By BeauHD from Slashdot's outsmarting-machines department
An anonymous reader quotes a report from Help Net Security: Przemek Jaroszewski, the head of Poland's Computer Emergency Response Team (CERT), says anyone can bypass the security of the automated entrances of airlines' airport lounges by using a specially crafted mobile app that spoofs boarding pass QR codes. He created one for himself, and successfully tried it out on a number of European airports. Usually, to enter these lounges, travelers need to let the scanner at the entrance scan the QR code on their boarding pass, and the doors open automatically. Jaroszewski created an Android app that creates fake but acceptable QR codes. He says that aside from a valid flight number, the QR code doesn't have to include correct information (traveller's name, flight destination, etc.). According to WIRED, the U.S. Transportation Security Administration (TSA) and the International Air Transport Association (IATA) don't consider this particular issue a problem that needs fixing. They said "any such boarding pass security flaw would be the airlines' issue." Here is an unlisted video of the hack in action.Read Replies (0)
By BeauHD from Slashdot's full-century department
An anonymous reader quotes a report from Ars Technica: A recent extension of UK copyright for industrially manufactured artistic works represents "a direct assault on the 3D printing revolution," says Pirate Party founder Rick Falkvinge. The UK government last month extended copyright for designs from 25 years to the life of the designer plus 70 years. In practice, this is likely to mean a copyright term of over 100 years for furniture and other designed objects. Writing on the Private Internet Access site, Falkvinge says that the copyright extension will have important consequences for makers in the UK and EU: "This change means that people will be prohibited from using 3D printing and other maker technologies to manufacture such objects, and that for a full century." Falkvinge points out a crucial difference between the previous UK protection for designs, which was based on what are called "design rights" plus a short copyright term, and the situation now, which involves design rights and a much-longer copyright term. With design rights, "you're absolutely and one hundred percent free to make copies of it for your own use with your own tools and materials," Falkvinge writes. "When something is under copyright, you are not. Therefore, this move is a direct assault on the 3D printing revolution." "Moving furniture design from a [design right] to copyright law means that people can and will indeed be prosecuted for manufacturing their own furniture using their own tools," Falkvinge claims.Read Replies (0)
By BeauHD from Slashdot's Guy-Fawkes-mask department
schwit1 quotes a report from Motherboard: By itself, the ability to instantly identify anyone just by seeing their face already creates massive power imbalances, with serious implications for free speech and political protest. But more recently, researchers have demonstrated that even when faces are blurred or otherwise obscured, algorithms can be trained to identify people by matching previously-observed patterns around their head and body. In a new paper uploaded to the ArXiv pre-print server, researchers at the Max Planck Institute in Saarbrucken, Germany demonstrate a method of identifying individuals even when most of their photos are un-tagged or obscured. The researchers' system, which they call the "Faceless Recognition System," trains a neural network on a set of photos containing both obscured and visible faces, then uses that knowledge to predict the identity of obscured faces by looking for similarities in the area around a person's head and body. As for the accuracy of the system, "even when there are only 1.25 instances of the individual's fully-visible face, the system can identify an obscured face with 69.6 percent accuracy; if there are 10 instances of an individual's face, it increases to as high as 91.5 percent."Read Replies (0)
By manishs from Slashdot's universal-machine department
Brian Fagioli, writing for BetaNews:If you are a Windows user, and want a really great computer, you should consider Microsoft's Surface line. Not only do they serve as wonderful tablets, but with the keyboard attachment, they can be solid laptops too. While many Linux users dislike Microsoft, some of them undoubtedly envy Windows hardware. While it is possible to run Linux distros on some Surface tablets, not everything will work flawlessly. Today, release candidate 1 of Linux Kernel 4.8 is announced, and it seems a particularly interesting driver has been added -- the Surface 3 touchscreen controller. "This seems to be building up to be one of the bigger releases lately, but let's see how it all ends up. The merge window has been fairly normal, although the patch itself looks somewhat unusual: over 20 percent of the patch is documentation updates, due to conversion of the drm and media documentation from docbook to the Sphinx doc format. There are other doc updates, but that's the big bulk of it," says Linus Torvalds, Linux creator. Will Microsoft's lower-priced (starting at $499) hybrid computer become the ultimate mobile Linux machine?Read Replies (0)
By manishs from Slashdot's vulnerable-systems department
