By EditorDavid from Slashdot's distributing-denial-of-service-attacks department
PC Magazine reports:
A new way to amplify DDoS attacks has been spotted harassing Google, Amazon, Pornhub and even the National Rifle Association's main website after striking Github last week. The attacks, which exploit vulnerable "memcached servers," have been trying to hose down scores of new targets with a flood of internet traffic, according to Chinese security firm Qihoo 360... Github was the first high-profile victim and suffered a 1.35 Tbps assault -- or what was then the biggest DDoS attack on record. But days later, an unnamed U.S. service provider fended off a separate assault, which measured at 1.7 Tbps.Unfortunately, the amplified DDoS attacks haven't stopped. They've gone on to strike over 7,000 unique IP addresses in the last seven days, Qihoo 360 said in a blog post... Gaming sites including Rockstargames.com, Minecraft.net, and Playstation.net have been among those hit...
The security community is also steadily addressing the linchpin to all the assaults: the vulnerable memcached servers. About 100,000 of these online storage systems were publicly exposed over a week ago. But the server owners have since patched or firewalled about 60,000 of them, Radware security researcher Daniel Smith said. That leaves 40,000 servers open to exploitation. Smith points to how the coding behind the attack technique has started to circulate online through free tools and scripts.
Meanwhile, Slashdot reader darthcamaro shares an article about "the so-call 'kill switch'" that some vendors have been debating:
"The 'kill switch' was immediately obvious to everyone who worked on mitigating this DDoS attack," John Graham-Cumming, CTO of CloudFlare said. "We chose not to use or test this method because it would be unethical and likely illegal since it alters the state of a remote machine without authorization."Read Replies (0)
By EditorDavid from Slashdot's raising-the-Spectre department
An anonymous reader quotes BleepingComputer: A new variation of the Spectre attack has been revealed this week by six scientists from the Ohio State University. Named SgxSpectre, researchers say this attack can extract information from Intel SGX enclaves. Intel Software Guard eXtensions (SGX) is a feature of modern Intel processors that allow an application to create so-called enclaves. This enclave is a hardware-isolated section of the CPU's processing memory where applications can run operations that deal with extremely sensitive details, such as encryption keys, passwords, user data, and more... Neither Meltdown and Spectre were able to extract data from SGX enclaves. This is where SgxSpectre comes in.
According to researchers, SgxSpectre works because of specific code patterns in software libraries that allow developers to implement SGX support into their apps. Vulnerable SGX development kits include the Intel SGX SDK, Rust-SGX, and Graphene-SGX. Academics say an attacker can leverage the repetitive code execution patterns that these SDKs introduce in SGX enclaves and watch for small variations of cache size. This allows for side-channel attacks that allow a threat actor to infer and slowly recover data from secure enclaves. Intel's recent Spectre patches don't necessarily help, as an attacker can work around these fixes. Intel says an update for the Intel SGX SDK that adds SgxSpectre mitigations will be released on March 16. Apps that implement Google's Retpoline anti-Spectre coding techniques are safe, researchers say.Read Replies (0)
By EditorDavid from Slashdot's ebooks-in-Europe department
Slashdot reader David Rothman writes: The oldest public domain publisher in the world, Project Gutenberg, has blocked German users after an outrageous legal ruling saying this American nonprofit must obey German copyright law... Imagine the technical issues for fragile, cash-strapped public domain organizations -- worrying not only about updated databases covering all the world's countries, but also applying the results to distribution.
TeleRead carries two views on the German case involving a Holtzbrinck subsidiary...
Significantly, older books provide just a tiny fraction of the revenue of megaconglomerates like Holtzbrinck but are essential to students of literature and indeed to students in general.
What's more, as illustrated by the Sonny Bono Copyright Term Extension Act in the U.S., copyright law in most countries tends to reflect the wishes and power of lobbyists more than it does the commonweal.
Ideally the travails of Project Gutenberg will encourage tech companies, students, teachers, librarians and others to step up their efforts against oppressive copyright laws. While writers and publishers deserve fair compensation, let's focus more on the needs of living creators and less on the estates of authors dead for many decades. The three authors involved in the German case are Heinrich Mann (died in 1950), Thomas Mann (1955) and Alfred Döblin (1957).
