An anonymous reader writes: A sexual health clinic in London accidentally disclosed the HIV positive status of almost 800 patients. The Guardian reports: "The health secretary, Jeremy Hunt, has ordered an inquiry into how the NHS handles confidential medical information after the “completely unacceptable” breach of the privacy of hundreds of HIV patients. The 56 Dean Street clinic in London apologized on Wednesday after sending a newsletter on Tuesday which disclosed the names and email addresses of about 780 recipients. The newsletter is intended for people using its HIV and other sexual health services, and gives details of treatments and support.
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×
itwbennett writes: Researchers from security firm Rapid7 have found serious vulnerabilities in nine video baby monitors from various manufacturers. Among them: Hidden and hard-coded credentials providing local and remote access over services like SSH or Telnet; unencrypted video streams sent to the user's mobile phone; unencrypted Web and mobile application functions and unprotected API keys and credentials; and other vulnerabilities that could allow attackers to abuse the devices, according to a white paper released Tuesday. Rapid7 reported the issues it found to the affected manufacturers and to US-CERT back in July, but many vulnerabilities remain unpatched.
An anonymous reader writes: After buying Israeli startup company Hyperwise earlier this year, Check Point Software Technologies (Nasdaq: CHKP) now unveils its newest solution for defeating malware. Their new offering called SandBlast includes CPU-Level Threat Emulation that was developed in Hyperwise which is able to defeat exploits faster and more accurately than any other solution by leveraging CPU deubgging instruction set in Intel Haswell, unlike known anti-exploitation solutions like kBouncer or ROPecker which use older instruction sets and are therefore bypassable. SandBlast also features Threat Extraction — the ability to extract susceptible parts from incoming documents.
Mark Wilson writes: Two security researchers have discovered a serious vulnerability in OS X that could allow an attacker to steal passwords and other credentials in an almost invisible way. Antoine Vincent Jebara and Raja Rahbani — two of the team behind the myki identity management security software — found that a series of terminal commands can be used to extract a range of stored credentials. What is particularly worrying about the vulnerability is that it requires virtually no interaction from the victim; simulated mouse clicks can be used to click on hidden buttons to grant permission to access the keychain. Apple has been informed of the issue, but a fix is yet to be issued. The attack, known as brokenchain, is disturbingly easy to execute. Ars reports that this weakness has been exploited for four years.
HughPickens.com writes: Olga Khazan writes in The Atlantic that learning to program involves a lot of Googling, logic, and trial-and-error—but almost nothing beyond fourth-grade arithmetic. Victoria Fine explains how she taught herself how to code despite hating math. Her secret? Lots and lots of Googling. "Like any good Google query, a successful answer depended on asking the right question. "How do I make a website red" was not nearly as successful a question as "CSS color values HEX red" combined with "CSS background color." I spent a lot of time learning to Google like a pro. I carefully learned the vocabulary of HTML so I knew what I was talking about when I asked the Internet for answers." According to Khazan while it's true that some types of code look a little like equations, you don't really have to solve them, just know where they go and what they do. "In most cases you can see that the hard maths (the physical and geometry) is either done by a computer or has been done by someone else. While the calculations do happen and are essential to the successful running of the program, the programmer does not need to know how they are done." Khazan says that in order to figure out what your program should say, you're going to need some basic logic skills and you'll need to be skilled at copying and pasting things from online repositories and tweaking them slightly. "But humanities majors, fresh off writing reams of term papers, are probably more talented at that than math majors are."
Percentage of others that also voted for:
You have already voted on this poll.
MojoKid writes: Motorola's first generation Moto 360 smartwatch was one of the first Android Wear smartwatches to hit the market, and because of its round display, became the immediate flag bearer for the Android Wear platform. As new competition has entered the fray — including entries from Apple with the Apple Watch and Samsung with the Gear S2 — Motorola is announcing a second generation smartwatch that solves most of the complaints of the previous model. Motorola has ditched the archaic Texas Instruments OMAP 3 processor in the original Moto 360. The new second generation Moto 360 brings a more credible 1.2GHz, quad-core Qualcomm Snapdragon 400 processor and Adreno 305 graphics to the table. You'll also find 512MB of RAM and 4GB of storage. And if you didn't like the largish dimensions of the previous Moto 360, you'll be glad to know that Motorola is offering two sizes this time around. There's a 46mm diameter case that comes with a 360x330 display and a smaller 42mm diameter case that houses a 360x325 display. Motorola has also introduced a dedicated women's model of the Moto 360 which features a 42mm diameter case and accepts smaller 16mm bands. As for battery life, Motorola says that the men's and women's 42mm models comes with a 300 mAh battery which is good for up to 1.5 days of mixed use, while the 46mm watch comes with a larger 400 mAh battery which is good for up to 2 days on charge.
