is the most beautiful version of the open source productivity suite yet. LibreOffice 4.4 also fixes some compatibility issues with files that are saved in Microsoft's OOXML formats. LibreOffice 4.4 has got a lot of UX and design love," Jan "Kendy" Holesovsky, who leads the design team for Libreoffice, said in a statement. LibreOffice 4.4 is currently available for Windows."
Security

D-Link Routers Vulnerable To DNS Hijacking 63

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes At least one and likely more D-Link routers as well as those of other manufacturers using the same firmware are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered. Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Link's DSL-2740R ADSL modem/wireless router. The firmware in question is implemented in many networking equipment manufactured by D-Link, TP-Link Technologies and ZTE.
Networking

Ask Slashdot: When and How Did Europe Leapfrog the US For Internet Access? 474

Posted by timothy
from the granpa-tell-us-a-story dept.
New submitter rsanford, apropos of today's FCC announcement about what is officially consided "broadband" speed by that agency, asks In the early and middle 90's I recall spending countless hours on IRC 'Trout-slapping' people in #hottub and engaging in channel wars. The people from Europe were always complaining about how slow their internet was and there was no choice. This was odd to me, who at the time had 3 local ISPs to choose from, all offering the fastest modem connections at the time, while living in rural America 60 miles away from the nearest city with 1,000 or more people. Was that the reality back then? If so, what changed, and when?
Communications

Mozilla Dusts Off Old Servers, Lights Up Tor Relays 80

Posted by timothy
from the good-citizenship dept.
TechCurmudgeon writes According to The Register, "Mozilla has given the Tor network a capacity kick with the launch of 14 relays that will help distribute user traffic. Engineers working under the Foundation's Polaris Project inked in November pulled Mozilla's spare and decommissioned hardware out of the cupboard for dedicated use in the Tor network. It included a pair of Juniper EX4200 switches and three HP SL170zG6 (48GB ram, 2*Xeon L5640, 2*1Gbps NIC) servers, along with a dedicated existing IP transit provider (2 X 10Gbps). French Mozilla engineer Arzhel Younsi (@xionoxfr) said its network was designed to fall no lower than half of its network capacity in the event of maintenance or failure. The Polaris initiative was a effort of Mozilla, the Tor Project and the Centre for Democracy and Technology to help build more privacy controls into technology."
Security

Georgia Institute of Technology Researchers Bridge the Airgap 86

Posted by timothy
from the always-type-in-gibberish dept.
An anonymous reader writes Hacked has a piece about Georgia Institute of Technology researchers keylogging from a distance using the electromagnetic radiation of CPUs. They can reportedly do this from up to 6 meters away. In this video, using two Ubuntu laptops, they demonstrate that keystrokes are easily interpreted with the software they have developed. In their white paper they talk about the need for more research in this area so that hardware and software manufacturers will be able to develop more secure devices. For now, Faraday cages don't seem as crazy as they used to, or do they?
Crime

Why ATM Bombs May Be Coming Soon To the United States 368

Posted by samzenpus
from the almost-worth-the-troub;e dept.
HughPickens.com writes Nick Summers has an interesting article at Bloomberg about the epidemic of 90 ATM bombings that has hit Britain since 2013. ATM machines are vulnerable because the strongbox inside an ATM has two essential holes: a small slot in front that spits out bills to customers and a big door in back through which employees load reams of cash in large cassettes. "Criminals have learned to see this simple enclosure as a physics problem," writes Summers. "Gas is pumped in, and when it's detonated, the weakest part—the large hinged door—is forced open. After an ATM blast, thieves force their way into the bank itself, where the now gaping rear of the cash machine is either exposed in the lobby or inside a trivially secured room. Set off with skill, the shock wave leaves the money neatly stacked, sometimes with a whiff of the distinctive acetylene odor of garlic." The rise in gas attacks has created a market opportunity for the companies that construct ATM components. Several manufacturers now make various anti-gas-attack modules: Some absorb shock waves, some detect gas and render it harmless, and some emit sound, fog, or dye to discourage thieves in the act.

As far as anyone knows, there has never been a gas attack on an American ATM. The leading theory points to the country's primitive ATM cards. Along with Mongolia, Papua New Guinea, and not many other countries, the U.S. doesn't require its plastic to contain an encryption chip, so stealing cards remains an effective, nonviolent way to get at the cash in an ATM. Encryption chip requirements are coming to the U.S. later this year, though. And given the gas raid's many advantages, it may be only a matter of time until the back of an American ATM comes rocketing off.
Businesses

Amazon Takes On Microsoft, Google With WorkMail For Businesses 63

Posted by samzenpus
from the new-mail dept.
alphadogg writes Amazon Web Services today launched a new product to its expansive service catalog in the cloud: WorkMail is a hosted email platform for enterprises that could wind up as a replacement for Microsoft and Google messaging systems. The service is expected to cost $4 per user per month for a 50GB email inbox. It's integrated with many of AWS's other cloud services too, including its Zocalo file synchronization and sharing platform. The combination will allow IT shops to set up a hosted email platform and link it to a file sharing system.
Security