One solution in the U.S. and elsewhere for modern creators would be national library endowments... Meanwhile, it would be very fitting for Google and other deep-pocketed corporations with an interest in a global Internet and more balanced copyright to help Gutenberg finance its battle. Law schools, other academics, educators and librarians should also offer assistance.Read Replies (0)
By EditorDavid from Slashdot's boring-stories department
"Remember Elon Musk's plan to dig a massive web of traffic-beating tunnels underneath Los Angeles...?" asks CNN. "Now, that plan appears to be getting a huge makeover." An anonymous reader quotes TechCrunch:
While it will still focus on digging tunnels to provide a network of underground tubes suitable for use by high-speed Hyperloop pods, the plan now is to use that Hyperloop to transport pedestrians and cyclists first, and then only later to work on moving cars around underground to bypass traffic. Musk shared the update via Twitter, noting that the idea would be to load customers onto cars roughly the size that a single parking space takes up currently, [thousands of which] would be dotted around an urban environment close to any destinations where someone might travel. The single-car station model would be designed to replace the current subway-style model, Musk said, where only a few small stations are very spread out... This is a big departure from the original vision, and it seems like one that might have evolved after Musk and his collaborators on the project spoke to urban planners and transit authorities.
"If someone can't afford a car, they should go first," Musk posted on Twitter, sharing a new conceptual video where an elevator lowers one of these pedestrian- and cyclist-focussed shuttle pods underground.
TechCrunch says this new vision "would be appealing both to urban officials looking to decrease congestion on downtown roads and discourage personal vehicle use, and to anyone hoping to increase access to affordable transit options."Read Replies (0)
By BeauHD from Slashdot's indirect-propaganda department
An anonymous reader quotes a report from VICE News: Reddit says it has identified and removed hundreds of Russian propaganda accounts, a few days after reports revealed that Russian trolls were active on the platform during the 2016 U.S. presidential election. In a post Monday, Reddit co-founder Steve Huffman said his site operators had been investigating for awhile and had found a few hundred accounts suspected to be of Russian origin or linked to known sources of Russian propaganda. "Of course, every account we find expands our search a little more," he said, also claiming the "vast majority" of the suspicious accounts were banned back in 2015-2016. An even bigger challenge was the problem of "indirect propaganda," where content produced by accounts now known to be Russian trolls was enthusiastically shared by Trump supporters on subreddits such as r/The_Donald. Reddit's investigation followed a report from The Daily Beast, based on leaked internal data from Kremlin-backed troll farm the Internet Research Agency, that confirmed Russian trolls were active on the site, as well as Tumblr, in their mission to spread disinformation, divide Americans and disrupt U.S. politics. The Washington Post reports that congressional investigators looking into the Russian issue intend to question Reddit and Tumblr over their involvement.Read Replies (0)
By BeauHD from Slashdot's heads-up department
In 2016, the Chinese space agency lost control of its Tiangong-1, or Heavenly Palace, spacecraft, five years after it blasted into orbit. Scientists have determined that it will come crashing down to Earth in the coming weeks, be they do not know exactly where on Earth it will hit. The Guardian reports: The defunct module is now at an altitude of 150 miles and being tracked by space agencies around the world, with the European Space Agency's center in Darmstadt predicting a fiery descent for it between March 27 and April 8. Hurtling around the Earth at about 18,000mph, the module ranks as one of the larger objects to re-enter the atmosphere without being steered towards the ocean, as is standard for big and broken spacecraft, and cargo vessels that are jettisoned from the International Space Station (ISS), to reduce the risk to life below. The spacecraft's orbit ranges from 43 degrees north to 43 degrees south, which rules out a descent over the UK but includes vast stretches of North and South America, China, the Middle East, Africa, Australia, parts of Europe -- and great swaths of the Pacific and Atlantic oceans. Western analysts cannot be sure how much of the spacecraft will survive re-entry, because China has not released details of the design and materials used to make Tiangong-1. But the spacecraft may have well-protected titanium fuel tanks containing toxic hydrazine that could pose a danger if they land in populated areas.Read Replies (0)
By BeauHD from Slashdot's deadly-riddle department
An anonymous reader quotes a report from Ars Technica: For the first time, researchers have discovered strains of a deadly, multidrug-resistant bacterium that uses a cryptic method to also evade colistin, an antibiotic used as a last-resort treatment. That's according to a study of U.S. patients published this week by Emory University researchers in the open-access microbiology journal mBio. The wily and dangerous bacteria involved are carbapenem-resistant Klebsiella pneumoniae or CRKP, which are already known to resist almost all antibiotics available, including other last-line antibiotics called carbapenems. The germs tend to lurk in clinical settings and can invade the urinary tract, bloodstream, and soft tissues. They're members of a notorious family of multidrug-resistant pathogens, called carbapenem-resistant Enterobacteriaceae (CRE), which collectively have mortality rates as high as 50 percent and have spread rapidly around the globe in recent years. A 2013 report by the Centers for Disease Control and Prevention estimated that there were more than 9,300 CRE infections in the U.S. each year, leading to 600 deaths. Both the CDC and the World Health Organization have listed CRE as one of the critical drug-resistant threats to public health, in need of "urgent and aggressive action."