Brian Krebs reports: A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle's MICROS point-of-sale credit card payment systems. Asked this weekend for comment on rumors of a large data breach potentially affecting customers of its retail division, Oracle acknowledged that it had "detected and addressed malicious code in certain legacy MICROS systems." It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal. MICROS is among the top three point-of-sale vendors globally. Oracle's MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS's systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.Read Replies (0)
By manishs from Slashdot's security-blues department
It turns out, the majority of Bluetooth smart locks you see on the market can easily be hacked and opened by unauthorized users. The news comes from DEF CON hacker conference in Las Vegas, where security researchers revealed the vulnerability, adding that concerned OEMs are doing little to nothing to patch the hole. Tom's Guide reports: Researcher Anthony Rose, an electrical engineer, said that of 16 Bluetooth smart locks he and fellow researcher Ben Ramsey had tested, 12 locks opened when wirelessly attacked. The locks -- including models made by Quicklock, iBlulock, Plantraco, Ceomate, Elecycle, Vians, Okidokey and Mesh Motion -- had security vulnerabilities that ranged from ridiculously easy to moderately difficult to exploit. "We figured we'd find vulnerabilities in Bluetooth Low Energy locks, then contact the vendors. It turned out that the vendors actually don't care," Rose said. "We contacted 12 vendors. Only one responded, and they said, 'We know it's a problem, but we're not gonna fix it.'" The problems didn't lie with the Bluetooth Low Energy protocol itself, Rose said, but in the way the locks implemented Bluetooth communications, or with a lock's companion smartphone app. Four locks, for example, transmitted their user passwords in plaintext to smartphones, making it easy for anyone with a $100 Bluetooth sniffer to pluck the passwords out of thin air.Read Replies (0)
By manishs from Slashdot's affinity-for-free-content department
Hulu has inked a deal with Yahoo to provide free, ad-supported episodes of a range of TV shows. But Hulu also said Monday it will end free streaming service on its own platform as it is moving that to an all-subscription model. As part of its expanded distribution deal with Yahoo, which is launching Yahoo View, a new ad-supported TV streaming site with five most recent episodes of shows from ABC, NBC, and Fox among other networks. From an article on The Hollywood Reporter:Most of Hulu's free content has been fairly limited, restricted to what's known as the "rolling five," or the five most recent episodes of a current show -- content that typically becomes available eight days after it airs and is usually also available for free on broadcast networks' websites. For example, recent episodes of shows like America's Got Talent, South Park and Brooklyn Nine-Nine are currently available for free, while Hulu's slate of originals and high-profile exclusives remain behind the paywall. [...] Yahoo is launching the TV site a half-year after shuttering Yahoo Screen, the video service that offered up ad-supported episodes of original TV shows like Community, live streaming concerts and other clips. With View, however, Yahoo is focusing specifically on providing a destination for television to its audience, many of whom are still driven to Yahoo products via its highly trafficked homepage.Read Replies (0)
By manishs from Slashdot's correlation-could-be-causation department
Here's another report reaffirming that playing online video games doesn't necessarily hinder one with their grades. According to an analysis of data from over 12,000 high school students in Australia, children who play online video games tend to do better in academic science, maths and reading tests. The study says kids who played online games almost every day scored 15 points above average in maths and reading tests and 17 points above average in science. "The analysis shows that those students who play online video games obtain higher scores on Pisa (Program for International Student Assessment -- internationally recognized tests that are administered by the Organisation for Economic Cooperation and Development (OECD)) tests, all other things being equal," said Alberto Posso, from the Royal Melbourne Institute of Technology whp analyzed the data. "When you play online games you're solving puzzles to move to the next level and that involves using some of the general knowledge and skills in maths, reading and science that you've been taught during the day." The Guardian reports: The cause of the association between game playing and academic success is not clear from the research. It is possible that children who are gifted at maths, science and reading are more likely to play online games. Alternatively, it could be that more proficient students work more efficiently, and therefore have more free time, making online gaming a marker of possible academic ability rather than something that actively boosts performance. Posso also looked at the correlation between social media use and Pisa scores. He concluded that users of sites such as Facebook and Twitter were more likely to score 4% lower on average, and the more frequent the social networking usage, the bigger the difference. 78% of the teenagers said they used social networks every day. Other studies have found a link between heavy users of social networking and a low attention span, which is also linked to poorer academic performance, but the evidence is less than conclusive.Read Replies (0)
