By BeauHD from Slashdot's open-for-the-taking department
Bismillah writes: Researchers have published the results of exploring how vulnerable Thunderbolt is to DMA attacks, and the answer is "very." Be careful what you plug into that USB-C port. Yes, the set of vulnerabilities has a name: "Thunderclap." "Thunderbolt, which is available through USB-C ports on modern laptops, provides low-level direct memory access (DMA) at much higher privilege levels than regular universal serial bus peripherals," reports ITNews, citing a paper published from a team of researchers from the University of Cambridge, Rice University and SRI International. "This opens up laptops, desktops and servers with Thunderbolt input/output ports and PCI-Express connectors to attacks using malicious DMA-enabled peripherals. The main defense against the above attacks is the input-output memory management unit (IOMMU) that allows devices to access only the memory needed for the job to be done. Enabling the IOMMU to protect against DMA attacks comes at a high performance cost however. Most operating systems trade off security for performance gains, and disable the IOMMU by default."
"Apple's macOS uses the IOMMU, but even with the hardware defense enabled, the researchers were able to use a fake network card to read data traffic that is meant to be confined to the machine and never leave it," the report adds. "The network card was also able to run arbitrary programs at system administrator level on macOS and could read display contents from other Macs and keystrokes from a USB keyboard. Apple patched the vulnerability in macOS 10.12.4 that was released in 2016, but the researchers say the more general scope of such attacks remains relevant."Read Replies (0)
By BeauHD from Slashdot's sign-of-the-times department
A startup called Veo Robotics is preparing to roll out sensor technology that lets industrial robots work safely side-by-side with humans. "Veo's proprietary technology uses lidar sensors to create real-time maps of factory work spaces, so that robots can slow or stop completely when human workers get too close," Bloomberg reports. From the report: There are more than 2 million industrial robots in operation worldwide, mostly toiling inside metal safety cages. The seclusion is fine for repetitive tasks that can be done entirely by machines, such as arc welding, but the majority of work even in the most automated factories requires involvement of people. Embedding force sensors into industrial limbs is one way to prevent them from plowing through obstacles, but the same technology that makes the arms safe also makes them weak. Most so-called cobots cannot handle weights heavier than 10 kilograms (22 pounds). Computer vision offers a way to get robots into more complex environments, without compromising their strength. Another obstacle is that manufacturers increasingly have to make multiple products on the same assembly line and are constantly retooling their production to accommodate shifting consumer tastes. There are also not enough workers to do the job.
Veo, based in Waltham, Massachusetts, is working closely with the world's biggest robot makers Fanuc Corp., Yaskawa Electric Corp. and Kuka AG. But Veo's first customers are likely to be car companies, manufacturers of durable goods such as household appliances and oil and gas equipment makers, where the shale revolution created demand for more customization. The technology could be used to get machines to present parts to human workers, for loading and unloading fixtures and in palletizing.Read Replies (0)
By BeauHD from Slashdot's greedy-bastards department
Facebook's Patreon-like Fan Subscriptions feature lets people pay a monthly fee for access to a creator's exclusive content. But, as TechCrunch reports, it greatly differs from Patreon in that the social network "plans to take up to a 30 percent cut of subscription revenue minus fees, compared to 5 percent by Patreon, 30 percent by YouTube which covers fees, and 50 percent by Twitch." "Facebook also reserves the right to offer free trials to subscriptions that won't compensate creators," TechCrunch reports. "And Facebook demands a 'non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use' creators' content and 'This license survives even if you stop using Fan Subscriptions.'" From the report: Distrust of Facebook could scare creators away from the platform when combined with its significant revenue share and ability to give away or repurpose creators' content. Facebook has consistently shown that it puts what it thinks users want and its own interests above those of partners. It cut off game developers from viral channels, inadequately warned Page owners their reach with drop over time, decimated referral traffic to news publishers, and most recently banished video makers from the feed. If Facebook wants to win creators' trust and the engagement of their biggest fans, it may need a more competitive offering with larger limits on its power.
