Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Security

Most Healthcare Managers Admit Their IT Systems Have Been Compromised 61

Lucas123 writes: Eighty-one percent of healthcare IT managers say their organizations have been compromised by at least one malware, botnet or other kind of cyber attack during the past two years, and only half of those managers feel that they are adequately prepared to prevent future attacks, according to a new survey by KPMG. The KPMG survey polled 223 CIOs, CTOs, chief security officers and chief compliance officers at healthcare providers and health plans, and found 65% indicated malware was most frequently reported line of attack during the past 12 to 24 months. Additionally, those surveyed indicated the areas with the greatest vulnerabilities within their organization include external attackers (65%), sharing data with third parties (48%), employee breaches (35%), wireless computing (35%) and inadequate firewalls (27%). Top among reasons healthcare facilities are facing increased risk, was the adoption of digital patient records and the automation of clinical systems.
Communications

A "Public Health" Approach To Internet of Things Security 33

New submitter StewBeans writes: Guaranteeing your personal privacy in an era when more and more devices are connecting our daily lives to the Internet is becoming increasingly difficult to do. David Bray, CIO of the FCC, emphasizes the exponential growth we are facing by comparing the Internet we know today to a beachball, and the Internet of Everything future to the Sun. Bray says unless you plan to unplug from the Internet completely, every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything. He says this might look similar to public health on the consumer side — the digital equivalent of hand washing — and involve an open, opt-in model for the rapid detection of abnormal trends across global organizations and networks.
Graphics

AMD Unveils Radeon R9 Nano, Targets Mini ITX Gaming Systems With a New Fury 51

MojoKid writes: AMD today added a third card to its new Fury line that's arguably the most intriguing of the bunch, the Radeon R9 Nano. True to its name, the Nano is a very compact card, though don't be fooled by its diminutive stature. Lurking inside this 6-inch graphics card is a Fiji GPU core built on a 28nm manufacturing process paired with 4GB of High Bandwidth Memory (HBM). It's a full 1.5 inches shorter than the standard Fury X, and unlike its liquid cooled sibling, there's no radiator and fan assembly to mount. The Fury Nano sports 64 compute units with 64 stream processors each for a total of 4,096 stream processors, just like Fury X. It also has an engine clock of up to 1,000MHz and pushes 8.19 TFLOPs of compute performance. That's within striking distance of the Fury X, which features a 1,050MHz engine clock at 8.6 TFLOPs. Ars Technica, too, takes a look at the new Nano.
Operating Systems

Contiki 3.0 Released, Retains Support For Apple II, C64 37

An anonymous reader writes that on Wednesday the Contiki team announced the release of Contiki 3.0, the latest version of the open source IoT operating system. The 3.0 release is a huge step up from the 2.x branch and brings support for new and exciting hardware, a set of new network protocols, a bunch of improvements in the low-power mesh networking protocols, along with a large number of general stability improvements. And, yes, the system still runs on the Commodore 64/128, Apple II, Atari.
Programming

In Praise of the Solo Programmer 100

HughPickens.com writes: Jean-Louis Gassée writes that once upon a time, we were awestruck by the solo programmer who could single-handedly write a magnum opus on a barebones machine like the Apple ][ with its 64 kilobytes of memory and an 8-bit processor running at 1MHz. Once such giant was Paul Lutus, known as the Oregon Hermit, who won a place next to Jobs and Wozniak in the Bandley Drive Hall of Fame for his Apple Writer word processor. "Those were the days Computers and their operating systems were simple and the P in Personal Computers applied to the programmer," writes Gassée. "There's no place for a 2015 Paul Lutus. But are things really that dire?"

As it turns out, the size and complexity of operating systems and development tools do not pose completely insurmountable obstacles; There are still programs of hefty import authored by one person. One such example is Preview, Mac's all-in-one file viewing and editing program. The many superpowers of Apple's Preview does justice to the app's power and flexibility authored by a solo, unnamed programmer who has been at it since the NeXT days. Newer than Preview but no less ambitious, is Gus Mueller's Acorn, an "Image Editor for Humans", now in version 5 at the Mac App Store. Mueller calls his Everett, WA company a mom and pop shop because his spouse Kristin does the documentation when she isn't working as a Physical Therapist. Gus recently released Acorn 5 fixing hundreds of minor bugs and annoyances. "It took months and months of work, it was super boring and mind numbing and it was really hard to justify, and it made Acorn 5 super late," writes Mueller. "But we did it anyway, because something in us felt that software quality has been going downhill in general, and we sure as heck weren't going to let that happen to Acorn."
Verizon