By manishs from Slashdot's security-woes department
Lorenzo Franceschi-Bicchierai, writing for Motherboard: One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollars. This has been a scenario that security experts have touted as one of the theoretical dangers of the rise of the Internet of Things, internet-connected devices that are often insecure. On Saturday, what sounds like a Mr. Robot plot line came one step closer to being reality, when two white hat hackers showed off the first-ever ransomware that works against a "smart" device, in this case, a thermostat. Luckily, Andrew Tierney and Ken Munro, the two security researchers who created the ransomware, actually have no ill intention. They just wanted to make a point: some Internet of Things devices fail to take simple security precautions, leaving users in danger. "We don't have any control over our devices, and don't really know what they're doing and how they're doing it," Tierney told Motherboard. "And if they start doing something you don't understand, you don't really have a way of dealing with it." Tierney and Munro, who both work UK-based security firm Pen Test Partners, demonstrated their thermostat ransomware proof-of-concept at the hacking conference Def Con on Saturday, fulfilling the pessimistic predictions of some people in security world.Read Replies (0)
By manishs from Slashdot's computer-glitch department
Delta Air Lines says it has suffered a computer outage throughout its system, and is warning of "large-scale" cancellations after passengers were unable to check in and departures were grounded globally. The No. 2 U.S. carrier said in a statement Monday that it had "experienced a computer outage that has impacted flights scheduled for this morning. Flights awaiting departure are currently delayed. Flights en route are operating normally." A power outage in Atlanta at about 2.30 a.m. local time is said to be the cause of computer outage. CNN reports: "Large-scale cancellations are expected today," Delta said. While flights already in the air were operating normally, just about all flights yet to take off were grounded. The number of flights and passengers affected by the problem was not immediately available. But Delta, on average, operates about 15,000 daily flights, carrying an average of 550,000 daily passengers during the summer. Getting information on the status of flights was particularly frustrating for passengers. "We are aware that flight status systems, including airport screens, are incorrectly showing flights on time," said the airline. "We apologize to customers who are affected by this issue, and our teams are working to resolve the problem as quickly as possible."Read Replies (0)
By EditorDavid from Slashdot's eye-in-the-sky department
An anonymous Slashdot reader quotes a report from Motherboard:
It's been just over a year since amateur aviation sleuths first revealed the FBI's secret aerial surveillance of the civil unrest in Baltimore, Maryland. Now, in response to a FOIA request from the ACLU, the Bureau has released more than 18 hours of aerial footage from the Baltimore protests captured by their once-secret spy planes, which regularly fly in circles above major cities and are commonly registered to fake companies.
The cache is likely the most comprehensive collection of aerial surveillance footage ever released by a US law enforcement agency... The footage shows the crowds of protesters captured in a combination of visible light and infrared spectrum video taken by the planes' wing-mounted FLIR Talon cameras. While individual faces are not clearly visible in the videos, it's frighteningly easy to imagine how cameras with a slightly improved zoom resolution and face recognition technology could be used to identify protesters in the future.
The FBI says they're only using the planes to track specific suspectds in serious crime investigations, according to the article, which adds that "The FBI flew their spy planes more than 3,500 times in the last six months of 2015, according to a Buzzfeed News analysis of data collected by the aircraft-tracking site FlightRadar24."Read Replies (0)
By EditorDavid from Slashdot's reports-from-Black-Hat department
An anonymous Slashdot reader writes:
The Linux in Windows 10 isn't running inside of a hypervisor; it's "running on the raw hardware, getting all the benefits of performance and system access, as well as expanding the potential attack surface." eWeek reports on a new threat discovered by Alex Ionescu, the chief architect at cybersecurity company Crowdstrike, which begins with the fact that "The Windows file system is also mapped to Linux, such that Linux will get access to the same files and directories."
Ionescu says "There are a number of ways that Windows applications could inject code, modify memory and add new threats to a Linux application running on Windows." According to eWeek, "The modified Linux code in turn could then call Windows APIs and get access to system calls to perform malicious actions that might not be mitigated."
Ionescu describes it as "a two-headed beast that can do a little Linux and can also be used to attack the Windows side of the system."Read Replies (0)