Adobe's Latest Zero-Day Exploit Repurposed, Targeting Adult Websites 201

Posted by samzenpus
from the watch-what-you-watch dept.
MojoKid writes Adobe issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit). To fall victim to this kind of attack, all someone needs to do is visit a website with compromised Flash files, at which point the attacker can inject code and utilize Angler EK, which has proven to be an extremely popular tool over the past year. This particular version of Angler EK is different, however. For starters, it makes use of obfuscated JavaScript and attempts to detect virtual machines and anti-virus products. Its target audience is also rather specific: porn watchers. According to FireEye, which has researched the CVE-2015-0311 vulnerability extensively, this exploit has reached people via banner ads on popular adult websites. It was also noted that even a top 1000 website was affected, so it's not as though victims are surfing to the murkiest depths of the web to come in contact with it.
Books

Book Review: Designing and Building a Security Operations Center 29

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators. This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues. In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. Keep reading for the rest of Ben's review
Security

Why Screen Lockers On X11 Cannot Be Secure 374

Posted by Soulskill
from the targeted-for-improvement dept.
jones_supa writes: One thing we all remember from Windows NT is the security feature requiring the user to press CTRL-ALT-DEL to unlock the workstation (this can still be enabled with a policy setting). The motivation was to make it impossible for other programs to mimic a lock screen, as they couldn't react to the special key combination. Martin Gräßlin from the KDE team takes a look at the lock screen security on X11. On a protocol level, X11 doesn't know anything of screen lockers. Also the X server doesn't know that the screen is locked as it doesn't understand the concept. This means the screen locker can only use the core functionality available to emulate screen locking. That in turn also means that any other client can do the same and prevent the screen locker from working (for example opening a context menu on any window prevents the screen locker from activating). That's quite a bummer: any process connected to the X server can block the screen locker, and even more it could fake your screen locker.
Encryption

Justice Department: Default Encryption Has Created a 'Zone of Lawlessness' 423

Posted by Soulskill
from the what-would-you-call-this-zone-that's-allegedly-associated-with-danger? dept.
Jason Koebler writes: Leslie Caldwell, an assistant attorney general at the Justice Department, said Tuesday that the department is "very concerned" by the Google's and Apple's decision to automatically encrypt all data on Android and iOS devices.

"We understand the value of encryption and the importance of security," she said. "But we're very concerned they not lead to the creation of what I would call a 'zone of lawlessness,' where there's evidence that we could have lawful access through a court order that we're prohibited from getting because of a company's technological choices.
Bug

Security-Focused BlackPhone Was Vulnerable To Simple Text Message Bug 46

Posted by Soulskill
from the nobody's-perfect dept.
mask.of.sanity sends this report from El Reg: The maker of BlackPhone – a mobile marketed as offering unusually high levels of security – has patched a critical vulnerability that allows hackers to run malicious code on the handsets. Attackers need little more than a phone number to send a message that can compromise the devices via the Silent Text application.

The impact of the flaw is troubling because BlackPhone attracts what hackers see as high-value victims: those willing to invest AU$765 (£415, $630) in a phone that claims to put security above form and features may well have valuable calls and texts to hide from eavesdroppers.
Communications

How One Small Company Blocked 15.1 Million Robocalls Last Year 145

Posted by Soulskill
from the napalm-solves-many-problems dept.
TechCurmudgeon sends this excerpt from an article at Wired: Aaron Foss won a $25,000 cash prize from the Federal Trade Commission for figuring out how eliminate all those annoying robocalls that dial into your phone from a world of sleazy marketers. ... Using a little telephone hackery, Foss found a way of blocking spammers while still allowing the emergency alert service and other legitimate entities to call in bulk. Basically, he re-routed all calls through a service that would check them against a whitelist of legitimate operations and a blacklist of spammers, and this little trick was so effective, he soon parlayed it into a modest business. Last year, his service, called Nomorobo, blocked 15.1 million robocalls.
Security

Lizard Squad Hits Malaysia Airlines Website 41

Posted by Soulskill
from the kicking-them-when-they're-down dept.
An anonymous reader writes: Lizard Squad, the hacking collaborative that went after the PlayStation Network, Xbox Live, and the North Korean internet last year, has now targeted Malaysia Airlines with an attack. Bloomberg links to images of the hacks (including the rather heartless 404 jab on its home page) and columnist Adam Minter wonders why Malaysia Airlines, which has had so much bad press in the past 12 months, was worthy of Lizard Squad's ire. In apparent answer, @LizardMafia (the org's reputed Twitter handle) messaged Mr. Minter this morning: "More to come soon. Side Note: We're still organizing the @MAS email dump, stay tuned for that."