You are here

Site në gjuhë të huaj

Ask Slashdot: Who's Going To Win the Malware Arms Race?

Slashdot.org - Mar, 31/03/2015 - 11:08pd
An anonymous reader writes: We've been in a malware arms race since the 1990s. Malicious hackers keep building new viruses, worms, and trojan horses, while security vendors keep building better detection and removal algorithms to stop them. Botnets are becoming more powerful, and phishing techniques are always improving — but so are the mitigation strategies. There's been some back and forth, but it seems like the arms race has been pretty balanced, so far. My question: will the balance continue, or is one side likely to take the upper hand over the next decade or two? Which side is going to win? Do you imagine an internet, 20 years from now, where we don't have to worry about what links we click or what attachments we open? Or is it the other way around, with threats so hard to block and DDoS attacks so rampant that the internet of the future is not as useful as it is now?

Read more of this story at Slashdot.

Anish Patil: Glimpse of FOSS ASIA

Planet GNOME - Mar, 31/03/2015 - 8:30pd
In last week, I attended FOSS ASIA which is one of the biggest Open Source Conference in ASIA and was held in beautiful city of Singapore. Conference had 3 or 4 simultaneous tracks which were focused on DevOps,Web Programming,Workshops and I attended  mostly Web and Dev Ops tracks. I will not get into details of each track but I would like to mention talk by  Dr. Vivian Balakrishnan about "Singapore as a Smart Nation" .
Dr. Vivian Balakrishnan's  talk was focused on open gov data and how one can utilize that to make better governance. Dr Balakrishnan is working as Singapore’s Minister for the Environment and Water Resources but prior to that he used to be Ophthalmologist and he likes computers. He knows Python and Node.js and I must say I was really impressed by his skills.I did not expect any politician of any country who knows Python or Node. During his talk he mentioned that, In Singapore before you get into politics first you need to serve & get some experience through a job or working as a professional for few years and then you can get into active politics which is unlike in other countries(I know about India not sure about other countries ).He shared his vision about Singapore and their efforts to achieve it. I am looking forward to see smart Singapore in future.   I met several friends and  had a good time in zanata,fedora,systemd BOF's. I and Pravin took a workshop on GNOME 101 and RPM packaging. 
I would like to thank Harish Pillay for his gratuitous support and Red Hat to allow me to attend event. I would like to extend my gratitude to  FOSS ASIA organizers  Hong Phuc Dang, Mario Behling, Harish Pillay, Roland Turner, Justin Lee and Darwin Gosal and looking forward to see them again!

No Film At 11: the Case For the Less-Video-Is-More MOOC

Slashdot.org - Mar, 31/03/2015 - 8:15pd
theodp writes: In Why My MOOC is Not Built on Video, GWU's Lorena Barba explains why the Practical Numerical Methods with Python course she and colleagues put together has but one video: "Why didn't we have more video? The short answer is budget and time: making good-quality videos is expensive & making simple yet effective educational videos is time consuming, if not necessarily costly. #NumericalMOOC was created on-the-fly, with little budget. But here's my point: expensive, high-production-value videos are not necessary to achieve a quality learning experience." When the cost of producing an MOOC can exceed $100,000 per course, Barba suggests educators pay heed to Donald Bligh's 1971 observation that "dazzling presentations do not necessarily result in learning." So what would Barba do? "We designed the central learning experience [of #NumericalMOOC] around a set of IPython Notebooks," she explains, "and meaningful yet achievable mini-projects for students. I guarantee learning results to any student that fully engages with these!"

Read more of this story at Slashdot.

Microsoft Rolls Out Project Spartan With New Windows 10 Build

Slashdot.org - Mar, 31/03/2015 - 6:09pd
An anonymous reader writes: Today Microsoft released a new Technical Preview build for Windows 10. Its most notable addition is Microsoft's new browser: Project Spartan. In a brief post explaining the basics of the browser, the company says it includes their personal assistant software, Cortana, as well as "inking" support, which lets you write or type on the webpage you're viewing. But the biggest change, of course is the new rendering engine. The "suggestion box" page for Project Spartan is already filling up with idea from users, including one for Trident/EdgeHTML to be released as open source.

Read more of this story at Slashdot.

