By BeauHD from Slashdot's here-we-go-again department
"FBI and Justice Department officials have been quietly meeting with security researchers who have been working on approaches to provide such 'extraordinary access' to encrypted devices," reports The New York Times (alternative source), citing people familiar with the matter. Justice Department officials believe that these "mechanisms allowing access to the data" exist without weakening the devices' security against hacking. Slashdot reader schwit1 shares the report: Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms. The Trump White House circulated a memo last month among security and economic agencies outlining ways to think about solving the problem, officials said. The FBI has been agitating for versions of such a mandate since 2010, complaining that the spreading use of encryption is eroding investigators' ability to carry out wiretap orders and search warrants -- a problem it calls "going dark." The issue repeatedly flared without resolution under the Obama administration, peaking in 2016, when the government tried to force Apple to help it break into the iPhone of one of the attackers in the terrorist assault in San Bernardino, Calif. The debate receded when the Trump administration took office, but in recent months top officials like Rod J. Rosenstein, the deputy attorney general, and Christopher A. Wray, the FBI director, have begun talking publicly about the "going dark" problem. The National Security Council and the Justice Department declined to comment about the internal deliberations. The people familiar with the talks spoke on the condition of anonymity, cautioning that they were at a preliminary stage and that no request for legislation was imminent. But the renewed push is certain to be met with resistance.Read Replies (0)
By BeauHD from Slashdot's tragic-accidents department
theodp writes: Nearly a week after an autonomous Uber SUV claimed the first life in testing of self-driving vehicles, The Washington Post reports that Waymo CEO John Krafcik says he is confident its cars would have performed differently under the circumstances (Warning: source may be paywalled; alternative source), since they are intensively programmed to avoid such calamities. "I can say with some confidence that in situations like that one with pedestrians -- in this case a pedestrian with a bicycle -- we have a lot of confidence that our technology would be robust and would be able to handle situations like that," Krafcik said Saturday when asked if a Waymo car would have reacted differently than the self-driving Uber. In explaining its since-settled lawsuit against Uber last year, Google charged that Uber was "using key parts of Waymo's self-driving technology," and added it was "seeking an injunction to stop the misappropriation of our designs." In announcing the settlement of the lawsuit last month, Uber CEO Dara Khosrowshahi noted, "we are taking steps with Waymo to ensure our LIDAR and software represents just our good work." A Google spokesperson added, "We have reached an agreement with Uber that we believe will protect Waymo's intellectual property now and into the future. We are committed to working with Uber to make sure that each company develops its own technology. This includes an agreement to ensure that any Waymo confidential information is not being incorporated in Uber Advanced Technologies Group hardware and software." All of which might prompt some to ask: was Elaine Herzberg collateral damage in Google and Uber's IP war? "I want to be really respectful of Elaine [Herzberg], the woman who lost her life and her family," Krafcik continued. "I also want to recognize the fact that there are many different investigations going on now regarding what happened in Tempe on Sunday." His assessment, he said, was "based on our knowledge of what we've seen so far with the accident and our own knowledge of the robustness that we've designed into our systems."Read Replies (0)
By BeauHD from Slashdot's book-of-secrets department
An anonymous reader quotes a report from Ars Technica: This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received. This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us -- my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata. In response to an email inquiry about this data gathering by Ars, a Facebook spokesperson replied, "The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it's a widely used practice to begin by uploading your phone contacts." The spokesperson pointed out that contact uploading is optional and installation of the application explicitly requests permission to access contacts. And users can delete contact data from their profiles using a tool accessible via Web browser.
< article continued at Slashdot's book-of-secrets department
>Read Replies (0)
By EditorDavid from Slashdot's this-scepter'd-isle department
The U.K.'s High Court will not send Lauri Love to face trial in the U.S. for hacking government computer systems. Instead they've issued a final refusal to overturn Love's successful appeal of his extradition, Ars Technica reports, "effectively ending the extradition effort permanently."