< article continued at Slashdot's deadly-riddle department
>Read Replies (0)
By BeauHD from Slashdot's all-good-things-must-come-to-an-end department
On Friday, Lenovo confirmed layoffs for the Motorola group in Chicago, where the company designs its modular Moto Z smartphones. "In a statement to 9to5Google, Lenovo denied that it was axing 50% of the workforce, as the site had suggested, but didn't provide any further specifics," reports Fast Company. Android Police now reports that 190 people were laid off. A separate report of theirs claims that the company has "completely abandoned plans to launch the successor to last year's Moto X4, the as-yet unannounced Moto X5." Furthermore, "Motorola will be narrowing its focus back to E, G, and Z phones for the time being," reports Android Police. "It's possible the Moto X name could return at some point, but that's looking unlikely in light of this news." The source also says Motorola will be largely discontinuing its efforts to develop all-new, eccentric MotoMods for its Z phone. The likelihood that MotoMods will continue to be sold after 2019 is looking very slim.Read Replies (0)
By BeauHD from Slashdot's higher-and-higher department
The California High-Speed Rail Authority announced today that the cost of connecting Los Angeles to San Francisco would total $77.3 billion, an increase of $13 billion from estimates two years ago, and could potentially rise as high as $98.1 billion. They also said the earliest trains could operate on a partial system between San Jose and the farming town of Wasco would be 2029, five years later than the previous projection. Los Angeles Times reports: The disclosures are contained in a 114-page business plan that was issued in draft form by the rail authority and will be finalized this summer in a submission to the Legislature. The rail authority has wrestled with a more than $40-billion funding gap, which would increase sharply under the new cost estimates. The biggest immediate driver of the cost increase has been in the Central Valley, where the rail authority is building 119 miles of track between Wasco and Merced. The authority disclosed in early February that the cost of that work would jump to $10.6 billion from an original estimate of about $6 billion. Roy Hill, one of the senior consultants advising the state, told the rail authority board, "The worst-case scenario has happened." In its 2014 business plan, the rail authority optimistically projected that it could begin carrying passengers in just seven years. But the warning signs of uncontrolled cost growth had already started mounting then, even though until this year the rail authority has vehemently denied that it was facing a problem. The project began having trouble buying property for the route almost immediately after it issued its first construction contract in 2013.Read Replies (0)
By BeauHD from Slashdot's held-in-the-sand department
The cable industry is slowly realizing that more advertisements and higher prices aren't the solution to cord cutting. Karl Bode writes via DSLReports: AT&T and Dish have explored offering cheaper, more flexible streaming alternatives (DirecTV Now and Sling TV, respectively), both understanding that getting out ahead of the cord cutting trend is the right play, even if the net result is making less money from traditional television. And on the broadcasting front, several companies this month made it clear they'll be reducing the ad loads on their programming, since charging users a subscription fee and socking them with endless ads is becoming a dated concept in the cord cutting era. Fox, for example, told the Wall Street Journal this week that the company would be reducing TV ad time in its content to two minutes an hour by 2020. Comcast NBC Universal says it's also following suit, having cut advertising time in its own shows by 10%, and reduced the overall number of advertising during commercial breaks by 20%. Given there's 83 million households still subscribing to traditional cable TV, many cable executives are under the false impression they can keep doubling down on bad ideas without the check coming due. But the data indicates this head in the sand approach simply isn't sustainable. Pay TV providers saw a reduction of more than 500,000 traditional pay TV customers during the fourth quarter, a decline of 3.4% total pay TV customers from the year before. That 3.4% decline was up from the 2% rate during in the fourth quarter of 2016 and a 1% rate of decline one year before that.Read Replies (0)
By msmash from Slashdot's see-you-soon department