The Fridge: Ubuntu Weekly Newsletter Issue 410

Planet UBUNTU - Mar, 31/03/2015 - 4:33pd

Why You Should Choose Boring Technology

Slashdot.org - Mar, 31/03/2015 - 4:12pd
An anonymous reader writes Dan McKinley, a long-time Etsy engineer who now works at online payment processor Stripe, argues that the boring technology option is usually your best choice for a new project. He says, "Let's say every company gets about three innovation tokens. You can spend these however you want, but the supply is fixed for a long while. You might get a few more after you achieve a certain level of stability and maturity, but the general tendency is to overestimate the contents of your wallet. Clearly this model is approximate, but I think it helps. If you choose to write your website in NodeJS, you just spent one of your innovation tokens. If you choose to use MongoDB, you just spent one of your innovation tokens. If you choose to use service discovery tech that's existed for a year or less, you just spent one of your innovation tokens. If you choose to write your own database, oh god, you're in trouble. ... The nice thing about boringness (so constrained) is that the capabilities of these things are well understood. But more importantly, their failure modes are well understood."

Read more of this story at Slashdot.

IT Jobs With the Best (and Worst) ROI

Slashdot.org - Mar, 31/03/2015 - 2:14pd
Nerval's Lobster writes: Over at Dice, there's a breakdown of which tech jobs have the greatest return on investment, with regard to high starting salaries and growth potential relative to how much you need to spend on degrees and certifications. Which jobs top this particular calculation? No shockers here: DBAs, software engineers, programmers, and Web developers all head up the list, with salaries that tick into six-figure territory. How about those with the worst ROI? Graphic designers, sysadmins, tech support, and software QA testers often present a less-than-great combination of relatively little money and room for advancement, even if you possess a four-year degree or higher, unless you're one of the lucky few.

Read more of this story at Slashdot.

Amazon Launches 'Home Services' For Repair, Installation, and Other Work

Slashdot.org - Mar, 31/03/2015 - 1:33pd
An anonymous reader writes: Amazon has quietly rolled out a new business called "Home Services," which aims to be a middleman between customers and all sorts of contracted services. It includes things like appliance repair, home cleaning, installation/assembly of products in your car or home, tutoring (academic and musical), and even performance art. Amazon makes money on this by taking a cut of the total price — between 10 and 20 percent. Since everything is geolocated, they have many more options available in big cities than in small rural communities. One of Amazon's goals is to help standardize the price for various services, so there aren't any surprises when the bill comes due.

Read more of this story at Slashdot.

Poverty May Affect the Growth of Children's Brains

Slashdot.org - Mar, 31/03/2015 - 12:50pd
sciencehabit writes: Stark and rising inequality plagues many countries, including the United States, and politicians, economists, and — fortunately — scientists, are debating its causes and solutions. But inequality's effects may go beyond simple access to opportunity: a new study finds that family differences in income and education are directly correlated with brain size in developing children and adolescents. The findings could have important policy implications and provide new arguments for early antipoverty interventions, researchers say.

Read more of this story at Slashdot.

John Goerzen: ssh suddenly stops communicating with some hosts

Planet Debian - Mar, 31/03/2015 - 12:13pd

Here’s a puzzle I’m having trouble figuring out. This afternoon, ssh from my workstation or laptop stopped working to any of my servers (at OVH). The servers are all running wheezy, the local machines jessie. This happens on both my DSL and when tethered to my mobile phone. They had not applied any updates since the last time ssh worked. When looking at it with ssh -v, they were all hanging after:

debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr umac-64@openssh.com none debug1: kex: client->server aes128-ctr umac-64@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

Now, I noticed that a server on my LAN — running wheezy — could successfully connect. It was a little different:

debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

And indeed, if I run ssh -o MACs=hmac-md5, it works fine.

Now, I tried rebooting machines at multiple ends of this. No change. I tried connecting from multiple networks. No change. And then, as I was writing this blog post, all of a sudden it works normally again. Supremely weird! Any ideas what I can blame here?

