By BeauHD from Slashdot's coin-toss department
An anonymous reader quotes a report from TechTarget: Equifax alerted the public in September 2017 to a massive data breach that exposed the personal and financial information -- including names, birthdays, credit card numbers and Social Security numbers -- of approximately 145 million customers in the United States to hackers. Following the Equifax breach, the former CEO Richard Smith and the current interim CEO Paulino do Rego Barros Jr. were called to testify before the Committee on Commerce, Science, and Transportation this week for a hearing titled "Protecting Consumers in the Era of Major Data Breaches." During the hearing, Sen. Cory Gardner (R-Colo.) questioned Smith and Barros about Equifax's use of -- or lack of -- encryption for customer data at rest. Smith confirmed that the company was not encrypting data at the time of the Equifax breach, and Gardner questioned whether or not that was intentional. "Was the fact that [customer] data remained unencrypted at rest the result of an oversight, or was that a decision that was made to manage that data unencrypted at rest?" Gardner asked Smith. Smith pointed out that encryption at rest is just one method of security, but eventually confirmed that a decision was made to leave customer data unencrypted at rest. "So, a decision was made to leave it unencrypted at rest?" Gardner pushed. "Correct," Smith responded.
< article continued at Slashdot's coin-toss department
>Read Replies (0)
By msmash from Slashdot's watch-out department
A reader shares a report: On Nov. 11, China celebrates Singles Day, a holiday dedicated to the nation's unattached. It's also the world's largest shopping festival -- and a bonanza for internet giant Alibaba Group. Up to 500 million consumers will visit sites run by the company searching for discounts on items including Bordeaux wine, UGG boots, SUVs, and high-end Japanese toilets. Citigroup estimates that Alibaba's sales during this year's event could reach 158 billion yuan ($23.8 billion). For Alibaba, Singles Day will also be a demonstration of how far its cloud business has come in eight years. At the peak of activity, Alibaba's servers may be tasked with processing 175,000 transactions a second from its own sites. "It's the day when the largest amount of computing power is needed in China," says He Yunfei, a senior product manager for Alibaba Cloud. [...] Alibaba dominates the Chinese cloud -- in part because local regulators won't issue data center operating licenses to foreign companies, curtailing the China ambitions of Amazon.com and Microsoft, the No. 1 and No. 2 cloud providers globally.Read Replies (0)
By msmash from Slashdot's to-the-future department
Exit Interview: Scott Kelly
Posted by News Fetcher on November 10 '17 at 11:36 AM
By msmash from Slashdot's perspective department
An excerpt from a new interview of Scott Kelly, now a retired astronaut, who spent 11 months and three days at the International Space Station in one stretch: Q: What does space smell like? It smells different to different people. Some people say it smells sweet. To me it smells like burnt metal, like if you took a blowtorch to some steel or something. Q: When you're up there on the ISS, arguably you're the most expensive human being on the planet except the president. The amount of resources being spent to keep you alive are enormous. Did that weigh on you at all? Never even thought about that. No. Never considered it. I appreciated the effort that people went through to make sure you're safe, and are taken care of and supported while you're there, but I never considered the cost of it. Question: Did it feel like, 'Man, I gotta work all the time'? I think some people feel that way. I kind of felt that way on my [first, six-month ISS mission]. But having flown for six months, and then a few years later flying for a year, I realized I couldn't do that. So I definitely had to pace myself throughout the course of the year. Q: Did you lose anything in the station?All kinds of stuff! One of the last things I remember losing was this fancy, 3-D printed cover for some experiment. It was for the camera and I turn around and the thing's gone, and they didn't have a spare. I've got to see if they've found that thing yet. Oh, yeah. We lost a bag of screws and washers one time. Question: When you're on the U.S. side of the ISS and the Russians are on their side, how much interaction is there, day-to-day? They work predominantly in the Russian segment and have their meals there, so during waking hours, they're generally on their side, we're generally on our side. You interact, you go down there, you chat with them, you come back, you might perform some kind of experiments, they might do a little thing in our space station, but it's what we refer to as "segmented ops." Question: Does it feel like you're all in it together? Yes! Absolutely. We actually do some things to help each other that we don't even share with the ground because then it creates like bureaucratic ... issues for them to deal with. I've been asked to help fix some of their hardware, their treadmill one time. We help each other getting trash off the space station without telling the folks in Houston.Read Replies (0)