He was supposed to revolutionize a California fast food kitchen, churning out 150 burgers per hour without requiring a paycheck or benefits. But after a single day of working as a cook at a Caliburger location in Pasadena this week, Flippy the burger-flipping robot has stopped flipping. From a report: In some ways, Flippy was a victim of his own success. Inundated with customers eager to see the machine in action this week, Cali Group, which runs the fast food chain, quickly realized the robot couldn't keep up with the demand. They decided instead to retrain the restaurant staff to work more efficiently alongside Flippy, according to USA Today. Temporarily decommissioned, patrons encountered a sign Thursday noting that Flippy would be "cooking soon," the paper reported. "Mostly it's the timing," Anthony Lomelino, the Chief Technology Officer for Cali Group told the paper. "When you're in the back, working with people, you talk to each other. With Flippy, you kind of need to work around his schedule. Choreographing the movements of what you do, when and how you do it."Read Replies (0)
By BeauHD from Slashdot's clean-as-a-whistle department
According to a patent application made public on Thursday, March 8, Apple could be developing a new MacBook keyboard designed to prevent crumbs and dust from getting those super-shallow MacBook keys stuck. "Liquid ingress around the keys into the keyboard can damage electronics. Residues from such liquids may corrode or block electrical contacts, getting in the way of key movement and so on," the patent application reads. Digital Trends reports: The application goes on to describe how those problems might be remedied: With the careful application of gaskets, brushes, wipers, or flaps that block gaps beneath keycaps. One solution would include a membrane beneath each key, effectively insulating the interior of the keyboard from the exterior, while another describes using each keypress as a "bellows" to force contaminants out of the keyboard. "A keyboard assembly [could include] a substrate, a key cap, and a guard structure extending from the key cap that funnels contaminants away from the movement mechanism," the patent application reads.Read Replies (0)
By BeauHD from Slashdot's tide-has-turned department
Android users don't appear to be switching to the iPhone like they used to. According to a new study from Consumer Intelligence Research Partners (CIRP), Android users have higher loyalty than iOS users do. "The research firm found that Android brand loyalty has been remaining steadily high since early 2016, and remains at the highest levels ever seen," reports TechCrunch. From the report: Today, Android has a 91 percent loyalty rate, compared with 86 percent for iOS, measured as the percentage of U.S. customers who stayed with their operating system when they upgraded their phone in 2017. From January 2016 through December 2017, Android loyalty ranged from 89 to 91 percent (ending at 91 percent), while iOS loyalty was several percentage points lower, ranging from 85 to 88 percent. Explains Mike Levin, partner and co-founder of CIRP, users have pretty much settled on their brand of choice at this point. "With only two mobile operating systems at this point, it appears users now pick one, learn it, invest in apps and storage, and stick with it. Now, Apple and Google need to figure out how to sell products and services to these loyal customer bases," he said. It's worth noting that Android hasn't always led in user loyalty as it does now. CIRP has been tracking these metrics for years, and things used to be the other way around.Read Replies (0)
By BeauHD from Slashdot's software-aided department
An anonymous reader quotes an exclusive report from Motherboard: Through a software-aided investigation, Motherboard has found that while YouTube has managed to clamp down on Islamic extremists uploading propaganda, the video giant is still awash with videos supporting violent and established neo-Nazi organizations, even when, in some cases, users have reported the offending videos. Clips of neo-Nazi propaganda operations, hate-filled speeches, and extremists pushing for direct action have remained on the site for weeks, months, or years at a time. Arguably, many if not all of these videos may fall under YouTube's own policy on hate speech, which "refers to content that promotes violence against or has the primary purpose of inciting hatred against individuals or groups based on certain attributes," including race or ethnic origin, religion, and sexual orientation, according to the policy.