Oops: World Leaders' Personal Data Mistakenly Released By Autofill Error

Slashdot.org - Mar, 31/03/2015 - 12:08pd
mpicpp writes in with this story about a mistake that saw personal details of world leaders accidentally disclosed by the Australian immigration department. "With a single key stroke, the personal information of President Obama and 30 other world leaders was mistakenly released by an official with Australia's immigration office. Passport numbers, dates of birth, and other personal information of the heads of state attending a G-20 summit in Brisbane, Australia, were inadvertently emailed to one of the organizers of January's Asian Cup football tournament, according to The Guardian. The U.K. newspaper obtained the information as a result of an Australia Freedom of Information request. Aside from President Obama, leaders whose data were released include Russian President Vladimir Putin, German Chancellor Angela Merkel, Chinese President Xi Jinping and British Prime Minister David Cameron. The sender forgot to check the auto-fill function in the email 'To' field in Microsoft Outlook before hitting send, the BBC reports."

Read more of this story at Slashdot.

Carl Chenet: Verify the backups of backup-manager

Planet Debian - Mar, 31/03/2015 - 12:00pd

Follow me on Identi.ca  or Twitter  or Diaspora*

Backup-manager is a tool creating backups and storing them locally. It’s really usefult to keep a regular backup of a quickly-changing trees of files (like a development environment) or for traditional backups if you have a NFS mount on your server. Backup-managers is also able to send backup itself to another server by FTP.

In order to verify the backups created by backup-manager, we will use also Backup Checker (stars appreciated :) ), the automated tool to verify backups. For each newly-created backup we want to control that:

  • the directory wip/data exists
  • the file wip/dump/db.sql exists and has a size greater than 100MB
  • the files wip/config/accounts did not change and has a specific md5 hash sum.
Installing what we need

We install backup-manager and backup checker. If you use Debian Wheezy, just use the following command:

apt-key adv --keyserver pgp.mit.edu --recv-keys 2B24481A \ && echo "deb http://debian.mytux.fr wheezy main" > /etc/apt/sources.list.d/mytux.list \ && apt-get update \ && apt-get install backupchecker backup-manager

Backup Checker is also available for Debian Squeeze, Debian Sid, FreeBSD. Check out the documentation to install it from PyPi or from sources.

Configuring Backup-Manager

Backup-manager will ask what directory you want to store backups, in our case we choose /home/joe/dev/wip

In the configuration file /etc/backup-manager.conf, you need to have the following lines:

export BM_BURNING_METHOD="none" export BM_UPLOAD_METHOD="none" export BM_POST_BACKUP_COMMAND="backupchecker -c /etc/backupchecker -l /var/log/backupchecker.log" Configuring Backup Checker

In order to configure Backup Checker, use the following commands:

# mkdir /etc/backupchecker && touch /var/log/backupchecker.log

Then write the following in /etc/backupchecker/backupmanager.conf:

[main] name=backupmanager type=archive path=/var/archives/laptop-home-joe-dev-wip.%Y%m%d.master.tar.gz files_list=/etc/backupchecker/backupmanager.list

You can see we’re using placeholders for the path value, in order to match each time the latest archive. More information about Backup Checker placeholders in the official documentation.

Last step, the description of your controls on the backup:

[files] wip/data| type|d wip/config/accounts| md5|27c9d75ba5a755288dbbf32f35712338 wip/dump/dump.sql| >100mb Launch Backup Manager

Just launch the following command:

# backup-manager

After Backup Manager is launched, Backup Checker is automatically launched and verify the new backup of the day where Backup Manager stores the backups.

Possible control failures

Lets say the dump does not have the expected size. It means someone may have messed up with the database! Backup Checker will warn you with the following message in /var/log/backupchecker.log:

$ cat /var/log/backupchecker.log WARNING:root:1 file smaller than expected while checking /var/archives/laptop-home-joe-dev-wip-20150328.tar.gz: WARNING:root:wip/dump/dump.sql size is 18. Should have been bigger than 104857600.

Other possible failures : someone created an account without asking anyone. The hash sum of the file will change. Here is the alert generated by Backup Checker:

$ cat /var/log/backupchecker.log WARNING:root:1 file with unexpected hash while checking /var/archives/laptop-home-joe-dev-wip-20150328.tar.gz: WARNING:root:wip/config/accounts hash is 27c9d75ba5a755288dbbf32f35712338. Should have been 27c9d75ba3a755288dbbf32f35712338.

Another possible failure: someone accidentally (or not) removed the data directory! Backup Checker will detect the missing directory and warn you:

$ cat /var/log/backupchecker.log WARNING:root:1 file missing in /var/archives/laptop-home-joe-dev-wip-20150328.tar.gz: WARNING:root:wip/data

Awesome isn’t it? The power of a backup tool combined with an automated backup checker. No more surprise when you need your backups. Moreover you spare the waste of time and efforts to control the backup by yourself.

