Slashdot

Tweetbutton tweet

Subscribe to Slashdot feed Slashdot
News for nerds, stuff that matters
Updated: 58 min 27 sec ago

FCC Refuses To Release Text of More Than 40,000 Net Neutrality Complaints

Tue, 07/18/2017 - 16:20
An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission has denied a request to extend the deadline for filing public comments on its plan to overturn net neutrality rules, and the FCC is refusing to release the text of more than 40,000 net neutrality complaints that it has received since June 2015. The National Hispanic Media Coalition (NHMC) filed a Freedom of Information Act (FoIA) request in May of this year for tens of thousands of net neutrality complaints that Internet users filed against their ISPs. The NHMC argues that the details of these complaints are crucial for analyzing FCC Chairman Ajit Pai's proposal to overturn net neutrality rules. The coalition also asked the FCC to extend the initial comment deadline until 60 days after the commission fully complies with the FoIA request. A deadline extension would have given people more time to file public comments on the plan to eliminate net neutrality rules. Instead, the FCC yesterday denied the motion for an extension and said that it will only provide the text for a fraction of the complaints, because providing them all would be too burdensome.

Read more of this story at Slashdot.

Categories: Open Source

Should We Ignore the South Carolina Election Hacking Story?

Tue, 07/18/2017 - 15:40
chicksdaddy provides five (or more) "good" reasons why we should ignore the South Carolina election hacking story that was reported yesterday. According to yesterday's reports, South Carolina's voter-registration system was hit with nearly 150,000 hack attempts on election day. Slashdot reader chicksdaddy writes from an opinion piece via The Security Ledger: What should we make of the latest reports from WSJ, The Hill, etc. that South Carolina's election systems were bombarded with 150,000 hacking attempts? Not much, argues Security Ledger in a news analysis that argues there are lots of good reasons to ignore this story, if not the very real problem of election hacking. The stories were based on this report from The South Carolina Election Commission. The key phrase in that report is "attempts to penetrate," Security Ledger notes. Information security professionals would refer to that by more mundane terms like "port scans" or probes. These are kind of the "dog bites man" stories of the cyber beat -- common (here's one from 2012 US News & World Report) but ill informed. "The kinds of undifferentiated scans that the report is talking about are the internet equivalent of people driving slowly past your house." While some of those 150,000 attempts may well be attempts to hack South Carolina's elections systems, many are undifferentiated, while some may be legitimate, if misdirected. Whatever the case, they're background noise on the internet and hardly unique to South Carolina's voter registration systems. They're certainly not evidence of sophisticated, nation-state efforts to crack the U.S. election system by Russia, China or anyone else, Security Ledger argues. "The problem with lumping all these 'hacking attempts' in the same breath as you talk about sophisticated and targeted attacks on the Clinton Campaign, the DCCC, and successful penetration of some state election boards is that it dramatically distorts the nature and scope of the threat to the U.S. election system which -- again -- is very real." The election story is one "that demands thoughtful and pointed reporting that can explore (and explode) efforts by foreign actors to subvert the U.S. vote and thus its democracy," the piece goes on to argue. "That's especially true in an environment in which regulators and elected officials seem strangely incurious about such incidents and disinclined to investigate them."

Read more of this story at Slashdot.

Categories: Open Source

Flaw In IoT Security Cameras Leaves Millions of Devices Open To Hackers

Tue, 07/18/2017 - 15:00
New submitter Aliciadivo writes: A nasty vulnerability found in Axis security cameras could allow hackers to take full control of several types of Internet of Things devices, and in some cases, software programs, too. The Senrio research team found that devices and software programs using an open source software library called gSOAP to enable their product to communicate to the internet could be affected. Stephen Ridley, founder of Senrio, said: "I bet you all these other manufacturers have the same vulnerability throughout their product lines as well. It's a vulnerability in virtually every IoT device [...] Every kind of device you can possibly think of." A spokesperson for ONVIF, an electronics industry consortium that includes Axis and has includes some members that use gSOAP, said it has notified its members of the flaw, but it's not "up to each member to handle this in the way they best see fit." Also, gSOAP "is not in any way mandated by the ONVIF specifications, but as SOAP is the base for the ONVIF API, it is possible that ONVIF members would be affected." Hundreds of thousands of devices might be affected, as a search for the term "Axis" on Shodan, an engine that scours the internet for vulnerable devices, returns around 14,000 results. You can view Senrio Labs' video on the exploit (which they refer to as the "Devil's Ivy Exploit") here.