< article continued at Slashdot's greedy-bastards department
>Read Replies (0)
By BeauHD from Slashdot's give-them-what-they-want department
An anonymous reader quotes a report from Motherboard: Study after study continues to show that the best approach to tackling internet piracy is to provide these would-be customers with high quality, low cost alternatives. That idea was again supported by a new study this week out of New Zealand first spotted by TorrentFreak. The study, paid for by telecom operator Vocus Group, surveyed a thousand New Zealanders last December, and found that while half of those polled say they've pirated content at some point in their lives, those numbers have dropped as legal streaming alternatives have flourished.
The study found that 11 percent of New Zealand consumers still obtain copyrighted content via illegal streams, and 10 percent download infringing content via BitTorrent or other platforms. But it also found that users are increasingly likely to obtain that same content via over the air antennas (75 percent) or legitimate streaming services like Netflix (55 percent). "In short, the reason people are moving away from piracy is that it's simply more hassle than it's worth," says Vocus Group NZ executive Taryn Hamilton said in a statement. "The research confirms something many internet pundits have long instinctively believed to be true: piracy isn't driven by law-breakers, it's driven by people who can't easily or affordably get the content they want," she said.Read Replies (0)
By BeauHD from Slashdot's annoying-updates-are-annoying department
An anonymous reader quotes a report from ZDNet: Since the initial release of Windows 10 nearly four years ago, Microsoft has been tweaking its approach to automatic updates, adding Active Hours settings to ensure that mandatory restarts are less likely to be intrusive. Recent feature updates have also made notifications of pending updates more obvious. Are those changes enough to ease the pain? A new study from a group of UK-based researchers suggests Microsoft has more work to do. The study, titled "In Control with No Control: Perceptions and Reality of Windows 10 Home Edition Update Features," was presented this week at the Workshop on Usable Security (USEC) 2019 in San Diego, California. Researchers Jason Morris, Ingolf Becker, and Simon Parkin of University College London, built a detailed model of Microsoft's update process as of Windows 10 version 1803 and then surveyed a group of 93 Windows 10 Home users.
The overall conclusions were a mixed bag. In general, the survey respondents think that the Windows 10 update approach is an improvement over that found in previous Windows versions. Among participants who had experience with earlier Windows versions 53 percent reported they felt updating Windows 10 is easier, versus only 8 percent who found the process more difficult. Similarly, a majority of respondents agreed that the Windows 10 update process causes fewer interruptions than in previous versions (43 percent agreed, 21 percent disagreed). Where Microsoft has fallen down, the researchers argue, is in building an update system that is "dependent on a complex range of user and system properties." That system, illustrated by the flowchart shown here, is simply too complicated for the average home user to understand.Read Replies (0)
By msmash from Slashdot's closer-look department
An anonymous reader shares a report: Last week, cryptocurrency industry giant Coinbase sparked outrage when it announced that it had purchased a small startup called Neutrino. Normally, such an acquisition wouldn't make many waves, but Neutrino isn't your average startup. The company was founded by three former employees of Hacking Team, a controversial Italian surveillance vendor that was caught several times selling spyware to governments with dubious human rights records, such as Ethiopia, Saudi Arabia, and Sudan. Neutrino develops technology for law enforcement and financial institutions to investigate and track transactions on the blockchain, the shared public ledger that tracks the movement of tokens in the ecosystem. Coinbase is one of the largest platforms for buying and selling cryptocurrencies in the world, so it sees a lot of transactions on its exchange.