Verizon Retrofits Vintage Legacy Vehicles With Smart Features 86

An anonymous reader writes: Verizon have released an after-market system called Hum that can bring 'smart' features to 150 million existing cars of various vintages going as far back as 1999. The system consists of an on-board diagnostic (OBD) reader plugged into the vehicle's OBD port and a Bluetooth-enabled device clipped to the visor. It's the presence of the ODB port that limits the maximum age of the car to 1996. Hum comes with an app, and enables features such as automatic accident reporting, roadside assistance services and the tracking of stolen cars. The service will cost $14.99 per month via subscription.
IBM

IBM Tells Administrators To Block Tor On Security Grounds 68

Mickeycaskill writes: IBM says Tor is increasingly being used to scan organizations for flaws and launch DDoS, ransomware and other attacks. Tor, which provides anonymity by obscuring the real point of origin of Internet communications, was in part created by the US government, which helps fund its ongoing development, due to the fact that some of its operations rely on the network. However, the network is also widely used for criminal purposes. A report by the IBM says administrators should block access to Tor , noting a "steady increase" an attacks originating from Tor exit nodes, with attackers increasingly using Tor to disguise botnet traffic. "Spikes in Tor traffic can be directly tied to the activities of malicious botnets that either reside within the Tor network or use the Tor network as transport for their traffic," said IBM. "Allowing access between corporate networks and stealth networks can open the corporation to the risk of theft or compromise, and to legal liability in some cases and jurisdictions."
AT&T

AT&T Hotspots Now Injecting Ads 176

An anonymous reader writes: Computer scientist Jonathan Mayer did some investigating after seeing some unexpected ads while he browsed the web at an airport (Stanford hawking jewelry? The FCC selling shoes?). He found that AT&T's public Wi-Fi hotspot was messing with HTTP traffic, injecting advertisements using a service called RaGaPa. As an HTML pages loads over HTTP, the hotspot adds an advertising stylesheet, injects a simple advertisement image (as a backup), and then injects two scripts that control the loading and display of advertising content. Mayer writes, "AT&T has an (understandable) incentive to seek consumer-side income from its free Wi-Fi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user's browsing activity to an undisclosed and untrusted business. It clutters the user's web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service.3 And it introduces security and breakage risks, since website developers generally don't plan for extra scripts and layout elements."
Android

Many Android Users Susceptible To Plug-In Exploit -- And Many Of Them Have It 61

Ars Technica reports that a recently reported remote access vulnerability in Android is no longer just theoretical, but is being actively exploited. After more than 100,000 downloads of a scanning app from Check Point to evaluate users' risk from the attack, says Ars, In a blog post published today, Check Point researchers share a summary of that data—a majority (about 58 percent) of the Android devices scanned were vulnerable to the bug, with 15.84 percent actually having a vulnerable version of the remote access plug-in installed. The brand with the highest percentage of devices already carrying the vulnerable plug-in was LG—over 72 percent of LG devices scanned in the anonymized pool had a vulnerable version of the plug-in.
Bug

Backwards S-Pen Can Permanently Damage Note 5 157

tlhIngan writes: Samsung recently released a new version of its popular Galaxy Note series phablet, the Note 5. However, it turns out that there is a huge design flaw in the design of its pen holder (which Samsung calls the S-pen). If you insert it backwards (pointy end out instead of in), it's possible for it get stuck damaging the S-pen detection features. While it may be possible to fix it (Ars Technica was able to, Android Police was not), there's also a chance that your pen is also stuck the wrong way in permanently as the mechanism that holds the pen in grabs the wrong end and doesn't let go.
Businesses

Ask Slashdot: New Employee System Access Tracking? 87

New submitter mushero writes: We are a fast-growing IT services company with dozens of systems, SaaS tools, dev tools and systems, and more that a new employee might need access to. We struggle to track this, both in terms of what systems a given set of roles will need and then has it been done, as different people manage various systems. And of course the reverse when an employee leaves. Every on-boarding or HR system we've looked at has zero support for this; they are great at getting tax info, your home address, etc. but not for getting you a computer nor access to a myriad of systems. I know in a perfect world it'd all be single-sign-on, but not realistic yet and we have many, many SaaS service that will never integrate. So what have you used for this, how do you track new employee access across dozens of systems, hundreds of employees, new hires every day, etc.?
Cloud

Who Makes the Decision To Go Cloud and Who Should? 154

Esther Schindler writes: It's a predictable argument in any IT shop: Should the techies — with their hands on their keyboards — be the people who decide which technology or deployment is right for the company? Or should CIOs and senior management — with their strategic perspective — be the ones to make the call? Ellis Luk got input from plenty of people about management vs. techies making cloud/on-premise decisions... with, of course, a lot of varying in opinion.
Security