By msmash from Slashdot's meanwhile-outside-the-US department
An anonymous reader shares a report on The Atlantic which talks about a growing business in Japan wherein you can pay an actor to impersonate your relative, spouse, coworker, or any kind of acquaintance. The reporter has interviewed Ishii Yuichi, CEO of a Family Romance, a company that rents such actors. Yuichi believes that Family Romance, and other companies that provide a similar service can help people cope with unbearable absences or perceived deficiencies in their lives. In an increasingly isolated and entitled society, the chief executive officer predicts the exponential growth of his business and others like it, as a la carte human interaction becomes the new norm. An exchange between Yuichi and the reporter, from the story: Morin: When was your first success? Yuichi: I played a father for a 12-year-old with a single mother. The girl was bullied because she didn't have a dad, so the mother rented me. I've acted as the girl's father ever since. I am the only real father that she knows. Morin: And this is ongoing? Yuichi: Yes, I've been seeing her for eight years. She just graduated high school. Morin: Does she understand that you're not her real father? Yuichi: No, the mother hasn't told her. Morin: How do you think she would feel if she discovered the truth? Yuichi: I think she would be shocked. If the client never reveals the truth, I must continue the role indefinitely. If the daughter gets married, I have to act as a father in that wedding, and then I have to be the grandfather. So, I always ask every client, "Are you prepared to sustain this lie?" It's the most significant problem our company has.Read Replies (0)
By msmash from Slashdot's change-of-heart department
It looks like Logitech didn't anticipate the barrage of criticism it received after announcing this week that it would be intentionally bricking its Harmony Link hub next March. The company is now reversing course. Its Harmony Link will still die next summer, but if you own one, the company is happy to give you a free upgrade to the more recent Harmony Hub model. From a report: Originally, Logitech planned to only offer Harmony Link owners with active warranties free upgrades to its new Harmony Hub devices. But for people out of warranty -- possibly the majority of Harmony Link users, as the devices were last sold in 2015 -- they would just get a one-time, 35 percent discount on a new $100 Harmony Hub. However, after customer outrage, Logitech revised it plans and announced that the company will give every Harmony Link owner a new Hub for free. Additionally, users who had already used the coupon to purchase a new Hub will also be able to contact Logitech in order to obtain a refund for the difference in price. However, Logitech is still not planning to extend support for the Harmony Link. The company says, "We made the business decision to end the support and services of the Harmony Link when the encryption certificate expires in the spring of 2018 -- we would be acting irresponsibly by continuing the service knowing its potential/future vulnerability."Read Replies (0)
By msmash from Slashdot's ain't-nobody-signed-up-for-that department
Antivirus suites expose a user's system to attacks that otherwise wouldn't be possible, a security researcher reported on Friday. From a report: On Friday, a researcher documented a vulnerability he had found in about a dozen name-brand AV programs that allows attackers who already have a toehold on a targeted computer to gain complete system control. AVGater, as the researcher is calling the vulnerability, works by relocating malware already put into an AV quarantine folder to a location of the attacker's choosing. Attackers can exploit it by first getting a vulnerable AV program to quarantine a piece of malicious code and then moving it into a sensitive directory such as C:Windows or C:Program Files, which normally would be off limits to the attacker. Six of the affected AV programs have patched the vulnerable after it was privately reported. The remaining brands have yet to fix it, said Florian Bogner, a Vienna, Austria-based security researcher who gets paid to hack businesses so he can help them identify weaknesses in their networks. Bogner said he developed a series of AVGater exploits during several assignments that called for him to penetrate deep inside customer networks. Using malicious phishing e-mails, he was able to infect employee PCs, but he still faced a significant challenge. Because company administrators set up the PCs to run with limited system privileges, Bogner's malware was unable to access the password database -- known as the Security Account Manager -- that stored credentials he needed to pivot onto the corporate network.Read Replies (0)
