By EditorDavid from Slashdot's what-could-go-wrong department
phalse phace quotes MarketWatch: Following on the heels of a story that revealed that Equifax hired a music major with no education related to technology or security as its Chief Security Officer, Equifax announced on Friday afternoon that Chief Security Officer Susan Mauldin has quit the company along with Chief Information Officer David Webb. Chief Information Officer David Webb and Chief Security Officer Susan Mauldin retired immediately, Equifax said in a news release that did not mention either of those executives by name. Mark Rohrwasser, who had been leading Equifax's international information-technology operations since 2016, will replace Webb and Russ Ayres, a member of Equifax's IT operation, will replace Mauldin.
The company revealed Thursday that the attackers exploited Apache Struts bug CVE-2017-5638 -- "identified and disclosed by U.S. CERT in early March 2017" -- and that they believed the unauthorized access happened from May 13 through July 30, 2017.
Thus, MarketWatch reports, Equifax "admitted that the security hole that attackers used was known in March, about two months before the company believes the breach began." And even then, Equifax didn't notice (and remove the affected web applications) until July 30.Read Replies (0)
By BeauHD from Slashdot's mystery-machine department
An anonymous reader quotes a report from The Guardian: The blaring, grinding noise jolted the American diplomat from his bed in a Havana hotel. He moved just a few feet, and there was silence. He climbed back into bed. Inexplicably, the agonizing sound hit him again. It was as if he'd walked through some invisible wall cutting straight through his room. Soon came the hearing loss, and the speech problems, symptoms both similar and altogether different from others among at least 21 U.S. victims in an astonishing international mystery still unfolding in Cuba. The top U.S. diplomat has called them "health attacks." New details learned by the Associated Press indicate at least some of the incidents were confined to specific rooms or even parts of rooms with laser-like specificity, baffling U.S. officials who say the facts and the physics don't add up.
Suspicion initially focused on a sonic weapon, and on the Cubans. Yet the diagnosis of mild brain injury, considered unlikely to result from sound, has confounded the FBI, the state department and U.S. intelligence agencies involved in the investigation. Some victims now have problems concentrating or recalling specific words, several officials said, the latest signs of more serious damage than the U.S. government initially realized. The United States first acknowledged the attacks in August -- nine months after symptoms were first reported.Read Replies (0)
By BeauHD from Slashdot's mind-altering department
schwit1 shares a report from ScienceAlert: The brain-dwelling parasite Toxoplasma gondii is estimated to be hosted by at least 2 billion people around the world, and new evidence suggests the lodger could be more dangerous than we think. While the protozoan invader poses the greatest risk to developing fetuses infected in the womb, new research suggests the parasite could alter and amplify a range of neurological disorders, including epilepsy, Alzheimer's, and Parkinson's, and also cancer. "This study is a paradigm shifter," says one of the team, neuroscientist Dennis Steindler from Tufts University. "We now have to insert infectious disease into the equation of neurodegenerative diseases, epilepsy, and neural cancers." The findings are part of an emerging field of research looking into how T. gondii, which is usually transmitted to humans via contact with cat faeces (or by eating uncooked meat), produces proteins that alter and manipulate the brain chemistry of their infected hosts.Read Replies (0)
By BeauHD from Slashdot's torches-and-pitchforks department
An anonymous reader quotes a report from Motherboard: Felix Kjellberg, better known as PewDiePie, is the most popular YouTuber in the world. He's gotten himself into another controversy, this time for shouting the n-word while livestreaming a video game. The 27-year-old Swede has repeatedly been criticized for hate speech, and just last month said he would no longer make Nazi jokes after a white supremacist rally in Charlottesville, Virginia turned violent. But while playing PlayerUnknown's Battlegrounds on Sunday, Kjellberg, who has over 57 million subscribers on YouTube, called another player the n-word before erupting into laughter. "What a fucking n****r," he said. "Jeez, oh my god. What the fuck? Sorry, but what the fuck? What a fucking asshole. I don't mean that in a bad way." Kjellberg did not immediately respond to a request for comment, and has yet to publicly acknowledge the incident. In response to Kjellberg's use of a racial slur, a number of video game players and developers have condemned the creator. Sean Vanaman, the co-founder of video game company Campo Santo, decided to use copyright law to push back against Kjellberg. On Twitter, he said he was filing a Digital Millennium Copyright Act (DMCA) takedown request against the famous YouTuber regarding a video in which Kjellberg plays Campo Santo's game Firewatch. There are compelling reasons to [remove hate speech from major internet platforms] by any means necessary, but DMCA overreach is among the least compelling options, considering that it unilaterally puts power into the hands of what are essentially uninvolved parties and allows for little arbitration or defense on the part of those who have their content removed.Read Replies (0)
By BeauHD from Slashdot's public-service-announcement department
