Forgot your password?
typodupeerror

Please create an account to participate in the Slashdot moderation system

Security

Point-of-Sale System Bought On eBay Yields Treasure Trove of Private Data 68

Posted by Soulskill
from the low-hanging-fruit dept.
jfruh writes: Point-of-sale systems aren't cheap, so it's not unusual for smaller merchants to buy used terminals second-hand. An HP security researcher bought one such unit on eBay to see what a used POS system will get you, and what he found was disturbing: default passwords, a security flaw, and names, addresses, and social security numbers of employees of the terminal's previous owner.
HP

HP Claims Their Moonshot System is a 'New Style of IT' (Video) 68

Posted by Roblimo
from the my-server-uses-less-power-than-yours dept.
Didn't we already have something kind of like this called a Blade server? But this is better! An HP Web page devoted to Moonshot says, 'Compared to traditional servers, up to: 89% less energy; 80% less space; 77% less cost; and 97% less complex.' If this is all true, the world of servers is now undergoing a radical change. || A quote from another Moonshot page: "The HP Moonshot 1500 Chassis has 45 hot-pluggable servers installed and fits into 4.3U. The density comes in part from the low-energy, efficient processors. The innovative chassis design supports 45 servers, 2 network switches, and supporting components.' These are software-defined servers. HP claims they are the first ones ever, a claim that may depend on how you define "software-defined." And what software defines them? In this case, at Texas Linux Fest, it seems to be Ubuntu Linux. (Alternate Video Link)
HP

Dell Exec Calls HP's New 'Machine' Architecture 'Laughable' 173

Posted by timothy
from the color-everyone-surprised dept.
jfruh (300774) writes HP's revelation that it's working on a radical new computing architecture that it's dubbed "The Machine" was met with excitement among tech observers this week, but one of HP's biggest competitors remains extremely unimpressed. John Swanson, the head of Dell's software business, said that "The notion that you can reach some magical state by rearchitecting an OS is laughable on the face of it." And Jai Memnon, Dell's research head, said that phase-change memory is the memory type in the pipeline mostly like to change the computing scene soon, not the memristors that HP is working on.
HP

HP Unveils 'The Machine,' a New Computer Architecture 257

Posted by Soulskill
from the generic-names-are-all-the-rage dept.
pacopico writes: HP Labs is trying to make a comeback. According to Businessweek, HP is building something called The Machine. It's a type of computer architecture that will use memristors for memory and silicon photonics for interconnects. Their plan is to ship within the next few years. As for The Machine's software, HP plans to build a new operating system to run on the novel hardware. The new computer is meant to solve a coming crisis due to limitations around DRAM and Flash. About three-quarters of HP Labs personnel are working on this project.
Security

IPMI Protocol Vulnerabilities Have Long Shelf Life 62

Posted by samzenpus
from the protect-ya-neck dept.
msm1267 (2804139) writes "If enterprises are indeed moving services off premises and into the cloud, there are four letters those companies' IT organizations should be aware of: IPMI. Short for Intelligent Platform Management Interface, these tiny computers live as an embedded Linux system attached to the motherboards of big servers from vendors such as IBM, Dell and HP. IPMI is used by a Baseboard Management Controller (BMC) to manage Out-of-Band communication, essentially giving admins remote control over servers and devices, including memory, networking capabilities and storage. This is particularly useful for hosting providers and cloud services providers who must manage gear and data in varied locations.

Noted researchers Dan Farmer, creator of the SATAN vulnerability scanner, and HD Moore, creator of Metasploit, have been collaborating on research into the vulnerabilities present in IPMI and BMCs and the picture keeps getting uglier. Last July, Farmer and Moore published some research on the issue based upon work Farmer was doing under a DARPA Cyber Fast Track Grant that uncovered a host of vulnerabilities, and Internet-wide scans for the IPMI protocol conducted by Moore. Farmer released a paper called 'Sold Down the River,' in which he chastises big hardware vendors for ignoring security vulnerabilities and poor configurations that are trivial to find and exploit."
Education