Love was originally arrested in the UK in October of 2013 after using an automated scanner to locate servers within a large range of IP addresses for SQL injection and ColdFusion vulnerabilities and then breaching vulnerable systems and installing Web shells to give him remote administrative-level access. He allegedly managed to compromise servers belonging to the U.S. Missile Defense Agency, the U.S. Army, the Federal Reserve, NASA, and the Environmental Protection Agency. Love's attorneys fought the extradition on the grounds that Love -- who has been diagnosed with Asperger's Syndrome, severe depression, and antibiotic-resistant eczema -- would not get appropriate medical attention in a U.S. prison and would be at risk of suicide if he faced the potential 99-year prison term associated with the charges...
The U.S. had already essentially dropped efforts to extradite Love, but the ruling by the High Court now sets legal precedent that may bar future extraditions of British citizens on hacking charges. In a statement e-mailed to Ars, Naomi Colvin -- acting director of the Courage Foundation, an organization that has assisted Love in his extradition appeal -- said that as a result of the ruling, "there is now very little prospect of any British hacker ever finding themselves in the same position as Lauri Love or Gary McKinnon. Fifteen years of terrible public policy in which British hackers were left open to the vindictive instincts of US prosecutors have now been brought to an end."
Lauri Love told the site that with this ruling, "The era of the U.S. Department of Justice as world police is over."Read Replies (0)
By EditorDavid from Slashdot's artificially-intelligent department
"Robot brains will challenge the fundamental assumptions of how we humans do things," argues Popular Mechanics, noting that age-old truism "that computers will always do literally, exactly what you tell them to."
A paper recently published to ArXiv highlights just a handful of incredible and slightly terrifying ways that algorithms think... An AI project which pit programs against each other in games of five-in-a-row Tic-Tac-Toe on an infinitely expansive board surfaced the extremely successful method of requesting moves involving extremely long memory addresses which would crash the opponent's computer and award a win by default...
These amusing stories also reflect the potential for evolutionary algorithms or neural networks to stumble upon solutions to problems that are outside-the-box in dangerous ways. They're a funnier version of the classic AI nightmare where computers tasked with creating peace on Earth decide the most efficient solution is to exterminate the human race. The solution, the paper suggests, is not fear but careful experimentation.
The paper (available as a free download) contains 27 anecdotes, which its authors describe as a "crowd-sourced product of researchers in the fields of artificial life and evolutionary computation. Popular Science adds that "the most amusing examples are clearly ones where algorithms abused bugs in their simulations -- essentially glitches in the Matrix that gave them superpowers."Read Replies (0)
By EditorDavid from Slashdot's moving-back-to-MySpace department
Long-time Slashdot reader Lauren Weinstein argues that fixing Facebook may be impossible because "Facebook's entire ecosystem is predicated on encouraging the manipulation of its users by third parties who posses the skills and financial resources to leverage Facebook's model. These are not aberrations at Facebook -- they are exactly how Facebook was designed to operate." Meanwhile one fund manager is already predicting that sooner or later every social media platform "is going to become MySpace," adding that "Nobody young uses Facebook," and that the backlash over Cambridge Analytica "quickens the demise."
But Slashdot reader silvergeek asks, "is there a safe, secure, and ethical alternative?" to which tepples suggests "the so-called IndieWeb stack using the h-entry microformat." He also suggests Diaspora, with an anonymous Diaspora user adding that "My family uses a server I put up to trade photos and posts... Ultimately more people need to start hosting family servers to help us get off the cloud craze... NethServer is a pretty decent CentOS based option."
Meanwhile Slashdot user Locke2005 shared a Washington Post profile of Mastodon, "a Twitter-like social network that has had a massive spike in sign-ups this week."
Mastodon's code is open-source, meaning anybody can inspect its design. It's distributed, meaning that it doesn't run in some data center controlled by corporate executives but instead is run by its own users who set up independent servers. And its development costs are paid for by online donations, rather than through the marketing of users' personal information... Rooted in the idea that it doesn't benefit consumers to depend on centralized commercial platforms sucking up users' personal information, these entrepreneurs believe they can restore a bit of the magic from the Internet's earlier days -- back when everything was open and interoperable, not siloed and commercialized.