What about you? Let us know what you think of it. We would be happy to get your feedbacks. The project cares about our users and the outdated feature was a awesome idea in a feature request by one of the Backup Checker user, thanks Laurent!

 


Hand-Drawn and Inkjet Printed Circuits for the Masses (Video)

Slashdot.org - Hën, 30/03/2015 - 11:26md
We started looking at ways to make instant hand-drawn or inkjet-printed circuit boards because Timothy met an engaging young man named Yuki Nishida at SXSW. Yuki is a co-founder of AgIC, a company that makes conductive ink pens and supplies special paper you can use to write or draw circuits or, if you have the right model of Brother printer, to print them with special inkjet inks. The AgIC people are agressvively putting the 'A' in STEAM by marketing their products to artists and craftspeople. Indeed the second line on their website's home page says, 'AgIC offers handy tools to light up your own art works.' This is an excellent niche, and now that AgIC has developed a circuit eraser (due to ship this April), it may lead to all kinds of creative designs. And as is typical with this kind of company these days, AgIC has been (at least partly) crowdfunded. A little cursory Google searching will soon lead you to other companies selling into the home/prototype circuit board market, including Cartesian Co and their Argentum 3-D printer that does prototype and short-run PCBs and only costs $899 (on special at the time this was written) and Electroninks, which markets the Circuit Scribe pen and associated materials with an emphasis on education. There are others in this growing field, and a year from now there will probably be more of them, all working to replace the venerable breadboard the same way electronic calculators replaced slide rules.

Read more of this story at Slashdot.

Silk Road Investigators Charged With Stealing Bitcoin

Slashdot.org - Hën, 30/03/2015 - 10:41md
itwbennett writes Two former U.S. government agents face charges related to stealing hundreds of thousands of dollars worth of bitcoin while assisting with an investigation of the Silk Road underground online marketplace, with one accused of using a fake online persona to extort money from operators of the site. Facing charges of wire fraud and money laundering are Carl Force, 46, of Baltimore, a former special agent with the U.S. Drug Enforcement Agency, and Shaun Bridges, 32, of Laurel, Maryland, a former special agent with the U.S. Secret Service. Both served on the Baltimore Silk Road Task Force, which investigated illegal activity on the Silk Road website, the Department of Justice said Monday in a press release.

Read more of this story at Slashdot.

Yves-Alexis Perez: 3.2.68 Debian/grsec kernel and update on the process

Planet Debian - Hën, 30/03/2015 - 10:27md

It's been a long time since I updated my repository with a recent kernel version, sorry for that. This is now done, the kernel (sources, i386 and amd64) is based on the (yet unreleased) 3.2.68-1 Debian kernel, patched with grsecurity 3.1-3.2.68-201503251805, and has the version 3.2.68-1~grsec1.

It works fine here, but as always, no warranty. If any problem occurs, try to reproduce using vanilla 3.2.68 + grsec patch before reporting here.

And now that Jessie release approaches, the question of what to do with those Debian/grsec kernel still arrise: the Jessie kernel is based on the 3.16 branch, which is not a (kernel.org) long term branch. Actually, the support already ended some times ago, and the (long term) maintainance is now assured by the Canonical Kernel Team (thus the -ckt suffix) with some help from the Debian kernel maintainers. So there's no Grsecurity patch following 3.16, and there's no easy way to forward-port the 3.14 patches.

At that point, and considering the support I got the last few years on this initiative, I don't think it's really worth it to continue providing those kernels.

One initiative which might be interesting, though, is the Mempo kernels. The Mempo team works on kernel reproducible builds, but they also include the grsecurity patch. Unfortunately, it seems that building the kernel their way involves calling a bash script which calls another one, and another one. A quick look at the various repositories is only enough to confuse me about how actually they build the kernel, in the end, so I'm unsure it's the perfect fit for a supposedly secure kernel. Not that the Debian way of building the kernel doesn't involves calling a lot of scripts (either bash or python), but still. After digging a bit, it seems that they're using make-kpkg (from the kernel-package package), which is not the recommended way anymore. Also, they're currently targeting Wheezy, so the 3.2 kernel, and I have no idea what they'll chose for Jessie.