Parents Mobilize Against States' Student Data Mining 139

Posted by Soulskill
from the you-can-trust-us dept.
theodp writes 'Politico reports that parents have mobilized into an unexpected political force to fight the data mining of their children, catapulting student privacy to prominence in statehouses. Having already torpedoed the $100 million, Bill Gates-funded inBloom database project, which could have made it easier for schools to share confidential student records with private companies, the amateur activists are now rallying against another perceived threat: huge state databases being built to track children for more than two decades, from as early as infancy through the start of their careers. "The Education Department," writes Stephanie Simon, "lists hundreds of questions that it urges states to answer about each child in the public school system: Did she make friends easily as a toddler? Was he disciplined for fighting as a teen? Did he take geometry? Does she suffer from mental illness? Did he go to college? Did he graduate? How much does he earn?" Leonie Haimson, a NY mother who is organizing a national Parent Coalition for Student Privacy says, "Every parent I've talked to has been horrified. We just don't want our kids tracked from cradle to grave." For their part, ed tech entrepreneurs and school reformers are both bewildered by and anxious about the backlash — and struggling to craft a response, having assumed parents would support their vision: to mine vast quantities of data for insights into what's working, and what's not, for individual students and for the education system as a whole. "People took for granted that parents would understand [the benefits], that it was self-evident," said Michael Horn, a co-founder an education think tank."
Android

HP (Re-)Announces a 14" Android Laptop 121

Posted by timothy
from the beats-audio-without-an-apple-logo dept.
PC Mag reports that an upcoming laptop from HP (one that was prematurely announced in April, and now official) has decent-to-good specs — under 4 pounds, battery life more than 8 hours, Tegra processor, and a 1928x1080 touch screen — but an unusual operating system, at least for a laptop. The SlateBook 14 will run Android, rather than Windows (or ChromeOS, for that matter), which helps keep it relatively cheap, at $400. According to the article, Android is "a lot cheaper for HP to implement in a laptop; ChromeOS, in contrast, comes with more stringent system requirements that would cost HP a bit more." Ars Technica's mention in April includes a screenshot taken from a video (note: video itself appears to be disabled) which shows the keyboard layout and which reveals some Android-specific changes. Update: 06/01 19:23 GMT by T : Here's an alternative link to the promotional video.
Encryption

OpenSSL To Undergo Security Audit, Gets Cash For 2 Developers 132

Posted by timothy
from the can-we-send-them-snacks? dept.
Trailrunner7 (1100399) writes "Scarcely a month after announcing the formation of a group designed to help fund open source projects, the Core Infrastructure Initiative has decided to provide the OpenSSL Project with enough money to hire two full-time developers and also will fund an audit of OpenSSL by the Open Crypto Audit Project. The CII is backed by a who's who of tech companies, including Google, Microsoft, IBM, the Linux Foundation, Facebook and Amazon, and the group added a number of new members this week, as well. Adobe, Bloomberg, HP Huawei and Salesforce.com have joined the CII and will provide financial backing. Now, the OCAP team, which includes Johns Hopkins professor and cryptographer Matthew Green, will have the money to fund an audit of OpenSSL, as well. OpenSSL took a major hit earlier this year with the revelation of the Heartbleed vulnerability, which sent the Internet into a panic, as the software runs on more than 60 percent of SSL-protected sites."
Books

Book Review: Hacking Point of Sale 56

Posted by samzenpus
from the read-all-about-it dept.
benrothke (2577567) writes "The only negative thing to say about Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions is its title. A cursory look at it may lead the reader that this is a book for a script kiddie, when it is in fact a necessary read for anyone involved with payment systems. The book provides a wealth of information that is completely pragmatic and actionable. The problem is, as the book notes in many places, that one is constantly patching a system that is inherently flawed and broken." Keep reading for the rest of Ben's review.
HP

HP Delivers a Big-Name, 7-inch Android Tablet For $100: Comes With Compromises 182

Posted by timothy
from the good-thing-about-races-to-the-bottom. dept.
Ars Technica reports that HP is back in the $100 tablet market, and this time with a tablet that's intended to be priced there instead of just a fire sale. The new offering lacks Bluetooth and GPS, among other features you might wish for in a tablet, and the screen is surrounded by a hefty bezel, but manages a pretty good list of features. Ars summarizes: "For $100, you can't expect much of the spec sheet. The HP 7 Plus has a 7-inch 1024x600 IPS display, a 1GHz quad-core Cortex A7 processor (made by a company called "Allwinner"), 1GB of RAM, 8GB of storage, 802.11 b/g/n, a microSD slot, and a 2800 mAh battery. The biggest downside HP could have fixed at this price point is the software: it's only running Android 4.2.2. Android versions are free, HP." Having an avaialble microSD slot beats some more expensive options, too.
HP

