Tag: facebook

NIST’s Draft To Remove Periodic Password Change Requirements Gets Vendors’ Approval

An anonymous reader writes: A recently released draft of the National Institute of Standards and Technology’s digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies. The new framework recommends, among other things: “Remove periodic password change requirements.” There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach. Read more of this story at Slashdot.

View article:
NIST’s Draft To Remove Periodic Password Change Requirements Gets Vendors’ Approval

NIST’s Draft To Remove Periodic Password Change Requirements Gets Vendors’ Approval

An anonymous reader writes: A recently released draft of the National Institute of Standards and Technology’s digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies. The new framework recommends, among other things: “Remove periodic password change requirements.” There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach. Read more of this story at Slashdot.

Visit link:
NIST’s Draft To Remove Periodic Password Change Requirements Gets Vendors’ Approval

NIST’s Draft To Remove Periodic Password Change Requirements Gets Vendors’ Approval

An anonymous reader writes: A recently released draft of the National Institute of Standards and Technology’s digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies. The new framework recommends, among other things: “Remove periodic password change requirements.” There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach. Read more of this story at Slashdot.

Taken from:
NIST’s Draft To Remove Periodic Password Change Requirements Gets Vendors’ Approval

UK’s Newest Tokamak Fusion Reactor Has Created Its First Plasma

After being switched on for the first time last Friday, the UK’s newest fusion reactor has successfully generated a molten mass of electrically-charged gas, or plasma, inside its core. Futurism reports: Called the ST40, the reactor was constructed by Tokamak Energy, one of the leading private fusion energy companies in the world. The company was founded in 2009 with the express purpose of designing and developing small fusion reactors to introduce fusion power into the grid by 2030. Now that the ST40 is running, the company will commission and install the complete set of magnetic coils needed to reach fusion temperatures. The ST40 should be creating a plasma temperature as hot as the center of the Sun — 15 million degrees Celsius (27 million degrees Fahrenheit) — by Autumn 2017. By 2018, the ST40 will produce plasma temperatures of 100 million degrees Celsius (180 million degrees Fahrenheit), another record-breaker for a privately owned and funded fusion reactor. That temperature threshold is important, as it is the minimum temperature for inducing the controlled fusion reaction. Assuming the ST40 succeeds, it will prove that its novel design can produce commercially viable fusion power. Read more of this story at Slashdot.

Visit link:
UK’s Newest Tokamak Fusion Reactor Has Created Its First Plasma

Encrypted WhatsApp Message Recovered From Westminster Terrorist’s Phone

Bruce66423 brings word that a terrorist’s WhatsApp message has been decrypted “using techniques that ‘cannot be disclosed for security reasons’, though ‘sources said they now have the technical expertise to repeat the process in future.'” The Economic Times reports: U.K. security services have managed to decode the last message sent out by Khalid Masood before he rammed his high-speed car into pedestrians on Westminster Bridge and stabbed to death a police officer at the gates of Parliament on March 22. The access to Masood’s message was achieved by what has been described by security sources as a use of “human and technical intelligence”… The issue of WhatsApp’s encrypted service, which is closed to anyone besides the sender and recipient, had come under criticism soon after the attack. “It’s completely unacceptable. There should be no place for terrorists to hide. We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don’t provide a secret place for terrorists to communicate with each other, ” U.K. home secretary Amber Rudd had said. Security sources say the message showed the victim’s motive was military action in Muslim countries, while the article adds that though ISIS claimed responsibility for the attack, “no evidence has emerged to back this up.” Read more of this story at Slashdot.

Originally posted here:
Encrypted WhatsApp Message Recovered From Westminster Terrorist’s Phone

Facebook and Google Were Victims of $100M Payment Scam

Employees of Facebook and Google were the victims of an elaborate $100 million phishing attack, according to a new report on Fortune, which further adds that the employees were tricked into sending money to overseas bank accounts. From the report: In 2013, a 40-something Lithuanian named Evaldas Rimasauskas allegedly hatched an elaborate scheme to defraud U.S. tech companies. According to the Justice Department, he forged email addresses, invoices, and corporate stamps in order to impersonate a large Asian-based manufacturer with whom the tech firms regularly did business. The point was to trick companies into paying for computer supplies. The scheme worked. Over a two-year span, the corporate imposter convinced accounting departments at the two tech companies to make transfers worth tens of millions of dollars. By the time the firms figured out what was going on, Rimasauskas had coaxed out over $100 million in payments, which he promptly stashed in bank accounts across Eastern Europe. Fortune adds that the investigation raises questions about why the companies have so far kept silence and whether — as a former head of the Securities and Exchange Commission observes — it triggers an obligation to tell investors about what happened. Read more of this story at Slashdot.