Read more of this story at Slashdot.

Categories: Open Source

US Increases Number of H-2B Visas By 15,000

Tue, 07/18/2017 - 14:20
An anonymous reader quotes a report from Ars Technica: President Donald Trump has said he's going to set more limits on the H-1B visa program, which allows tens of thousands of technology workers into the U.S. each year. But yesterday, the Department of Homeland Security moved to expand another type of visa, the H-2B, which allows lower-skilled workers in on a seasonal basis. The Department of Homeland Security said yesterday it is going to allow an additional 15,000 workers to come in under the H-2B visa category, which is typically used by U.S. businesses in industries like tourism, construction, and seafood processing. The program normally allows for 66,000 visas, split between the two halves of the year. That means the DHS increase, announced yesterday, represents an increase of more than 40 percent for the second half of 2017. Businesses can begin applying for the additional visas right away, as long as they attest under penalty of perjury that their business will "suffer irreparable harm" if it can't employ additional H-2B workers in 2017. The expansion is a temporary one, and it only applies to the current year.

Read more of this story at Slashdot.

Categories: Open Source

Nearly 90,000 Sex Bots Invaded Twitter in 'One of the Largest Malicious Campaigns Ever Recorded on a Social Network'

Tue, 07/18/2017 - 13:40
An anonymous reader shares a report: Last week, Twitter's security team purged nearly 90,000 fake accounts after outside researchers discovered a massive botnet peddling links to fake "dating" and "romance" services. The accounts had already generated more than 8.5 million posts aimed at driving users to a variety of subscription-based scam websites with promises of -- you guessed it -- hot internet sex. The accounts were first identified by ZeroFOX, a Baltimore-based security firm that specializes in social-media threat detection. The researchers dubbed the botnet "SIREN" after sea-nymphs described in Greek mythology as half-bird half-woman creatures whose sweet songs often lured horny, drunken sailors to their rocky deaths. ZeroFOX's research into SIREN offers a rare glimpse into how efficient scammers have become at bypassing Twitter's anti-spam techniques. Further, it demonstrates how effective these types of botnets can be: The since-deleted accounts collectively generated upwards of 30 million clicks -- easily trackable since the links all used Google's URL shortening service.

Read more of this story at Slashdot.

Categories: Open Source

California Lawsuit Wants To Weaken Noncompetes

Tue, 07/18/2017 - 13:00
An anonymous reader shares a report: California already prohibits companies from enforcing noncompetes within the state, but a Bay Area life sciences company is asking a state court to go even further. Veeva Systems is suing three of its East Coast-based competitors and asking a California Superior Court judge to declare that it has the right to hire employees who have signed such agreements. Veeva also wants a court to limit the use of non-disparagement and confidentiality agreements. "Non-compete agreements are bad," the company said in its suit. "These agreements limit employment opportunities. They suppress wages. They keep employees trapped in jobs they do not want, and they keep employees from fairly competing with their former employers. These agreements restrict fair and robust competition for employees."

Read more of this story at Slashdot.

Categories: Open Source

Google Bolsters Security To Prevent Another Google Docs Phishing Attack

Tue, 07/18/2017 - 12:20
Google is adding a set of features to its security roster to prevent a second run of last month's massive phishing attack. From a report: The company is adding warnings and interstitial screens to warn users that an app they are about to use is unverified and could put their account data at risk. This so-called "unverified app" screen will land on all new web apps that connect to Google user accounts to prevent a malicious app from appearing legitimate. Any Google Chrome user landing on a hacked or malicious website will recognize the prompt as the red warning screen. Some existing apps will also have to go through the same verification process as new apps, Google said. Google also said it will add those warnings to its Apps Scripts, which let Google use custom macros and add-ons for its productivity apps, like Google Docs.