In the end, for myself, I might just do a quick script which takes a git repository at the right version, pick the latest grsec patch for that branch, applies it, then run make deb-pkg and be done with it. That still leaves the problem of which branch to follow:

  • run a 3.14 kernel instead of the 3.16 (I'm unsure how much I'd lose / not gain from going to 3.2 to 3.14 instead of 3.16);
  • run a 3.19 kernel, then upgrade when it's time, until a new LTS branch appears.

There's also the config file question, but if I'm just using the kernels for myself and not sharing them, it's also easier, although if some people are actually interested it's not hard to publish them.

Robots4Us: DARPA's Response To Mounting Robophobia

Slashdot.org - Hën, 30/03/2015 - 10:00md
malachiorion writes DARPA knows that people are afraid of robots. Even Steve Wozniak has joined the growing chorus of household names (Musk, Hawking, Gates) who are terrified of bots and AI. And the agency's response--a video contest for kids--is equal parts silly and insightful. It's called Robots4Us, and it asks high schoolers to describe their hopes for a robot-assisted future. Five winners will be flown to the DARPA Robotics Competition Finals this June, where they'll participate in a day-after discussion with experts in the field. But this isn't quite as useless as it sounds. As DRC program manager Gill Pratt points out, it's kids who will be impacted by the major changes to come, moreso than people his age.

Read more of this story at Slashdot.

Matthias Klumpp: Limba Project: Another progress report

Planet Debian - Hën, 30/03/2015 - 9:46md

And once again, it’s time for another Limba blogpost

Limba is a solution to install 3rd-party software on Linux, without interfering with the distribution’s native package manager. It can be useful to try out different software versions, use newer software on a stable OS release or simply to obtain software which does not yet exist for your distribution.

Limba works distribution-independent, so software authors only need to publish their software once for all Linux distributions.

I recently released version 0.4, with which all most important features you would expect from a software manager are complete. This includes installing & removing packages, GPG-signing of packages, package repositories, package updates etc. Using Limba is still a bit rough, but most things work pretty well already.

So, it’s time for another progress report. Since a FAQ-like list is easier to digest. compared to a long blogpost, I go with this again. So, let’s address one important general question first:

How does Limba relate to the GNOME Sandboxing approach?

(If you don’t know about GNOMEs sandboxes, take a look at the GNOME Wiki – Alexander Larsson also blogged about it recently)

First of all: There is no rivalry here and no NIH syndrome involved. Limba and GNOMEs Sandboxes (XdgApp) are different concepts, which both have their place.

The main difference between both projects is the handling of runtimes. A runtime is the shared libraries and other shared ressources applications use. This includes libraries like GTK+/Qt5/SDL/libpulse etc. XdgApp applications have one big runtime they can use, built with OSTree. This runtime is static and will not change, it will only receive critical security updates. A runtime in XdgApp is provided by a vendor like GNOME as a compilation of multiple single libraries.

Limba, on the other hand, generates runtimes on the target system on-the-fly out of several subcomponents with dependency-relations between them. Each component can be updated independently, as long as the dependencies are satisfied. The individual components are intended to be provided by the respective upstream projects.

Both projects have their individual up and downsides: While the static runtime of XdgApp projects makes testing simple, it is also harder to extend and more difficult to update. If something you need is not provided by the mega-runtime, you will have to provide it by yourself (e.g. we will have some applications ship smaller shared libraries with their binaries, as they are not part of the big runtime).

Limba does not have this issue, but instead, with its dynamic runtimes, relies on upstreams behaving nice and not breaking ABIs in security updates, so existing applications continue to be working even with newer software components.

Obviously, I like the Limba approach more, since it is incredibly flexible, and even allows to mimic the behaviour of GNOMEs XdgApp by using absolute dependencies on components.

Do you have an example of a Limba-distributed application?

Yes! I recently created a set of package for Neverball – Alexander Larsson also created a XdgApp bundle for it, and due to the low amount of stuff Neverball depends on, it was a perfect test subject.

One of the main things I want to achieve with Limba is to integrate it well with continuous integration systems, so you can automatically get a Limba package built for your application and have it tested with the current set of dependencies. Also, building packages should be very easy, and as failsafe as possible.

You can find the current Neverball test in the Limba-Neverball repository on Github. All you need (after installing Limba and the build dependencies of all components) is to run the make_all.sh script.