By BeauHD from Slashdot's fun-for-the-whole-family department
CBS announced that Star Trek: Discovery will return for the second half of the split season on Sunday, November 12th. There will be roughly a two month gap between the last episode of the first half of the split season, which aires on Sunday, November 12th, and the first episode of the second half of the split season. The Verge reports: When the network announced the series's September release date, it revealed that the first season would be split into two "chapters." The second chapter begins with the show's 10th episode, "Despite Yourself." Chapter 2 will contain the season's remaining six episodes, and will run through February 11th. According to CBS, the show will apparently find the crew of the USS Discovery in "unfamiliar territory," and they'll have to get creative about ways to return home. In this week's episode, the crew came face-to-face with the Klingon Empire over the planet Pahvo, after the planet's native species summoned them, hoping to resolve their conflict. After that, it'll be a longer wait for the show to return: CBS recently announced that it renewed Star Trek: Discovery for a second season, but that announcement didn't come with further details about a second season release date, or the number of episodes or chapters planned for season 2.Read Replies (0)
By BeauHD from Slashdot's new-ground department
At the annual meeting of the Society for Neuroscience starting November 11 in Washington D.C., two teams of scientists plan to present previously unpublished research on the unexpected interaction between human mini-brains and their rat and mouse hosts. "In the new papers, according to STAT, scientists will report that the organoids survived for extended periods of time -- two months in one case -- and even connected to lab animals' circulatory and nervous systems, transferring blood and nerve signals between the host animal and the implanted human cells," reports Inverse. "This is an unprecedented advancement for mini-brain research." From the report: That mini-brains can even be grown in the lab is a huge advancement in the first place, as they have many of the same characteristics as living human brains that are in the early stages of development. Though they're not "alive" in the same sense that you and I are, they grow and are organized into different layers like our brains are. They even react in similar ways to stimuli like psychedelic drugs. Organoids are poised to revolutionize research on the human brain since scientists can perform tests on them that would be unethical to attempt on living humans. STAT also reports that a third lab, in addition to the two presenting at the Society for Neuroscience meeting, has successfully connected human brain organoids to blood vessels. This attempt veered into such challenging ethical territory, though, that the lab reportedly paused its efforts.Read Replies (0)
By BeauHD from Slashdot's one-or-the-other department
An anonymous reader quotes a report from Ars Technica: Just two days after the FBI said it could not get into the Sutherland Springs shooter's seized iPhone, Politico Pro published a lengthy interview with a top Department of Justice official who has become the "government's unexpected encryption warrior." According to the interview, which was summarized and published in transcript form on Thursday for subscribers of the website, Deputy Attorney General Rod Rosenstein indicated that the showdown between the DOJ and Silicon Valley is quietly intensifying. "We have an ongoing dialogue with a lot of tech companies in a variety of different areas," he told Politico Pro. "There's some areas where they are cooperative with us. But on this particular issue of encryption, the tech companies are moving in the opposite direction. They're moving in favor of more and more warrant-proof encryption." "I want our prosecutors to know that, if there's a case where they believe they have an appropriate need for information and there is a legal avenue to get it, they should not be reluctant to pursue it," Rosenstein said. "I wouldn't say we're searching for a case. I''d say we're receptive, if a case arises, that we would litigate."