Read more of this story at Slashdot.

Categories: Open Source

Mesh Networking Comes To Bluetooth, Which Could Set Off a New Wave of Smart Buildings

Tue, 07/18/2017 - 11:40
One of the most widely used technologies in mobile computing is getting an important upgrade that could accelerate the development of the smart home and industrial internet. From a report: The Bluetooth Special Interest Group, the Kirkland, Wash.-based group that enforces compatibility among the billions of devices that use the short-range Bluetooth wireless technology, plans to announce Tuesday that the standard now supports mesh networking. Mesh networks connect a variety of access points and devices across a distributed network, rather than the one-to-one connection that currently exists between your smartphone and that headset that makes you look ridiculous. This approach dramatically improves the range and reliability of a wireless network, since information can be relayed across several different devices rather than having to stretch between two far-apart devices. And if part of the network goes offline, mesh technology has the capability to route around that outage and still carry out its original mission. Wi-Fi networks have also been getting in on this mesh networking act, which has an additional bonus: mesh networks are much easier to set up than traditional wireless networks.

Read more of this story at Slashdot.

Categories: Open Source

Negative Free Cash Flow Will Be an Indicator of Enormous Success For Netflix, Says CEO

Tue, 07/18/2017 - 11:00
During Netflix's quarterly earnings call, in which it noted it had added more than five million subscribers in the last three months, CEO Red Hastings was also asked about the millions of dollars it burns every quarter. Hastings said that burning cash is a sign of success, in a way. Here's the money quote: Look, when we produce an amazing show like Stranger Things, that's a lot of capital up front, and then you get a payout over many years. And seeing the positive returns on that for the business as a whole is what makes us comfortable that we should continue to invest and integrate to basically self-develop many more properties as Ted (the content head) can find the appropriate ones. And then there's comfort with being able to finance it, and of course, our debt-to-market cap is incredibly low and conservative, so we've got lots of room there. And I think that combination that it's spent well and we can raise it is what makes us very excited. And the irony is the faster that we grow and the faster we grow the owned originals, the more drawn on free cash flow that we'll be. So in some senses, negative free cash flow will be an indicator of enormous success. On Monday, Netflix updated its estimate for negative free cash flow for 2017. While previously the company had said it would be $2 billion, Netflix now says it will be $2 to $2.5 billion (versus $1.7 billion in 2016).

Read more of this story at Slashdot.

Categories: Open Source

Apple's Risky Balancing Act With the Next iPhone

Tue, 07/18/2017 - 10:20
Long time columnist Jason Snell: As there always are at this time of year, there are lots of rumors out there about what the next iPhone will be. This year we're hearing that Apple is going to release a high-priced, next-generation phone in addition to the expected iPhone 7s and iPhone 7s Plus models. [...] By most accounts, Apple's next-generation iPhone will offer a similar design. But also, by many accounts, Apple is struggling to create that product -- and when it arrives, it may be expensive, late to ship, and supply constrained. This is one of those areas where Apple may be the victim of its own success. The iPhone is so popular a product that Apple can't include any technology or source any part if it can't be made more than 200 million times a year. If the supplier of a cutting-edge part Apple wants can only provide the company with 50 million per year, it simply can't be used in the iPhone. Apple sells too many, too fast. Contrast that to Apple's competition. On the smaller end, former Android chief Andy Rubin announced the Essential phone, but even Rubin admitted that he'd only be able to sell in thousands, not millions. Same for the RED Hydrogen One -- groundbreaking phone, hardly likely to sell in any volume. The Google Pixel looks like it's in the one million range. Apple's biggest competitor, Samsung, has to deal with a scale more similar to Apple's -- but it's still only expected to sell 50 or 60 million units of the flagship Galaxy S8.

