Facebook Rolled Its Own 0Day For Red Team Exercise? Mar 9th 2013, 23:45 chicksdaddy writes "Threatpost has the story of the extreme — even hair-raising — lengths that Facebook's incident response team has gone to in order to prepare the company's staff to be hacked. Among the methods described at the CanSecWest Conference: 'Operation Loopback' in 2012, which was designed to mimic an APT-style attack from China and used what appears to be an internally developed exploit for an internally discovered 0day. From the article: 'McGeehan and his team this time identified a likely attacker — China — and decided to impersonate its tactics. For this one, they recruited an internal engineer as an accomplice. They wanted to get a backdoor into Facebook's production code, so they sent a spear-phishing email containing exploit code for a live zero-day vulnerability to the engineer. He dutifully clicked the link and his machine was promptly compromised. (McGeehan would not identify which product the vulnerability affected, nor how the Facebook team came into possession of it, but said that they disclosed it to the affected vendor before the Loopback exercise and used it before the patch was publicly available.)' Ouch!" Read more of this story at Slashdot. | Bringing Neurofeedback Gaming To the Masses Mar 9th 2013, 22:52 New submitter captioning writes "The Los Angeles Times reports on Throw Trucks With Your Mind, a multiplayer first-person 'gunless shooter' that uses an inexpensive, wireless EEG (electroencephalograph) headset to measure players' brainwaves and move virtual objects on screen. Depending on the strength of players' beta waves (emitted while concentrating), players toss small items like crates or catapult objects like trucks. Players can also draw things toward them by relaxing (and emitting alpha waves). Greater relaxation results in more power as well, so players learn quickly to be careful when attracting trucks. The success of Throw Trucks could lead to stronger demand for neural feedback games worldwide." Read more of this story at Slashdot. | The Science of Hugo Chavez's Long Term Embalming Mar 9th 2013, 22:01 Hugh Pickens writes writes "Discover Magazine reports that Hugo Chavez will apparently get an embalming job designed to keep him looking alive for decades similar to that of Russia's Vladimir Lenin, whose body still lies in a mausoleum in Moscow's Red Square, nearly 90 years after his death. So how do you preserve a human body for decades without it turning into a pile of melted tissue? First, get to work quickly. Upon death, the human body starts decomposing immediately. The way to stop it is with formaldehyde, a preservative used for the past century, which inhibits the enzyme decomposition as well as killing bacteria. 'You pump the chemical in, and as the formaldehyde hits the cells of the body, it firms up the protein of the cell, or fixates it,' says Vernie Fountain, head of the Fountain National Academy of Professional Embalming Skills in Springfield, Mo. 'That's what makes them stiff.' With a body that will have to be on display for years, it's likely to require a top-shelf, super-strong solution. 'If I were doing Hugo Chavez, I would strengthen the solution and use more preservative product,' says Fountain. Next, get a good moisturizer. Formaldehyde preserves, but it also dries out the body. Vaseline or other moisturizers can preserve the look of skin, according to Melissa Johnson Williams, executive director of the American Society of Embalmers. Finally keep cool. Heat decomposes a body so for long term preservation, the body has to be kept at the temperature of a standard kitchen refrigerator, somewhere in the mid-40s. Lastly, if Venezuelans really want to keep Hugo Chavez around forever, like many other world figures, there's only one solution that works, according to Fountain. 'The best form of preservation is mummification.'" Read more of this story at Slashdot. | Apple Finally Fixes Unencrypted App Store Login Mar 9th 2013, 21:13 Deekin_Scalesinger writes "More than eighteen months after being first brought to Cupertino's attention, Apple gets around to addressing insecure logins to the App Store. In theory, this could be used to view lists of installed apps and make unauthorized purchases." Yep, they were sending login information over plain http. Read more of this story at Slashdot. | Proof-of-Concept Port of XBMC to SDL 2.0 and Wayland Mar 9th 2013, 20:22 hypnosec wrote in with news that XBMC has experimental Wayland support now. Even better, it's implemented by porting XBMC to SDL 2.0, something that will become important as SDL 1.2 development officially ended and SDL 2.0 should be out in the wild in the not-too-distant-future. The code is only a few days old and has a few serious limitations (input is broken and a bug in weston with threaded clients causes rendering hangs) , but it seems like a pretty good start. The port should also bring SDL 2.0 support to the X11 backend. Read more of this story at Slashdot. | Physicists Discover 13 New Solutions To Three-Body Problem Mar 9th 2013, 19:33 sciencehabit writes "It's the sort of abstract puzzle that keeps a scientist awake at night: Can you predict how three objects