BrianFagioli shares a report from BetaNews: Unfortunately, there can apparently be security issues with repositories when they shut down. For example, when the metalkettle repo ended, the developer deleted its entry on GitHub. This in itself is not a cause for concern, but unfortunately, GitHub's allowance of project names to be recycled is. You see, someone re-registered the metalkettle name, making it possible for nefarious people to potentially serve up malware to Kodi users. The warning came from the metalkettle developer over on Twitter. He warns that devices with the repository installed could be in danger from a security standpoint. If a user was to search that repo, and the new owner of the GitHub name was to share malware, the user could assume it is safe and install it. We do not know 100 percent if the person that re-registered the metalkettle name on GitHub is planning anything evil, but it is better to be safe than sorry. If you still have the repository installed, you should remove it immediately. Not to mention, if you know someone using Kodi, such as a friend or family member, you should warn them too.Read Replies (0)
By BeauHD from Slashdot's flick-of-a-switch department
An anonymous reader quotes a report from Ars Technica: Verizon is disconnecting another 8,500 rural customers from its wireless network, saying that roaming charges have made certain customer accounts unprofitable for the carrier. The 8,500 customers have 19,000 lines and live in 13 states (Alaska, Idaho, Iowa, Indiana, Kentucky, Maine, Michigan, Missouri, Montana, North Carolina, Oklahoma, Utah, and Wisconsin), a Verizon Wireless spokesperson told Ars today. They received notices of disconnection this month and will lose access to Verizon service on October 17. Verizon said in June that it was only disconnecting "a small group of customers" who were "using vast amounts of data -- some as much as a terabyte or more a month -- outside of our network footprint." But one customer, who contacted Ars this week about being disconnected, said her family never used more than 50GB of data across four lines despite having an "unlimited" data plan. We asked Verizon whether 50GB a month is a normal cut-off point in its disconnections of rural customers, but the company did not provide a specific answer. "These customers live outside of areas where Verizon operates our own network," Verizon said. "Many of the affected consumer lines use a substantial amount of data while roaming on other providers' networks and the roaming costs generated by these lines exceed what these consumers pay us each month. We sent these notices in advance so customers have plenty of time to choose another wireless provider."Read Replies (0)
By msmash from Slashdot's think-about-it department
Steve LeVine, writing for Axios: In 1986, Geoffrey Hinton co-authored a paper that, four decades later, is central to the explosion of artificial intelligence. But Hinton says his breakthrough method should be dispensed with, and a new path to AI found. Speaking with Axios on the sidelines of an AI conference in Toronto on Wednesday, Hinton, a professor emeritus at the University of Toronto and a Google researcher, said he is now "deeply suspicious" of back-propagation, the workhorse method that underlies most of the advances we are seeing in the AI field today, including the capacity to sort through photos and talk to Siri. "My view is throw it all away and start again," he said. Other scientists at the conference said back-propagation still has a core role in AI's future. But Hinton said that, to push materially ahead, entirely new methods will probably have to be invented. "Max Planck said, 'Science progresses one funeral at a time.' The future depends on some graduate student who is deeply suspicious of everything I have said."Read Replies (0)
By msmash from Slashdot's caught-red-handed department
Susan Mauldin, the person in charge of the Equifax's data security, has a bachelor's degree and a master of fine arts degree in music composition from the University of Georgia, according to her LinkedIn profile. Mauldin's LinkedIn profile lists no education related to technology or security. If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret. Earlier this month Equifax, which is one of the three major consumer credit reporting agencies, said that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver's license numbers. On Friday, the UK arm of the organisation said files containing information on "fewer than 400,000" UK consumers was accessed in the breach.Read Replies (0)
By msmash from Slashdot's fault-in-our-stars department
Alex Kantrowitz, reporting for BuzzFeed News: Google, the world's biggest advertising platform, allows advertisers to specifically target ads to people typing racist and bigoted terms into its search bar, BuzzFeed News has discovered. Not only that, Google will suggest additional racist and bigoted terms once you type some into its ad buying tool. Type "White people ruin," as a potential advertising keyword into Google's ad platform, and Google will suggest you run ads next to searches including "black people ruin neighborhoods." Type "Why do Jews ruin everything," and Google will suggest you run ads next to searches including "the evil jew" and "jewish control of banks." BuzzFeed News ran an ad campaign targeted to all these keywords and others this week. The ads went live and were visible when we searched for the keywords we'd selected. Google's ad buying platform tracked the ad views. Following our inquiry, Google disabled every keyword in this ad campaign save one -- an exact match for "blacks destroy everything," is still eligible. Google told BuzzFeed News that just because a phrase is eligible does not guarantee an ad campaign will run against it. A total of 17 ad impressions were served before the keywords were disabled.Read Replies (0)