< article continued at Slashdot's moving-back-to-MySpace department
>Read Replies (0)
By EditorDavid from Slashdot's permission-slips department
Thousands of etcd servers "are spitting sensitive passwords and encrypted keys," reports Fossbytes:
Security researcher Giovanni Collazo was able to harvest 8781 passwords, 650 AWS access keys, 23 secret keys, and 8 private keys. First, he ran a query on the hacker search engine Shodan that returned around 2300 servers running etcd database. Then, he ran a simple script that gave him the login credentials stored on these servers which can be used to gain access to CMSs, MySQL, and PostgreSQL databases, etc.
etcd is a database used by computing clusters to store and exchange passwords and configuration settings between servers and applications over the network. With the default settings, its programming interface can return administrative login credentials without any authentication upfront... All of the data he harvested from around 1500 servers is around 750MB in size... Collazo advises that anyone maintaining etcd servers should enable authentication, set up a firewall, and take other security measures.
Another security research independently verified the results, and reported that one MySQL database had the root password "1234".Read Replies (0)
By EditorDavid from Slashdot's have-you-driven-a-fjord-lately? department
An anonymous reader quotes Electrek:
Tesla is always very busy in Norway, its biggest market per capita, but it has recently been difficult for the automaker to deliver its vehicles as its shipments keep being taken off the road for using transporters with "dangerous" trucks that do not conform to the rules. The California-based automaker generally ships its vehicles to Norway through the port of Drammen, but it is experiencing capacity issues so they are instead going through Gothenburg port and having to use more trucks to move the cars to its stores and service centers. According to several media reports in Norway, over half a dozen of those trucks have been stopped by the authorities for a variety of safety reasons during inspections and one of the trucks that wasn't stopped ended up in an accident. Two Model S vehicles were crushed on the trailer involved in the accident. Tesla says that it is having difficulties finding competent transporters that comply to Norway's road requirements. On top of the safety issues, Tesla is also using transporters operating Euro 3 class trucks, which are more polluting.
Elon Musk tweeted in response to the article that "I have just asked our team to slow down deliveries.
"It is clear that we are exceeding the local logistics capacity due to batch build and delivery. Customer happiness & safety matter more than a few extra cars this quarter."Read Replies (0)
By EditorDavid from Slashdot's jailhouse-rock department
An anonymous reader shares an update on Artur Sargsyan, who owned the music-pirating site Sharebeast as well as Newjams and Albumjams. TorrentFreak reports:
Thursday a U.S. District Judge sentenced the 30-year-old to five years in prison, three years of supervised release, and more than $642,000 in restitution and forfeiture...
The RIAA claimed that ShareBeast was the largest illegal file-sharing site operating in the United States... "Millions of users accessed songs from ShareBeast each month without one penny of compensation going to countless artists, songwriters, labels and others who created the music," RIAA Chairman & CEO Cary Sherman commented at the time...
If Sargsyan had responded to takedown notices more positively, it's possible that things may have progressed in a different direction. The RIAA sent the site more than 100 copyright-infringement emails over a three-year period but to no effect. This led the music industry group to get out its calculator and inform the Deparmtment of Justice that the total monetary loss to its member companies was "a conservative" $6.3 billion "gut-punch" to music creators who were paid nothing by the service...
"His reproduction of copyrighted musical works were made available only to generate undeserved profits for himself," said U.S. Attorney Byung J. "BJay" Pak. "The incredible work done by our law enforcement partners and prosecutors in light of the complexity of Sargsyan's operation demonstrates that we will employ all of our resources to stop this kind of theft."
David J. LaValley, Special Agent in Charge of FBI Atlanta, said "His sentence sends a message that no matter how complex the operation, the FBI, its federal partners and law enforcement partners around the globe will go to every length to protect the property of hard working artists and the companies that produce their art."
< article continued at Slashdot's jailhouse-rock department
>Read Replies (0)
By EditorDavid from Slashdot's chipping-a-tooth department
Researchers at Tufts University are testing tooth-mounted RFID chips which sense and transmit data on what goes in your mouth. ABC News reports:
The sensors looks like custom microchips stuck to the tooth. They are flexible, tiny squares -- ranging from 4 mm by 4 mm to an even smaller size of about 2 mm by 2 mm -- that are applied directly to human teeth. Each one has three active layers made of titanium and gold, with a middle layer of either silk fibers or water-based gels. In small-scale studies, four human volunteers wore sensors, which had silk as the middle "detector" layer, on their teeth and swished liquids around in their mouths to see if the sensors would function. The researchers were testing for sugar and for alcohol.