Court: FTC Can Punish Companies With Sloppy Cybersecurity 85

jfruh writes: The Congressional act that created the Federal Trade Commission gave that agency broad powers to punish companies engaged in "unfair and deceptive practices." Today, a U.S. appeals court affirmed that sloppy cybersecurity falls under that umbrella. The case involves data breaches at Wyndham Worldwide, which stored customer payment card information in clear, readable text, and used easily guessed passwords to access its important systems.
Privacy

Ashley Madison Hack Claims First Victims 705

wired_parrot writes: Toronto police are reporting that 2 unconfirmed suicides have been linked to the data breach. This follows pleas from other users of the site for the hackers to not release the data before it was exposed- an anonymous gay Reddit user from Saudi Arabia, where homosexuality is illegal, pleaded for the data to be kept private: "I am about to be killed, tortured, or exiled," he wrote. "And I did nothing." And when The Intercept published a piece condemning the puritanical glee over the data dump, one user who commented on the article said she's been "a long term member" of the site because her spouse's medical condition has affected their intimate life. Her spouse knows she's engaged with other Ashley Madison members, she says, but now fears she will likely lose friends and have to find a new job now that her association with the site is out there. Ashley Madison has now offered a $380,000 reward for information that leads to the arrest and conviction of the hackers who leaked the data. Security researcher Troy Hunt has also posted about the kind of emails he's received from users after the data leak.
Security

Why Car Info Tech Is So Thoroughly At Risk 189

Cory Doctorow reflects in a post at Boing Boing on the many ways in which modern cars' security infrastructure is a white-hot mess. And as to the reasons why, this seems to be the heart of the matter, and it applies to much more than cars: [M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them, even if those bugs are exploited by bad guys, because the bad guys are going to do everything they can to keep the exploit secret so they can milk it for as long as possible, meaning that even if your car is crashed (or bank account is drained) by someone exploiting a bug that the manufacturer has been informed about, you may never know about it. There is a sociopathic economic rationality to silencing researchers who come forward with bugs.
Security

Cheap Thermal Imagers Can Steal User PINs 99

Bismillah writes: A British infosec company has discovered that cheap thermal imaging attachments for smartphones can be used to work out which keys users press on -- for instance -- ATM PIN pads. The thermal imprint last for a minute or longer. That's especially worrying if your PIN takes the form of letters, as do many users' phone-unlock patterns.
Iphone

Apple Launches Free iPhone 6 Plus Camera Replacement Program 68

Mark Wilson writes: Complaints about the camera of the iPhone 6 Plus have been plentiful, and Apple has finally acknowledged that there is a problem. It's not something that affects all iPhone 6 Plus owners, but the company says that phones manufactured between September 2014 and January 2015 could include a failed camera component. Apple has set up a replacement program which enables those with problems with the rear camera to obtain a replacement. Before you get too excited, it is just replacement camera components that are on offer, not replacement iPhones. You'll need to check to see if your phone is eligible at the program website. (Also at TechCrunch.)
Portables

Yet Another Compromising Preinstalled "Glitch" In Lenovo Laptops 89

New submitter execthis writes: Japanese broadcaster NHK is reporting that yet another privacy/security-compromising "glitch" has been found to exist in preinstalled software on Lenovo laptops. The article states that the glitch was found in Spring and that in late July Lenovo began releasing a program to uninstall the difficult-to-remove software. The article does not specify, but it could be referring to a BIOS utility called Lenovo Service Engine (LSE) for which Lenovo has released a security advisory with links to removal tools for various models.
Security

WordPress Hacks Behind Surging Neutrino EK Traffic 51

msm1267 writes: More than 2,000 websites running WordPress have been compromised and are responsible for a surge this week in traffic from the Neutrino Exploit Kit. Attacks against sites running older versions of the content management system, 4.2 and earlier, were spotted by Zscaler. Those sites are backdoored and redirect a victim's browser through iframes to a landing page hosting the exploit kit where a Flash exploit awaits. The exploits generally target Internet Explorer, Zscaler said, and victims' computers are eventually infected with CryptoWall 3.0 ransomware. This analysis is in line with a similar report from the SANS Institute, which pointed the finger at a particular cybercrime group that had steered away from using the prolific Angler Exploit Kit and moved operations to Neutrino.
Canada

Extortionists Begin Targeting AshleyMadison Users, Demand Bitcoin 286

tsu doh nimh writes: It was bound to happen: Brian Krebs reports that extortionists have begun emailing people whose information is included in the leaked Ashleymadison.com user database, threatening to find and contact the target's spouse and alert them if the recipient fails to cough up 1 Bitcoin. Krebs interviews one guy who got such a demand, a user who admits to having had an affair after meeting a woman on the site and who is now worried about the fallout, which he said could endanger his happily married life with his wife and kids. Perhaps inevitable: two Canadian law firms have filed a class action lawsuit against the company, seeking more than half a billion dollars in damages.