HP Makes More Money, Cuts 16,000 Jobs 288

Posted by timothy
from the leaner-yet dept.
jfruh (300774) writes "Good news for HP: Profits are up by 18% over the previous year! Bad news for HP: A lot of those profits are from post-Windows XP PC upgrades, and company revenue actually dipped 1%. The solution, according to CEO Meg Whitman, is "continuous improvement in our cost structure," which means firing thousands of people. At the end of the next round of layoffs, the company will have shed 50,000 employees since 2012." New submitter Deveauxes (3664417) links to a similar story from CNN's news service, according to which "HP said the latest layoffs would come across all its business units and geographic locations, and would generate $1 billion in annual savings beyond the $3.5 to $4 billion projected from the previously announced cuts. 'No company likes to decrease the work force, and we recognize that this is difficult for employees,' CEO Meg Whitman said in a conference call with analysts. 'I think everyone understands the turnaround we're in.'"
Microsoft

New IE 8 Zero Day Discovered 134

Posted by samzenpus
from the no-shortage dept.
Trailrunner7 (1100399) writes "Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch, so HP's Zero Day Initiative, which is handling the bug, published its advisory Wednesday. The ZDI has a policy of disclosing vulnerability details after 180 days if the vendor hasn't produced a patch. The use-after-free flaw lies in the way that IE handles CMarkup objects, and ZDI's advisory says that an attacker can take advantage of it to run arbitrary code."
Open Source

OpenStack: the Open Source Cloud That Vendors Love and Users Are Ignoring 99

Posted by Soulskill
from the not-enough-sexy-buzzwords dept.
Brandon Butler writes: "OpenStack has no shortage of corporate backers. Rackspace, Red Hat, IBM, Dell, HP, Cisco and many others have hopped on board. But many wonder, after four years, shouldn't there be more end users by this point? 'OpenStack backers say this progression is completely normal. Repeating an analogy many have made, Paul Cormier, president of products and technology for Red Hat, says OpenStack’s development is just like the process of building up Linux. This time the transition to a cloud-based architecture is an even bigger technological transformation than replacing proprietary operating systems with Linux. "It’s where Linux was in the beginning," he says about OpenStack's current status. "Linux was around for a while before it really got adopted in the enterprise. OpenStack is going through the same process right now."'"
Transportation

Swedish Fare Dodgers Organize Against Transportation Authorities 389

Posted by samzenpus
from the I-will-not-pay dept.
An anonymous reader writes "Every transit network has its fare beaters, the riders who view payment as either optional or prohibitively expensive. Many cities, most notably New York, view turnstile-jumpers as a top policing priority, reasoning that scofflaws might graduate to more serious crimes if left alone. But in Stockholm, the offenders seem to have defeated the system. From the article: 'For over a decade, Mr. Tengblad has belonged to a group known as Planka.nu (rough translation: “free-ride.now”), an organization with only two prerequisites for admission: Members must pay a monthly fee of about $15 and, as part of a continuous demonstration against the fare, promise to evade payment every time they ride. If travelers keep their side of the agreement, the group will cover any of the roughly $180 fines that might result. (An unlimited ride pass for 30 days costs about $120.)'"
Open Source

HP Joins OpenDaylight Project 37

Posted by samzenpus
from the join-the-gang dept.
Mcusanelli (3564469) writes "HP has become the most recent platinum member of OpenDaylight, the open source software-defined networking (SDN) project sponsored by the Linux Foundation. From the article: 'The Linux Foundation, which sponsors OpenDaylight as a collaborative project, is welcoming the addition of HP to the line-up of vendors helping to lead OpenDaylight -- which already includes Brocade, Cisco, Citrix, Ericsson, IBM, Juniper, Microsoft and Red Hat as platinum members -- as a sign of industry convergence around OpenDaylight as the SDN platform of choice. "We are seeing all the major players aligning their SDN strategies around OpenDaylight. HP will be another galvanizing force for the project and industry, bringing the spirit of partnership and collaboration that has made them so successful," Neela Jacques, executive director, OpenDaylight, said in a statement.'"
Science