Read more of this story at Slashdot.

Categories: Open Source

China's Censors Can Now Erase Images Mid-Transmission

Tue, 07/18/2017 - 09:40
Eva Dou, reporting for WSJ: China's already formidable internet censors have demonstrated a new strength -- the ability to delete images in one-on-one chats as they are being transmitted, making them disappear before receivers see them. The ability is part of a broader technology push by Beijing's censors to step up surveillance and get ahead of activists and others communicating online in China (Editor's note: the link could be paywalled; alternative source). Displays of this new image-filtering capability kicked into high gear last week as Chinese dissident Liu Xiaobo lay dying from liver cancer and politically minded Chinese tried to pay tribute to him, according to activists and a new research report. Wu Yangwei, a friend of the long-jailed Nobel Peace Prize laureate, said he used popular messaging app WeChat to send friends a photo of a haggard Mr. Liu embracing his wife. Mr. Wu believed the transmissions were successful, but he said his friends never saw them. "Sometimes you can get around censors by rotating the photo," said Mr. Wu, a writer better known by his pen name, Ye Du. "But that doesn't always work." There were disruptions on Tuesday to another popular messaging app, Facebook's WhatsApp, with many China-based users saying they were unable to send photos and videos without the use of software that circumvents Chinese internet controls. Text messages appeared to be largely unaffected.

Read more of this story at Slashdot.

Categories: Open Source

Hacks 'Probably Compromised' UK Industry

Tue, 07/18/2017 - 09:00
Some industrial software companies in the UK are "likely to have been compromised" by hackers, according to a document reportedly produced by British spy agency GCHQ. A copy of the document from the National Cyber Security Centre (NCSC) -- part of GCHQ -- was obtained by technology website Motherboard. From a report: A follow-up by the BBC indicated that the document was legitimate. There have been reports about similar cyber-attacks around the world lately. Modern, computer-based industrial control systems manage equipment in facilities such as power stations. And attacks attempting to compromise such systems had become more common recently, one security researcher said. The NCSC report specifically discusses the threat to the energy and manufacturing sectors. It also cites connections from multiple UK internet addresses to systems associated with "advanced state-sponsored hostile threat actors" as evidence of hackers targeting energy and manufacturing organisations.

Read more of this story at Slashdot.

Categories: Open Source

End of the Line For Remix OS as Jide Shifts Its Energy Towards the Enterprise

Tue, 07/18/2017 - 08:20
An anonymous reader shares a report: It was only in July last year that Remix OS, an Android-based operating system for PCs, was bumped up to Version 3.0, which featured Android 6.0 Marshmallow under the hood. In fact, news of the upgrade came hot on the heels of an announcement from Chuwi with regards to the release of its $239 Vi10 Plus tablet that dual-booted Remix OS and Windows 10. A little over a month later, Jide Technology then followed up with a "developer preview" of the OS leveraging Android 7.0 Nougat. However, after a somewhat brief period of existence of just a few years, the company has announced that it is shifting its focus away from the consumer segment to the enterprise. In a statement on its website, Jide stated that: "Over the past year, we received an increasing number of inquiries from enterprises in various industries, and began helping them build great tools for their organizations by leveraging Jide software and hardware. We see huge potential in the role that Jide can play to revolutionize how these businesses operate. And given our existing resources, we decided to focus our company efforts solely on the enterprise space moving forward."

Read more of this story at Slashdot.