will orbit each other in a repeating pattern? In the 300 years since this 'three-body problem' was first recognized, just three families of solutions have been found. Now, two physicists have discovered 13 new families. It's quite a feat in mathematical physics, and it could conceivably help astrophysicists understand new planetary systems." The paper is available at arxiv. Read more of this story at Slashdot. | The Manti Te'o of Physics Mar 9th 2013, 19:08 theodp writes "When it comes to tales of fake girlfriends, Manti Te'o can't hold a candle to theoretical particle physicist Paul Frampton. In November 2011, writes the NY Times' Maxine Swann in 'The Professor, the Bikini Model and the Suitcase Full of Trouble,' Frampton met who he says he thought was Czech bikini model Denise Milani on Mate1.com. A Yahoo Messenger romance bloomed, at least in the 68-year-old Frampton's mind (Frampton's ex-wife was a self-described 'physics groupie'). But before starting their perfect life together, fake Denise asked Frampton for one little favor — would he be so kind as to bring her a bag that she had left in La Paz, Bolivia? Yep, bad idea. The UNC Louis D. Rubin, Jr. Distinguished Professor of Physics and Astronomy soon found himself in a Buenos Aries prison, charged with transporting two kilos of cocaine into Argentina. Currently serving a four years and eight months sentence under house arrest, Frampton reportedly continues to supervise his two current PhD students by phone, and still finds time to post to the Physics archive." Read more of this story at Slashdot. | SXSW: How Emotions Determine Android's Design Mar 9th 2013, 18:39 Nerval's Lobster writes "At a SXSW panel titled, 'Android's Principles for Designing the Future,' Helena Roeber (who headed up Android's UX research from 2007 through 2012) and Rachel Garb (who leads interaction design for Android apps at Google) discussed the complex philosophy behind Android's design. Roeber went back to the very beginning, recounting Google's Android Baseline Study, in which the team made in-home visits to study how people use technology. 'We saw the profound effect that technological design has on people's lives,' she said. 'Technology had become so pervasive that people had started to schedule and enforce deliberate offline moments to spend time with their family and friends.' From that study, the team learned that users were often overwhelmed by their options and 'limitless flexibility,' leading them to consider how to design a mobile operating system that wouldn't beat those users over the head (at least in the proverbial sense) on a minute-by-minute basis. Instead, they focused on an interface capable of serving features to users only when needed. That meant creating an interface that only interrupts users when needed; that does the 'heavy lifting' of the user's tasks and scheduling; that emphasizes 'real objects' over buttons and menus; and that offers lots of chances for customization. All those elements— and many more — eventually ended up in Android's trio of design principles: 'Enchant Me, Simplify My Life, and Make Me Amazing.'" Read more of this story at Slashdot. | U.S. ISBN Monopoly Denies Threat From Digital Self-Publishing Mar 9th 2013, 17:52 Ian Lamont writes "The Economist writes that self-publishing threatens the existence of the International Standard Book Number (ISBN) regimen, which is used to track and distribute printed books. Self-publishing of e-books has experienced triple-digit growth in recent years, and the most popular self-publishing platforms such as Amazon's Kindle Direct Publishing don't require ISBNs (Amazon assigns its own reference number to these titles). But Bowker, the sole distributor of ISBNs in the United States, sees an opportunity in self-publishing. The packages for independent authors are very expensive — Bowker charges $125 for a single ISBN, and $250 for ten. It also upsells other expensive services to new and naive authors, including $25 barcodes and a social widget that costs $120 for the first year. Laura Dawson, the product manager for identifiers at Bowker, insists that ISBNs are relevant and won't be replaced anytime soon: 'Given how hard it is to migrate database platforms and change standards, I wouldn't expect to replace the ISBN, simply because it is also an EAN, which is an ISO standard that forms the backbone of global trade of both physical and digital items. There are a lot of middlemen, even in self-publishing. They require standards in order to communicate with one another.'" It seems like a lot of programs/services just use ASINs (despite being controlled by a single private entity), probably indicating some deficiency with the current centralized registration regime. Back in 2005, Jimmy Wales suggested we needed something (culturally) similar to wikipedia for product identifiers. The O'Reilly interview indicates that the folks issuing ISBNs think DOIs are DOA too. Read more of this story at Slashdot. | EA Offering Free Game to Users After SimCity Launch Problems Mar 9th 2013, 17:00 An anonymous reader writes "The SimCity launch earlier this week was a complete disaster. Single player games that require an Internet connection to enable forced