The company claims to be able to monitor and track not just Bitcoin -- a relatively straightforward endeavor -- but also supposedly privacy-oriented (and harder to track) coins such as Monero. In 2017, the company was able to conclude that the North Korean hackers behind the destructive ransomware WannaCry cashed out their Bitcoin and turned it into Monero. [...] In a statement to Motherboard, a Coinbase spokesperson said that the company "does not condone nor will it defend the actions of Hacking Team." "We are aware that Neutrino's co-founders previously worked at Hacking Team, which we reviewed as part of our security, technical, and hiring diligence," the spokesperson said. But Neutrino's technology was just too important for Coinbase to pass on, the spokesperson explained.Read Replies (0)
By msmash from Slashdot's extreme-lengths department
An anonymous reader shares a report: The U.S. military blocked Internet access to an infamous Russian entity seeking to sow discord among Americans during the 2018 midterms, several U.S. officials said, a warning that the group's operations against the United States are not cost-free. The strike on the Internet Research Agency in St. Petersburg, a company underwritten by an oligarch close to President VladiÂmir Putin, was part of the first offensive cyber campaign against Russia designed to thwart attempts to interfere with a U.S. election, the officials said. "They basically took the IRA offline," according to one individual familiar with the matter who, like others, spoke on the condition of anonymity to discuss classified information. "They shut 'em down." The operation marked the first muscle-flexing by U.S. Cyber Command, with intelligence from the National Security Agency, under new authorities it was granted by President Trump and Congress last year to bolster offensive capabilities.Read Replies (0)
By msmash from Slashdot's how-about-that department
Rotten Tomatoes is finally addressing its troll problem. The review aggregation website has unveiled a new initiative to "modernize its audience rating system through a series of product enhancements," -- the first of which includes banning user reviews and comments prior to a movie's theatrical release. Getting rid of pre-release user reviews means internet trolls will not be able to flood film pages with negative scores before a movie comes out. As we saw earlier this week, Captain Marvel was at the receiving end of what appeared to be a targeted campaign to lower the upcoming movie's audience rating. Rotten Tomatoes is not banning user reviews entirely. It says it will offer this functionality to users once the movie has hit the theaters.
Further reading on Rotten Tomatoes: Movie Studios Are Blaming Rotten Tomatoes For Killing Movies No One Wants To See
Hollywood Producer Blames Rotten Tomatoes For Convincing People Not To See His Movie
Rotten Tomatoes Scores Don't Correlate To Box Office Success or Woes, Research Shows
DC Fans Angry Over Rotten Tomatoes 'Justice League' Ratings
Why Don't We Care About The Rotten Tomatoes Scores Of TV Shows?
Real Moviegoers Don't Care About Rotten Tomatoes.Read Replies (0)
By msmash from Slashdot's closer-look department
Ivan Ivanitskiy: People are resorting to blockchain for all kinds of reasons these days. Ever since I started doing smart contract security audits in mid-2017, I've seen it all. A special category of cases is 'blockchain use' that seems logical and beneficial, but actually contains a problem that then spreads from one startup to another. I am going to give some examples of such problems and ineffective solutions so that you (developer/customer/investor) know what to do when somebody offers you to use blockchain this way.
1. Supply chain management
Let's say you ordered some goods, and a carrier guarantees to maintain certain transportation conditions, such as keeping your goods cold. A proposed solution is to install a sensor in a truck that will monitor fridge temperature and regularly transmit the data to the blockchain. This way, you can make sure that the promised conditions are met along the entire route.
The problem here is not blockchain, but rather sensor, related. Being part of the physical world, the sensor is easy to fool. For example, a malicious carrier might only cool down a small fridge inside the truck in which they put the sensor, while leaving the goods in the non-refrigerated section of the truck to save costs.Read Replies (0)
By msmash from Slashdot's shape-of-things-to-come department
If atmospheric CO2 levels exceed 1,200 parts per million (ppm), it could push the Earth's climate over a "tipping point", finds a new study. This would see clouds that shade large part of the oceans start to break up. From a report: According to the new paper published in the journal Nature Geoscience, this could trigger a massive 8C rise in global average temperatures -- in addition to the warming from increased CO2. The only similar example of rapid warming at this magnitude in the Earth's recent history is the Paleo-Eocene Thermal Maximum 55m years ago, when global temperatures increased by 5-8C and drove widespread extinction of species on both the oceans and land.
However, scientists not involved in the research caution that the results are still speculative and that other complicating factors could influence if or when a tipping point is reached. The threshold identified by the researchers -- a 1,200ppm concentration of atmospheric CO2 -- is three times current CO2 concentrations. If fossil fuel use continues to rapidly expand over the remainder of the century, it is possible levels could get that high. The Representative Concentration Pathways 8.5 scenario (RCP8.5), a very high emissions scenario examined by climate scientists, has the Earth's atmosphere reaching around 1,100ppm by the year 2100. But this would require the world to massively expand coal use and eschew any climate mitigation over the rest of this century. Further reading: A state-of-the-art supercomputer simulation indicates that a feedback loop between global warming and cloud loss can push Earth's climate past a disastrous tipping point in as little as a century.Read Replies (0)