Categories: Open Source

Google Glass Makes an Official Return

Tue, 07/18/2017 - 07:40
Alphabet's Google has officially launched the "Enterprise Edition" of its smart glasses hardware, which is now available to a network of Google partners. From a report: The company's developer partners range from logistics and manufacturing to patient care. These apps have long-been involved with Glass through the business-focused "Glass at Work" program. In a blog post Tuesday, Google Glass project leader Jay Kothari said partners such as GE Aviation, AGCO, DHL, Dignity Health, NSF International, Sutter Health, Boeing and Volkswagen have been using Glass over the past several years, and make up just a sampling of 50 companies using the wearable. Wired said several of these companies found the original Google Glass to be very useful in factories and other enterprise environments. Google discovered this and began work on a product built by a team dedicated to building a new version of Glass for the enterprise. According to Kothari, the Google Glass Enterprise Edition glasses are lighter and more "comfortable for long term wear." They also offer more power and longer battery life and, offer support for folks with prescription lenses, Wired said. The glasses, too, are stronger and do double duty as safety glasses. Further reading: Google Glass 2.0 Is a Startling Second Act.

Read more of this story at Slashdot.

Categories: Open Source

Google Fiber Is Losing Its Second CEO in Less Than a Year

Tue, 07/18/2017 - 07:00
An anonymous reader shares a report: Google Fiber, the high-speed internet service operated by Alphabet, has lost its second CEO in less than a year. Gregory McCray is stepping down from the CEO job of Access, the Alphabet subsidiary that houses the Fiber unit, Google confirmed to Business Insider on Monday. The change is the latest shake-up at Access, which announced in October that it would stop rolling out its 1 gigabit per second wired broadband networks to new cities and focus on newer, wireless options, such as the Webpass wireless service it acquired last year. The Access group also had layoffs towards the end of 2016 and shifted hundreds of other employees to different units within Google earlier this year. Alphabet CEO Larry Page said in an emailed statement to Business Insider on Monday that the company is "committed to the success of Google Fiber" and was looking for new leader for the business.

Read more of this story at Slashdot.

Categories: Open Source

Exploit Derived From EternalSynergy Upgraded To Target Newer Windows Versions

Tue, 07/18/2017 - 06:00
An anonymous reader writes: "Thai security researcher Worawit Wang has put together an exploit based on ETERNALSYNERGY that can also target newer versions of the Windows operating system," reports Bleeping Computer. "ETERNALSYNERGY is one of the NSA exploits leaked by the Shadow Brokers hacking group in April this year. According to a Microsoft technical analysis, the exploit can allow an attacker to execute code on Windows machines with SMB services exposed to external connections. The exploit works up to Windows 8. According to Microsoft, the techniques used in the original ETERNALSYNERGY exploit do not work on newer platforms due to several kernel security improvements. Wang says his exploit targets the same vulnerability but uses a different exploitation technique. His method 'should never crash a target,' the expert says. 'Chance should be nearly 0%,' Wang adds." Combining his exploit with the original ETERNALSYNERGY exploit would allow a hacker to target all Windows versions except Windows 10. This is about 75% of all Windows PCs. The exploit code is available for download from Wang's GitHub or ExploitDB. Sheila A. Berta, a security researcher for Telefonica's Eleven Paths security unit, has published a step-by-step guide on how to use Wang's exploit.

Read more of this story at Slashdot.

Categories: Open Source

Facial Recognition Could Be Coming To Police Body Cameras

Tue, 07/18/2017 - 03:00
schwit1 quotes a report from Defense One: Even if the cop who pulls you over doesn't recognize you, the body camera on his chest eventually just might. Device-maker Motorola will work with artificial intelligence software startup Neurala to build "real-time learning for a person of interest search" on products such as the Si500 body camera for police, the firm announced Monday. Italian-born neuroscientist and Neurala founder Massimiliano Versace has created patent-pending image recognition and machine learning technology. It's similar to other machine learning methods but far more scalable, so a device carried by that cop on his shoulder can learn to recognize shapes and -- potentially faces -- as quickly and reliably as a much larger and more powerful computer. It works by mimicking the mammalian brain, rather than the way computers have worked traditionally. Versace's research was funded, in part, by the Defense Advanced Research Projects Agency or DARPA under a program called SyNAPSE. In a 2010 paper for IEEE Spectrum, he describes the breakthrough. Basically, a tiny constellation of processors do the work of different parts of the brain -- which is sometimes called neuromorphic computation -- or "computation that can be divided up between hardware that processes like the body of a neuron and hardware that processes the way dendrites and axons do." Versace's research shows that AIs can learn in that environment using a lot less code.