Motherboard built a tool to monitor YouTube and make a record of when the platform removed certain videos, and limited the clips to propaganda for established neo-Nazi and far-right terrorist organizations like Atomwaffen, rather than people in the so-called "alt-right." Most of the videos were discovered through simple YouTube searches of relevant organizations' names, or sometimes through the "recommended videos" sidebar after Motherboard had built up a browsing history of neo-Nazi material. For the sake of comparison, over a week-long period Motherboard also tracked pro-ISIS videos uploaded by the group's supporters and then distributed through a network of Telegram channels. Typically, YouTube removed these Islamic extremism videos in a matter of hours, including those that did not contain images of violence, but were instead speeches or other not directly violent content. But YouTube is playing catch up with neo-Nazi material. YouTube removed only two videos that Motherboard was monitoring: two identical clips of a speech from UK terrorist organization National Action.Read Replies (0)
By msmash from Slashdot's final-verdict department
Next Monday the web celebrates its 29th birthday. Ahead of it, Sir Tim Berners-Lee spoke with BBC on a wide-range of topics. An excerpt: In Barcelona last week at the Mobile World Congress I heard FCC boss Ajit Pai mount a robust defence of the move, pointing out that the internet had grown and thrived perfectly well in the years before 2015, when the net neutrality provision came in. "He said the same thing to me," Sir Tim tells us, revealing that he had recently been to lunch with Mr Pai. He had told the FCC boss that advances in computer processing power had made it easier for internet service providers to discriminate against certain web users for commercial or political reasons, perhaps slowing down traffic to one political party's website or making it harder for a rival company to process payments. But he failed to change Ajit Pai's mind. "He's surrounded by a set of people with a very traditional mindset, which has been driven by the PR machine of the telco industry, who believe it is their duty in Washington to oppose any regulation, whatever it is." Sir Tim, however, is refusing to concede defeat in this battle. "We stopped SOPA and PIPA," he says, referring to two US anti-piracy measures which campaigners opposed on the grounds they impinged on internet freedoms.Read Replies (0)
By msmash from Slashdot's big-picture department
Alibaba is already using AI and machine learning to optimize its supply chain, personalize recommendations, and build products like Tmall Genie, a home device similar to the Amazon Echo. China's two other tech supergiants, Tencent and Baidu, are likewise pouring money into AI research. The government plans to build an AI industry worth around $150 billion by 2030 and has called on the country's researchers to dominate the field by then. But Alibaba's ambition is to be the leader in providing cloud-based AI. From a report: Like cloud storage (think Dropbox) or cloud computing (Amazon Web Services), cloud AI will make powerful resources cheaply and readily available to anyone with a computer and an internet connection, enabling new kinds of businesses to grow. The real race in AI between China and the US, then, will be one between the two countries' big cloud companies, which will vie to be the provider of choice for companies and cities that want to make use of AI. And if Alibaba is anything to go by, China's tech giants are ready to compete with Google, Amazon, IBM, and Microsoft to serve up AI on tap. Which company dominates this industry will have a huge say in how AI evolves and how it is used. [...] There have been other glimpses of Alibaba's progress in AI lately. Last month a research team at the company released an AI program capable of reading a piece of text, and answering simple questions about that text, more accurately than anything ever built before. The text was in English, not Chinese, because the program was trained on the Stanford Question Answering Dataset (SQuAD), a benchmark used to test computerized question-and-answer systems. [...] One advantage China's tech companies have over their Western counterparts is the government's commitment to AI. Smart cities that use the kind of technology found in Shanghai's metro kiosks are likely to be in the country's future. One of Alibaba's cloud AI tools is a suite called City Brain, designed for tasks like managing traffic data and analyzing footage from city video cameras.Read Replies (0)
By msmash from Slashdot's check-mate department
The hackers who attempted to hack Binance, one of the largest cryptocurrency exchanges on the Internet, have ended up losing money in a remarkable turn of events. It all began on Thursday, when thousands of user accounts started selling their Bitcoin and buying an altcoin named Viacoin (VIA). The incident, BleepingComputer reports, looked like a hack, and users reacted accordingly. But this wasn't a hack, or at least not your ordinary hack. The report adds: According to an incident report published by the Binance team, in preparation for yesterday's attack, the hackers ran a two-month phishing scheme to collect Binance user account credentials. Hackers used a homograph attack by registering a domain identical to binance.com, but spelled with Latin-lookalike Unicode characters. More particularly, hackers registered the [redacted].com domain -- notice the tiny dots under the "i" and "a" characters. Phishing attacks started in early January, but the Binance team says it detected evidence that operations ramped up around February 22, when the campaign reached its peak. Binance tracked down this phishing campaign because the phishing pages would immediately redirect phished users to the real Binance login page. This left a forensic trail in referral logs that Binance developers detected. After getting access to several accounts, instead of using the login credentials to empty out wallets, hackers created "trading API keys" for each account. With the API keys in hand, hackers sprung their main attack yesterday. Crooks used the API keys to automate transactions that sold Bitcoin held in compromised Binance accounts and automatically bought Viacoin from 31 other Binance accounts that hackers created beforehand, and where they deposited Viacoin, ready to be bought. But hackers didn't know one thing -- Binance's secret weapon -- an internal risk management system that detected the abnormal amount of Bitcoin-Viacoin sale orders within the span of two minutes and blocked all transactions on the platform. Hackers tried to cash out the 31 Binance accounts, but by that point, Binance had blocked all withdrawals.Read Replies (0)