View original post here:
Facebook and Google Were Victims of $100M Payment Scam

AV provider Webroot melts down as update nukes hundreds of legit files

Enlarge (credit: Enesse Bhé ) Antivirus provider Webroot is causing a world of trouble for customers. A signature update just nuked hundreds of benign files needed to run Microsoft Windows, as well as apps that run on top of the operating system. Social media sites ignited on late Monday afternoon with customers reporting that servers and computers alike stopped working as a result of the mishap. The admin and security pundit who goes by the Twitter handle SwiftOnSecurity told Ars that, at the company he or she worked for, the false positive quarantined “several hundred” files used by Windows Insider Preview. Hundreds of “line of business” apps, such as those that track patient appointments or manage office equipment, suffered the same fate. Webroot was also flagging Facebook as a phishing site. As this post was going live, Webroot’s cloud-based system for issuing commands to clients was unable to revert the quarantined files. Officials have yet to confirm they would be able to revert all the bad determinations. Read 4 remaining paragraphs | Comments

Taken from:
AV provider Webroot melts down as update nukes hundreds of legit files

Microsoft Will Support Python In SQL Server 2017

There was a surprise in the latest Community Technology Preview release of SQL Server 2017. An anonymous reader quotes InfoWorld: Python can now be used within SQL Server to perform analytics, run machine learning models, or handle most any kind of data-powered work. This integration isn’t limited to enterprise editions of SQL Server 2017, either — it’ll also be available in the free-to-use Express edition… Microsoft has also made it possible to embed Python code directly in SQL Server databases by including the code as a T-SQL stored procedure. This allows Python code to be deployed in production along with the data it’ll be processing. These behaviors, and the RevoScalePy package, are essentially Python versions of features Microsoft built for SQL Server back when it integrated the R language into the database… An existing Python installation isn’t required. During the setup process, SQL Server 2017 can pull down and install its own edition of CPython 3.5, the stock Python interpreter available from the Python.org website. Users can install their own Python packages as well or use Cython to generate C code from Python modules for additional speed. Except it’s not yet available for Linux users, according to the article. “Microsoft has previously announced SQL Server would be available for Linux, but right now, only the Windows version of SQL Server 2017 supports Python.” Read more of this story at Slashdot.

See more here:
Microsoft Will Support Python In SQL Server 2017

Anbox Can Run Android Apps Natively On Linux (In A Container)

Slashdot user #1083, downwa, writes: Canonical engineer Simon Fels has publicly released an Alpha version of Anbox. Similar to the method employed for Android apps on ChromeOS, Anbox runs an entire Android system (7.1.1 at present) in an LXC container. Developed over the last year and a half, the software promises to seamlessly bring performant Android apps to the Linux desktop. After installing Anbox (based on Android 7.1.1) and starting Anbox Application Manager, ten apps are available: Calculator, Calendar, Clock, Contacts, Email, Files, Gallery, Music, Settings, and WebView. Apps run in separate resizeable windows. Additional apps (ARM-native binaries are excluded) can be installed via adb. Installation currently is only supported on a few Linux distributions able to install snaps. Contributions are welcome on Github. In a blog post Simon describes it as “a side project” that he’s worked on for over a year and a half. “There were quite a few problems to solve on the way to a really working implementation but it is now in a state that it makes sense to share it with a wider audience.” Read more of this story at Slashdot.

Read the original post:
Anbox Can Run Android Apps Natively On Linux (In A Container)

All-Electric ‘Flying Car’ Takes Its First Test Flight In Germany

Today, Munich-based Lilium Aviation conducted the first test flight of its all-electric, two-seater, vertical take-off and landing (VTOL) prototype. “In a video provided by the Munich-based startup, the aircraft can be seen taking off vertically like a helicopter, and then accelerating into forward flight using wing-borne lift, ” reports The Verge. From the report: The craft is powered by 36 separate jet engines mounted on its 10-meter long wings via 12 movable flaps. At take-off, the flaps are pointed downwards to provide vertical lift. And once airborne, the flaps gradually tilt into a horizontal position, providing forward thrust. During the tests, the jet was piloted remotely, but its operators say their first manned flight is close-at-hand. And Lilium claims that its electric battery “consumes around 90 percent less energy than drone-style aircraft, ” enabling the aircraft to achieve a range of 300 kilometers (183 miles) with a maximum cruising speed of 300 kph (183 mph). “It’s the same battery that you can find in any Tesla, ” Nathen told The Verge. “The concept is that we are lifting with our wings as soon as we progress into the air with velocity, which makes our airplane very efficient. Compared to other flights, we have extremely low power consumption.” The plan is to eventually build a 5-passenger version of the jet. Read more of this story at Slashdot.

Visit site:
All-Electric ‘Flying Car’ Takes Its First Test Flight In Germany