< article continued at Slashdot's one-or-the-other department
>Read Replies (0)
By BeauHD from Slashdot's law-and-order department
"Earlier this week, a report in The New York Times and a blog post on Medium drew a lot of attention to a world of strange and sometimes disturbing YouTube videos aimed at young children," reports The Verge. "The genre [...] makes use of popular characters from family-friendly entertainment, but it's often created with little care, and can quickly stray from innocent themes to scenes of violence or sexuality." YouTube is cracking down and will now age restrict videos that violate its policy. From the report: The first line of defense for YouTube Kids are algorithmic filters. After that, there is a team of humans that review videos which have been flagged. If a video with recognizable children's characters gets flagged in YouTube's main app, which is much larger than the Kids app, it will be sent to the policy review team. YouTube says it has thousands of people working around the clock in different time zones to review flagged content. If the review finds the video is in violation of the new policy, it will be age restricted, automatically blocking it from traveling to the Kids app. YouTube says it typically takes at least a few days for content to make its way from YouTube proper to YouTube Kids, and the hope is that within that window, users will flag anything potentially disturbing to children. YouTube also has a team of volunteer moderators, which it calls Contributors, looking for inappropriate content. YouTube says it will start training its review team on the new policy and it should be live within a few weeks. Along with filtering content out of the Kids app, the new policy will also tweak who can see these videos on YouTube's main service. Flagged content will be age restricted, and users won't be able to see those videos if they're not logged in on accounts registered to users 18 years or older. All age-gated content is also automatically exempt from advertising. That means this new policy could put a squeeze on the booming business of crafting strange kid's content.Read Replies (0)
By BeauHD from Slashdot's repeal-and-replace department
An anonymous reader quotes a report from Tom's Hardware: Intel's Management Engine (ME) technology is built into almost all modern Intel CPUs. At the Embedded Linux Conference, a Google engineer named Ronald Minnich revealed that the ME is actually running its own entire MINIX OS and that Google is working on removing it. Due to MINIX's presence on every Intel system, the barebones Unix-like OS is the most widely deployed operating system in the world. Intel's ME technology is a hardware-level system within Intel CPUs that consists of closed-source firmware running on a dedicated microprocessor. There isn't much public knowledge of the workings of the ME, especially in its current state. It's not even clear where the hardware is physically located anymore.
What's concerning Google is the complexity of the ME. Public interest in the subject piqued earlier this year when a vulnerability was discovered in Intel's Active Management Technology (AMT), but that's just a software that runs on ME--ME is actually an entire OS. Minnich's presentation touched on his team's discovery that the OS in question is a closed version of the open-source MINIX OS. The real focus, though, is what's in it and the consequences. According the Minnich, that list includes web server capabilities, a file system, drivers for disk and USB access, and, possibly, some hardware DRM-related capabilities. It's not known if all this code is explicitly included for current or future ME capabilities, or if it's because Intel simply saw more potential value in keeping rather than removing it.Read Replies (0)
By BeauHD from Slashdot's pros-and-cons department
schwit1 shares a report from The Hill: The amendment, Section 801 of the National Defense Authorization Act (NDAA), would help Amazon establish a tight grip on the lucrative, $53 billion government acquisitions market, experts say. The provision, dubbed the "Amazon amendment" by experts, according to an article in The Intercept, would allow for the creation of an online portal that government employees could use to purchase everyday items such as office supplies or furniture. This government-only version of Amazon, which could potentially include a few other websites, would give participating companies direct access to the $53 billion market for government acquisitions of commercial products. "It hands an enormous amount of power over to Amazon," said Stacy Mitchell of the Institute for Local Self-Reliance, a research group that advocates for local businesses. Mitchell said that the provision could allow Amazon to gain a monopoly or duopoly on the profitable world of commercial government purchases, leaving smaller businesses behind and further consolidating the behemoth tech firm's power.
schwit1 adds: "Well, this is a two-edged sword, isn't it? Government spends too much and takes too long to buy its simple office needs, but streamlining that process and cutting costs puts more money in the pocket of Jeff Bezos."Read Replies (0)