The tiny squares successfully sent wireless signals to tablets and cell phone devices. In one of their first experiments, the chip could tell the difference between solutions of purified water, artificial saliva, 50 percent alcohol and wood alcohol. It would then wirelessly signal to a nearby receiver via radiofrequency, similar to how EZ Passes work. They demonstrated that different concentrations of glucose, a type of sugar, could be distinguished, even in liquids that had sugar concentrations like those found in fruit drinks.Read Replies (0)
By EditorDavid from Slashdot's bomber-busted department
Wednesday police in Austin, Texas finally located the "serial bomber" believed to be responsible for six package bombs which killed two people over the last three weeks. "The operation was aided by different uses of technology, including surveillance cameras and cell phone triangulation." An anonymous reader shares this article:
The suspect, who has been identified as 24-year-old Mark Anthony Conditt, was killed near the motel he was traced to thanks to surveillance footage from a Federal Express drop-off store, The Austin American-Stateman reported. The authorities were able to gather information after police noticed the subject shipped an explosive device from a Sunset Valley FedEx store, a suburb approximately 25 minutes away from Austin. The evidence included the security footage from the store, as well as store receipts obtained showing suspicious transactions. The authorities were also able to look at the individual's Google search history, the Statesman noted, which gave them further insight into his dealings...
The authorities were also able to use cell phone triangulation technology, which provides a cell phone's location data via information collected from nearby cell towers... The phone's GPS capabilities can track the phone within 5 to 10 feet and can also provide "historical" or "prospective" location information. It can also "ping" the phone, forcing it to reveal its exact location... As cell phone companies store this type of data, law enforcement authorities must request it via the appropriate court processes.
"Authorities in Austin were able to use this technology to trace the suspect to a hotel in Williamson County."Read Replies (0)
By EditorDavid from Slashdot's calling-Collabora department
Slashdot reader mfilion writes: Over the past couple of years, Linux's low-level graphics infrastructure has undergone a quiet revolution. Since experimental core support for the atomic modesetting framework landed a couple of years ago, the DRM subsystem in the kernel has seen roughly 300,000 lines of code changed and 300,000 new lines added, when the new AMD driver (~2.5m lines) is excluded. Lately Weston has undergone the same revolution, albeit on a much smaller scale. Here, Daniel Stone, Graphics Lead at Collabora, puts the spotlight on the latest enhancements to Linux's low-level graphics infrastructure, including Atomic modesetting, Weston 4.0, and buffer modifiers.Read Replies (0)
By EditorDavid from Slashdot's just-in-time department
An anonymous reader quotes Application Development Trends:
Oracle announced the general availability of Java SE 10 (JDK 10) this week. This release, which comes barely six months after the release of Java SE 9, is the first in the new rapid release cadence Oracle announced late last year. The new release schedule, which the company is calling an "innovation cycle," calls for a feature release every six months, update releases every quarter, and a long-term support (LTS) release every three years. Java 10 is a feature release that obsoletes Java 9. The next LTS release will be Java 11, expected in September. The next LTS version after that will be Java 17, scheduled for release in September 2021...
The six-month feature release cadence is meant to reduce the latency between major releases, explained is Sharat Chander, director of Oracle's Java SE Product Management group, said in a blog post. "This release model takes inspiration from the release models used by other platforms and by various operating-system distributions addressing the modern application development landscape," Chander wrote. "The pace of innovation is happening at an ever-increasing rate and this new release model will allow developers to leverage new features in production as soon as possible. Modern application development expects simple open licensing and a predictable time-based cadence, and the new release model delivers on both."
This release finally adds var to the Java language (though its use is limited to local variables with initializers or declared in a for-loop). It's being added "to improve the developer experience by reducing the ceremony associated with writing Java code, while maintaining Java's commitment to static type safety, by allowing developers to elide the often-unnecessary manifest declaration of local variable type."Read Replies (0)