multiplayer features (as well as acting as a form of DRM) is bad enough, but then to not be prepared for the demand such a popular franchise has, well, that's just dumb, and Lucy Bradshaw, EA's general manager for the Maxis Label, has admitted exactly that." They did not provide much details, but supposedly anyone who has SimCity now should get "a free PC download game from the EA portfolio." They are unrepentant about the always-online requirement though. Read more of this story at Slashdot. | Ask Slashdot: Where to Host Many Small, Related Projects? Mar 9th 2013, 16:11 MellowTigger writes "I work at a non-profit organization. I am looking for a site where we can register an account under our group's name, then spawn multiple projects to solicit programmer help for our organization. The current projects that we have in mind are small and probably not of interest to the wider world, although one very large project is possible. I need a site that emphasizes our non-profit as the benefactor rather than the wider world, since most projects are so specific that wider applicability seems slim. We would need help with various technologies including at least Powershell and SQL. At the moment, my available options emphasize individual projects of public interest, so we would have to spawn multiple independent projects, seeming to spam the host with 'pointless' minor tasks. We already have technical people seeking to donate time. We just need a way to coordinate skill matching, document sharing, and code submission out on the web. What do you suggest?" Read more of this story at Slashdot. | Embedded Linux Conference 2013 Videos Available Online Mar 9th 2013, 15:45 DeviceGuru writes "Videos from four keynote talks and two-dozen sessions at the Embedded Linux Conference 2013 in San Francisco last month are now available for free viewing, courtesy of the Linux Foundation, which held the event. The videos cover a wide range of embedded Linux development, deployment, and marketing topics. One particularly interesting session was Andrew Chatham's presentation on Google's self driving cars." Read more of this story at Slashdot. | If Video Games Make People Violent, So Do Pictures of Snakes Mar 9th 2013, 15:20 New submitter phenopticon writes with this nugget from an intriguing piece at Gamasutra that adds another voice to the slow-burn debate on the psychological effects of video games: "For nearly thirty years we've been having this discussion, asking the question: do violent movies, music or video games make people violent? Well according to Brad Bushman and Craig Anderson of Iowa State University, yes. Based on the results of their research they concluded in 2001 that video games and violent media can make people aggressive and violent. Based upon their data and their conclusions, however, it's safe to say that photos of snakes, crispy bacon, or a particularly rigorous game of chess can also make people aggressive and violent." Read more of this story at Slashdot. | How the First Bitcoin Hedge Fund Approaches Security Mar 9th 2013, 14:18 An anonymous reader writes with a link to a story at Forbes about what's said to the first Bitcoin hedge fund; the article goes into some of the details of how the (literally) valuable data is kept. A selection: "The private key itself is AES-256 encrypted. After exporting Bitcoin private keys from wallet.dat file, data is stored in a TrueCrypt container on three separate flash drives. Using Shamir's Secret Sharing algorithm, the container password is then split into three parts utilizing a 2-of-3 secret sharing model. Incorporating physical security with electronic security, each flash drive from various manufacturers is duplicated several times and, together with a CD-ROM, those items are vaulted in a bank safety deposit box in three different legal jurisdictions. To leverage geographic distribution as well, each bank stores only part of a key, so if a single deposit box is compromised, no funds are lost." Read more of this story at Slashdot. | Developers Begin Hunt For a Killer App For Google Glass Mar 9th 2013, 13:28 holy_calamity writes "Companies large and small are working to create the first "killer app" for Google Glass, the wearable display to go on sale later this year, reports MIT Technology Review. Evernote is among large companies that got early access to prototypes and has been testing ideas for some time, but is staying quiet about its plans. Meanwhile new startups with apps for Glass are being created and funded, although uncertainty about whether consumers will embrace the technology has steered them towards commercial and industrial ideas, such as apps for for doctors and maintenance technicians." Read more of this story at Slashdot. | Mass. Bill Would Put Privacy Squeeze on Cloud Apps For Schools Mar 9th 2013, 11:21 An anonymous reader points out a story at The Register about a Microsoft-backed bill proposed by Massachusetts state representative Carlo Basil which seems aimed directly at Google's cloud apps. The bill, if it should be enacted, would require that "[a]ny person who provides a cloud computing service to an educational institution operating within the State shall process data of a student enrolled