Later, I also want to provide helper tools to automatically build the software in a chroot environment, and to allow building against the exact version depended on in the Limba package.

Creating a Limba package is trivial, it boils down to creating a simple “control” file describing the dependencies of the package, and to write an AppStream metadata file. If you feel adventurous, you can also add automatic build instructions as a YAML file (which uses a subset of the Travis build config schema)

This is the Neverball Limba package, built on Tanglu 3, run on Fedora 21:

Which kernel do I need to run Limba?

The Limba build tools run on any Linux version, but to run applications installed with Limba, you need at least Linux 3.18 (for Limba 0.4.2). I plan to bump the minimum version requirement to Linux 4.0+ very soon, since this release contains some improvements in OverlayFS and a few other kernel features I am thinking about making use of.

Linux 3.18 is included in most Linux distributions released in 2015 (and of course any rolling release distribution and Fedora have it).

Building all these little Limba packages and keeping them up-to-date is annoying…

Yes indeed. I expect that we will see some “bigger” Limba packages bundling a few dependencies, but in general this is a pretty annoying property of Limba currently, since there are so few packages available you can reuse. But I plan to address this. Behind the scenes, I am working on a webservice, which will allow developers to upload Limba packages.

This central ressource can then be used by other developers to obtain dependencies. We can also perform some QA on the received packages, map the available software with CVE databases to see if a component is vulnerable and publish that information, etc.

All of this is currently planned, and I can’t say a lot more yet. Stay tuned! (As always: If you want to help, please contact me)

Are the Limba interfaces stable? Can I use it already?

The Limba package format should be stable by now – since Limba is still Alpha software, I will however, make breaking changes in case there is a huge flaw which makes it reasonable to break the IPK package format. I don’t think that this will happen though, as the Limba packages are designed to be easily backward- and forward compatible.

For the Limba repository format, I might make some more changes though (less invasive, but you might need to rebuilt the repository).

tl;dr: Yes! Plase use Limba and report bugs, but keep in mind that Limba is still in an early stage of development, and we need bug reports!

Will there be integration into GNOME-Software and Muon?

From the GNOME-Software side, there were positive signals about that, but some technical obstancles need to be resolved first. I did not yet get in contact with the Muon crew – they are just implementing AppStream, which is a prerequisite for having any support for Limba[1].

Since PackageKit dropped the support for plugins, every software manager needs to implement support for Limba.

So, thanks for reading this (again too long) blogpost There are some more exciting things coming soon, especially regarding AppStream on Debian/Ubuntu!

 

[1]: And I should actually help with the AppStream support, but currently I can not allocate enough time to take that additional project as well – this might change in a few weeks. Also, Muon does pretty well already!

China's Foreign Ministry: China Did Not Attack Github, We Are the Major Victims

Slashdot.org - Hën, 30/03/2015 - 9:17md
An anonymous reader writes At the Regular Press Conference on March 30, China's Foreign Ministry Spokesperson Hua Chunying responded on the charge of DDoS attack over Github. She said: "It is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I'd like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner."

Read more of this story at Slashdot.

Book Review: Future Crimes

Slashdot.org - Hën, 30/03/2015 - 8:34md
benrothke writes Technology is neutral and amoral. It's the implementers and users who define its use. In Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It, author Marc Goodman spends nearly 400 pages describing the dark side of technology, and those who use it for nefarious purposes. He provides a fascinating overview of how every major technology can be used to benefit society, and how it can also be exploited by those on the other side. Keep reading for the rest of Ben's review.

Read more of this story at Slashdot.

Sign Up At irs.gov Before Crooks Do It For You

Slashdot.org - Hën, 30/03/2015 - 7:53md
tsu doh nimh writes If you're an American and haven't yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Brian Krebs shows how easy it is for scammers to register an account in your name and view you current and past W2s and tax filings with the IRS, and tells the story of a New York man who — after receiving notice from the agency that someone had filed a phony return in his name — tried to get a copy of his transcript and found someone had already registered his SSN to an email address that wasn't his. Apparently, having a credit freeze prevents thieves from doing this, because the IRS relies on easily-guessed knowledge-based authentication questions from Equifax.

Read more of this story at Slashdot.

Faqet

Subscribe to AlbLinux agreguesi - Site në gjuhë të huaj