msm1267 writes: Netflix has released a tool it calls Sleepy Puppy. The tool injects cross-site scripting payloads into a target app that may not be vulnerable, but could be stored in a database and tracks the payload if it's reflected to a secondary application that makes use of the data in the same field. "We were looking for a way to provide coverage on applications that come from different origins or may not be publicly accessible," said co-developer Scott Behrens, a senior application security engineer at Netflix. "We also wanted to observe where stored data gets reflected back, and how data that may be stored publicly could also be reflected in a large number of internal applications." Sleepy Puppy is available on Netflix's Github repository and is one of a slew of security tools its engineers have released to open source.
Nerval's Lobster writes: So what if you work for a tech company that offers free lunch, in-house gym, and dry cleaning? A new survey suggests that a majority of software engineers, developers, and sysadmins are miserable. Granted, the survey in question only involved 5,000 respondents, so it shouldn't be viewed as comprehensive (it was also conducted by a company that deals in employee engagement), but it's nonetheless insightful into the reasons why a lot of tech pros apparently dislike their jobs. Apparently perks don't matter quite so much if your employees have no sense of mission, don't have a clear sense of how they can get promoted, and don't interact with their co-workers very well. While that should be glaringly obvious, a lot of companies are still fixated on the idea that minor perks will apparently translate into huge morale boosts; but free smoothies in the cafeteria only goes so far.
An anonymous reader writes: At the beginning of August the Blender Institute released Cosmos Laundromat: First Cycle, its seventh open project. More than just a 10-minute short film, Cosmos Laundromat is the Blender Institute's most ambitious project, a pilot for the first fully free and open animated feature film. In his article on Opensource.com animator and open source advocate Jason van Gumster highlights the film project and takes a look at some of its most significant contributions to the Blender open source project.
kthreadd writes: Version 1.5.24 of the Mutt email client has been released. New features in this release includes among other things terminal status-line (TS) support, a new color object 'prompt', the ability to encrypt postponed messages and opportunistic encryption which automatically enables/disables encryption based on message recipients. SSLv3 is now also disabled by default.
the_newsbeagle writes: That's what one neuroscientist is aiming to find out. He wants to put patients with a type of amblyopia, the vision problem commonly called lazy eye, into the dark for 5 days. His hypothesis: When they emerge, their brains' visual cortices will be temporarily "plastic" and changeable, and may begin to process the visual signals from their bad eyes correctly. Before he could do this study, though, he had to do a test run to figure out logistics. So he himself lived in a pitch black room for 5 days. One finding: Eating ravioli in the dark is hard.
MarkWhittington writes: China has not sent people into space since the mission of the Shenzhou 10 to the prototype space station Tiangong 1 in June 2013. Since then the Chinese have accomplished the landing of the Chang'e 3 on the lunar surface. According to a story in Space Daily, the hiatus in Chinese crewed spaceflight is about to end with the launch of the Tiangong-2 prototype space station in 2016 with the subsequent visit by a crew of Chinese astronauts on board the Shenzhou 11. The mission will be a prelude to the construction of a larger Chinese space station, slated to be completed by 2022.
An anonymous reader writes: A team of researchers at the University of South Alabama is investigating potential breaches of medical devices used in training, taking the mannequin iStan as its prime target in its scenario-based research. Identifying the network security solution and network protocol as the vulnerable components, the team was able to carry out brute force attacks against the router PIN, and denial of service (DDoS) attacks, using open source tools such as BackTrack.
An anonymous reader writes: Yesterday, Google announced a logo change that many on Slashdot have probably already encountered. The logo, according to the technology supergiant, was updated to reflect the fact that people "interact with Google products across many different platforms, apps and devices—sometimes all in a single day." This differentiates from the past when people only used a desktop PC to access Google's services.
An anonymous reader writes: Sony has taken the wraps off its new Xperia Z5 Premium smartphone, which has a 5.5" display that operates at 4k resolution. "The company acknowledged that there was still a limited amount of professional content available in 4K — which provides about four times the number of pixels as 1080p high definition video. But it said the Z5 Premium would upscale videos streamed from YouTube and Netflix to take advantage of the display." Sony's answer to the obvious battery concerns raised by such a pixel-dense (808 ppi) screen was to use a 3,430 mAh battery and memory-on-display technology. The video upscaling can also be turned off to decrease battery drain.