Meet Ununseptium, Best Contender Yet For Element 117 54

Posted by timothy
from the new-number-between-7-and-8 dept.
From Motherboard comes this description of what may turn out to be the newest entry on the periodic table, newly synthesized element 117, created by researchers at the GSI Helmholtz Centre for Heavy Ion Research of Darmstadt, Germany, and described in results published this week in Physical Review Letters. From the article: "Element 117 has been temporarily given the very literal name ununseptium (one-one-seven in Latin), and will only honored with a real name once the the International Union of Pure and Applied Physics and Chemistry (IUPAPC) confirms its synthesis at the GSI accelerator. Ununseptium is 40 percent heavier than lead, making it on par with the heaviest atoms ever observed. ... Its properties seem to confirm that the existence of the so-called “island of stability”—a theory suggesting that the half-lives of superheavy isotopes will lengthen as their atomic numbers increase further away from uranium. Any element with an atomic number greater than 103 is considered superheavy (or in the 'transactinide class,' if you prefer the scientific jargon). Transactinides can only be observed artificially in a laboratory, and synthesizing them is no easy task." Note: that "real name" process isn't a mere formality; just a few years ago, another attempt to synthesize a 117th element looked promising enough to be declared done, but could not be confirmed with the IUPAPC's tests.
United States

"Smart" Gun Seller Gets the Wrong Kind of Online Attention 1374

Posted by timothy
from the or-maybe-that's-exactly-the-right-kind dept.
R3d M3rcury (871886) writes "How's this for a good idea? A gun that won't fire unless it's within 10 inches of a watch? That's the iP1 from Armatrix. Of course, don't try to sell it here in the United States." From the NY Times article linked: "[Armatrix employee] Belinda Padilla does not pick up unknown calls anymore, not since someone posted her cellphone number on an online forum for gun enthusiasts. Then someone snapped pictures of the address where she has a P.O. box and put those online, too. In a crude, cartoonish scrawl, this person drew an arrow to the blurred image of a woman passing through the photo frame. 'Belinda?" the person wrote. "Is that you?" ... "I have no qualms with the idea of personally and professionally leveling the life of someone who has attempted to profit from disarming me and my fellow Americans," one commenter wrote." The article paints a fairly rosy picture of the particular technology that Armatrix is pushing, but their ID-checking gun seems to default to an unfireable state, which might not always be an attractive feature. And given that at least one state — New Jersey — has hinged a gun law on the commercial availability of these ID-linked guns, it's not surprising that some gun owners dislike a company that advertises this kind of system as "the future of the firearm."
Power

The Koch Brothers Attack On Solar Energy 769

Posted by samzenpus
from the there-goes-the-sun dept.
Hugh Pickens DOT Com (2995471) writes "The NYT writes in an editorial that for the last few months, the Koch brothers and their conservative allies in state government have been spending heavily to fight incentives for renewable energy, by pushing legislatures to impose a surtax on this increasingly popular practice, hoping to make installing solar panels on houses less attractive. 'The coal producers' motivation is clear: They see solar and wind energy as a long-term threat to their businesses. That might seem distant at the moment, when nearly 40 percent of the nation's electricity is still generated by coal, and when less than 1 percent of power customers have solar arrays. But given new regulations on power-plant emissions of mercury and other pollutants, and the urgent need to reduce global warming emissions, the future clearly lies with renewable energy.' For example, the Arizona Public Service Company, the state's largest utility, funneled large sums through a Koch operative to a nonprofit group that ran an ad claiming net metering would hurt older people on fixed incomes (video) by raising electric rates. The ad tried to link the requirement to President Obama. Another Koch ad likens the renewable-energy requirement to health care reform, the ultimate insult in that world. 'Like Obamacare, it's another government mandate we can't afford,' the narrator says. 'That line might appeal to Tea Partiers, but it's deliberately misleading,' concludes the editorial. 'This campaign is really about the profits of Koch Carbon and the utilities, which to its organizers is much more important than clean air and the consequences of climate change.'"
IT

HealthCare.gov Back-End Status: See You In September 251

Posted by Soulskill
from the later-than-sooner dept.
theodp writes: "The consumer-facing parts of the Obamacare website may now work (most of the time) for people buying insurance, writes Politico, but beneath the surface, HealthCare.gov is still missing massive, critical pieces that are essential for key functions such as accurately paying insurers — and the deadline for finishing them keeps slipping. Without a fully built and operational system, federal officials can't determine how many of the 8 million Obamacare sign-ups announced last week will have actually paid their premiums. The Obama administration earlier this month indicated that insurers will continue to be paid through an 'interim' accounting process — pretty much a spreadsheet and some informed estimates — until at least September, when what is being called 'the mother of all reconciliations' will be conducted, which some fear could reveal the need for a massive correction and rate adjustments. Still, Oregon decided Friday to switch to Healthcare.gov from its own nothing-wrong-that-$78-million-couldn't-fix Cover Oregon online healthcare exchange."

Programmers do it bit by bit.

Working...