Read more of this story at Slashdot.

Categories: Open Source

Long Working Days Can Cause Heart Problems, Study Says

Tue, 07/18/2017 - 00:00
According to a major new study, long days at the office can be bad for your heart. While the risk of stroke is increased from working too many hours in the office, it seems that working more than 55 hours a week means a 40% higher chance of developing an irregular heartbeat (atrial fibrillation), when compared to those with a better work-life balance. The Guardian reports: The research team, led by Professor Mika Kivimaki from the department of epidemiology at University College, London, analysed data on the working patterns of 85,494 mainly middle-aged men and women drawn from the UK, Denmark, Sweden and Finland. Participants were put into groups according to their work pattern, with 35-40 hours a week regarded as the control group. No one had AF at the start of the study, published in the European Heart Journal. After 10 years of follow-up, an average of 12.4 per 1,000 people had developed AF, but among those working 55 hours or more, this figure was higher at 17.6 per 1,000 people. Those working the longest hours were more overweight, had higher blood pressure, smoked more and and consumed more alcohol. But the team's conclusions about longer working hours and AF still remained after taking these factors into account.

Read more of this story at Slashdot.

Categories: Open Source

Artificial Sweeteners Associated With Weight Gain, Heart Problems In Analysis of Data From 37 Studies

Mon, 07/17/2017 - 20:30
An anonymous reader quotes a report from NPR: The theory behind artificial sweeteners is simple: If you use them instead of sugar, you get the joy of sweet-tasting beverages and foods without the downer of extra calories, potential weight gain and related health issues. In practice, it's not so simple, as a review of the scientific evidence on non-nutritive sweeteners published Monday shows. After looking at two types of scientific research, the authors conclude that there is no solid evidence that sweeteners like aspartame and sucralose help people manage their weight. And observational data suggest that the people who regularly consume these sweeteners are also more likely to develop future health problems, though those studies can't say those problems are caused by the sweeteners. The review, published Monday in the Canadian Medical Association Journal, looked at 37 studies. Seven of them were randomized trials, covering about 1,000 people, and the rest were observational studies that tracked the health and habits of almost 406,000 people over time.

Read more of this story at Slashdot.

Categories: Open Source

$12 Billion In Private Student Loan Debt May Be Wiped Away By Missing Paperwork

Mon, 07/17/2017 - 18:25
New submitter cdreimer shares a report from The New York Times (Warning: source may be paywalled; alternate source): Tens of thousands of people who took out private loans to pay for college but have not been able to keep up payments may get their debts wiped away because critical paperwork is missing. The troubled loans, which total at least $5 billion, are at the center of a protracted legal dispute between the student borrowers and a group of creditors who have aggressively pursued them in court after they fell behind on payments. Judges have already dismissed dozens of lawsuits against former students, essentially wiping out their debt, because documents proving who owns the loans are missing. A review of court records by The New York Times shows that many other collection cases are deeply flawed, with incomplete ownership records and mass-produced documentation. Some of the problems playing out now in the $108 billion private student loan market are reminiscent of those that arose from the subprime mortgage crisis a decade ago, when billions of dollars in subprime mortgage loans were ruled uncollectable by courts because of missing or fake documentation. And like those troubled mortgages, private student loans -- which come with higher interest rates and fewer consumer protections than federal loans -- are often targeted at the most vulnerable borrowers, like those attending for-profit schools. At the center of the storm is one of the nation's largest owners of private student loans, the National Collegiate Student Loan Trusts. It is struggling to prove in court that it has the legal paperwork showing ownership of its loans, which were originally made by banks and then sold to investors. National Collegiate is an umbrella name for 15 trusts that hold 800,000 private student loans, totaling $12 billion. More than $5 billion of that debt is in default, according to court filings.

Read more of this story at Slashdot.

Categories: Open Source

Pages