in kindergarten through twelfth grade for the sole purpose of providing the cloud computing service to the educational institution and shall not process such data for any commercial purpose, including but not limited to advertising purposes that benefit the cloud computing service provider." Read more of this story at Slashdot. | Computer History Museum Wants to Preserve Minitel History Mar 9th 2013, 09:35 coondoggie writes "It's been almost a year since France Telecom shut down its once widely popular Minitel online services and historians are worried that its legacy from a preservationist point of view is being lost forever. The Computer History Museum in Mountain View, CA., naturally wants to collect and preserve all manner of industry historical artifacts, and Minitel is one of the central components of its 'Revolution: The First 2000 Years of Computing' exhibit." Read more of this story at Slashdot. | DNS Hijack Leads To Bitcoin Heist Mar 9th 2013, 06:51 First time accepted submitter FearTheFez writes "Social Engineering and poor DNS Security lead to a Bitcoin heist worth about $12000. Bitcoin broker Bitinstant was robbed after thieves managed to take over ownership of their domains. While Bitinstant claims that no customers lost any money, without 2 factor authentication all it took was a place of birth and a mothers maiden name to gain access. This looks like poor security from everyone involved." Read more of this story at Slashdot. | Singaporean University Snubs Lauded (But Anti-Censorship) Professor Mar 9th 2013, 04:10 New submitter nifty-c writes "Singapore has invested heavily in higher education partnerships with the U.S. and launched an ambitious program of high-tech research with Western countries, but recent events have opened these links to controversy. Prof. Cherian George at Nanyang Technological University (NTU), Singapore, is a communication and information school professor and an outspoken critic of his government's censorship of the Internet. NTU recently fired him, sparking an outcry from critics who claim political interference. This week a group of faculty and affiliates at Harvard's Berkman Center for Internet & Society has 'strongly caution[ed]...colleagues working in the area of Internet and society in any dealings with Singaporean universities.'" Read more of this story at Slashdot. | US CompSci Enrollment Leaps For 5th Straight Year Mar 9th 2013, 01:28 dcblogs writes "The number of new undergraduate computing majors in U.S. computer science departments increased more than 29% last year, a pace called 'astonishing' by the Computing Research Association. The increase was the fifth straight annual computer science enrollment gain, according to the CRA's annual survey of computer science departments at Ph.D.-granting institutions. The survey also found that more students are earning a Ph.D., with 1,929 degrees granted — an 8.2% increase over the prior year. The pool of undergraduate students represented in the CRA survey is 67,850. Of that number, 57,500 are in computer science." Read more of this story at Slashdot. | Chrome OS Remains Undefeated At Pwnium 3 Mar 9th 2013, 00:24 hypnosec writes "Google has announced that its Chrome OS has managed to remain undefeated during the Pwnium 3 event that was held alongside Pwn2Own. Announced by Google on January 28, 2013 the Pwnium 3 event carried a prize money of $3.14 million. Researchers were asked to carry out attacks against a base Samsung Series 5 chromebook running the latest stable version of Chrome OS. It turns out security researchers were not able to come up with winning exploits even after the competition's deadline was extended. Google Chrome Team has revealed that partial exploit entries have been filled in but, no other details have been released." Read more of this story at Slashdot. | Court: 4th Amendment Applies At Border, Password Protected Files Not Suspicious Mar 8th 2013, 23:45 An anonymous reader sends this Techdirt report on a welcome ruling from the 9th Circuit Court of Appeals: ""Here's a surprise ruling. For many years we've written about how troubling it is that Homeland Security agents are able to search the contents of electronic devices, such as computers and phones at the border, without any reason. The 4th Amendment only allows reasonable searches, usually with a warrant. But the general argument has long been that, when you're at the border, you're not in the country and the 4th Amendment doesn't apply. This rule has been stretched at times, including the ability to take your computer and devices into the country and search it there, while still considering it a "border search," for which the lower standards apply. Just about a month ago, we noted that Homeland Security saw no reason to change this policy. Well, now they might have to. In a somewhat surprising 9th Circuit ruling (en banc, or in front of the entire set of judges), the court ruled that the 4th Amendment does apply at the border, that agents do need to recognize there's an expectation of privacy, and cannot do a search without reason. Furthermore, they noted that merely encrypting a file with a password is not enough to trigger suspicion." Read more of this story at Slashdot. | |