By EditorDavid from Slashdot's what's-a-patch? department
Core evangelist Thibaut Rouffineau writes about the results of Ubuntu's survey of 2000 consumers about their Internet of Things devices:
This survey revealed that, worryingly, only 31% of consumers that own connected devices perform updates as soon as they become available. A further 40% of consumers have never consciously performed updates on their devices... Of those polled, nearly two thirds felt that it was not their responsibility to keep firmware updated. 22% believed it was the job of software developers, while 18% consider it to be the responsibility of device manufacturers.
Canonical has taken the view for some time now that better automatic mechanisms to fix vulnerabilities remotely are needed as an essential step on the way to a secure IoT. We need to remove the burden of performing software updates from the user and we need to actively ban the dreaded 'default password', as Canonical has done with Ubuntu Core 16... It's clear to us that too many of the solutions to IoT security proposed today involve either mitigating security issues after-the-fact, or living in a world where IoT security problems are the accepted norm. This should not and cannot be the case.
They'll be publishing their complete findings in a new paper in January.Read Replies (0)
By EditorDavid from Slashdot's denial-of-liberty-counterattack department
This week the FBI arrested a 26-year-old southern California man for launching a DDoS attack against online chat service Chatango at the end of 2014 and in early 2015 -- part of a new crackdown on the customers of "DDoS-for-hire" services. An anonymous reader writes:
Sean Krishanmakoto Sharma, a computer science graduate student at USC, is now facing up to 10 years in prison and/or a fine of up to $250,000. Court documents describe a service called Xtreme Stresser as "basically a Linux botnet DDoS tool," and allege that Sharma rented it for an attack on Chatango, an online chat service. "Sharma is now free on a $100,000 bail," reports Bleeping Computer, adding "As part of his bail release agreement, Sharma is banned from accessing certain sites such as HackForums and tools such as VPNs..."
"Sharma's arrest is part of a bigger operation against DDoS-for-Hire services, called Operation Tarpit," the article points out. "Coordinated by Europol, Operation Tarpit took place between December 5 and December 9, and concluded with the arrest of 34 users of DDoS-for-hire services across the globe, in countries such as Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States." It grew out of an earlier investigation into a U.K.-based DDoS-for-hire service which had 400 customers who ultimately launched 603,499 DDoS attacks on 224,548 targets.
Most of the other suspects arrested were under the age of 20.Read Replies (0)
By EditorDavid from Slashdot's profile-views department
Less then four weeks after Microsoft formally acquired LinkedIn for $26 billion, there's been a database breach.
An anonymous reader writes:
LinkedIn is sending emails to 9.5 million users of Lynda.com, its online learning subsidiary, warning the users of a database breach by "an unauthorized third party". The affected database included contact information for at least some of the users. An email to customers says "while we have no evidence that your specific account was accessed or that any data has been made publicly available, âwe wanted to notify you as a precautionary measure." Ironically, the breach comes less than a month after Russia blocked access to LinkedIn over privacy concerns.
LinkedIn has also reset the passwords for 55,000 Lynda.com accounts (though apparently many of its users don't have accounts with passwords).Read Replies (0)
By EditorDavid from Slashdot's depressing-anti-depressant-news department
An anonymous reader quotes Scientific American's Cross-Check blog:
Two new posts on this website have me contemplating, once again, the terrible possibility that psychiatry is hurting more people than it helps. Reporter Sarah G. Miller notes in "1 in 6 Americans Takes a Psychiatric Drug" that prescriptions for mental illness keep surging. As of 2013, almost 17 percent of Americans were taking at least one psychiatric drug, up from 10 percent in 2011, according to a new study. "Antidepressants were the most common type of psychiatric drug in the survey, with 12 percent of adults reporting that they filled prescriptions for these drugs..."
This increase in medications must be boosting our mental health, right? Wrong. In "Is Mental Health Declining in the U.S.?," Edmund S. Higgins, professor of psychiatry at the Medical University of South Carolina, acknowledges the "inconvenient truth" that Americans' mental health has, according to some measures, deteriorated...
It's all more evidence of something their blogger wrote in 2012. "American psychiatry, in collusion with the pharmaceutical industry, may be perpetrating the biggest case of iatrogenesis -- harmful medical treatment -- in history."Read Replies (0)
By EditorDavid from Slashdot's eat-different department
An anonymous reader writes:
Apple has been ordered to cut a $2 million check for denying some of its retail workers meal breaks. The lawsuit was first filed in 2011 by four Apple employees in San Diego. They alleged that the company failed to give them meal and rest breaks [as required by California law], and didn't pay them in a timely manner, among other complaints. In 2013, the case became a class action lawsuit that included California employees who had worked at Apple between 2007 and 2012, approximately 21,000 people...
The complaint says Apple's culture of secrecy keeps employees from talking about the company's poor working conditions. "If [employees] so much as discuss the various labor policies, they run the risk of being fired, sued or disciplined."
Apple changed their break policy in 2012, according to CNN, which reports that the second half of the case should conclude later this week. The employees that had been affected by Apple's original break policy could get as much as $95 each from Friday's settlement, according to CNN, "but it's likely some of the money will go toward attorney fees."Read Replies (0)
By EditorDavid from Slashdot's now-in-North-Dakota department
Electronic Frontier Foundation has dispatched a team of technologists and lawyers to a protest site in Standing Rock, North Dakota, to investigate "several reports of potentially unlawful surveillance." An anonymous reader writes:
The EFF has "collected anecdotal evidence from water protectors about suspicious cell phone behavior, including uncharacteristically fast battery drainage, applications freezing, and phones crashing completely," according to a recent report. "Some water protectors also saw suspicious login attempts to their Google accounts from IP addresses originating from North Dakota's Information & Technology Department. On social media, many reported Facebook posts and messenger threads disappearing, as well as Facebook Live uploads failing to upload or, once uploaded, disappearing completely."
The EFF reports "it's been very difficult to pinpoint the true cause or causes," but they've targeted over 20 law enforcement agencies with public records requests, noting that "Of the 15 local and state agencies that have responded, 13 deny having any record at all of cell site simulator use, and two agencies -- Morton County and the North Dakota State Highway Patrol (the two agencies most visible on the ground) -- claim that they can't release records in the interest of "public safety"...
"Law enforcement agencies should not be allowed to sidestep public inquiry into the surveillance technologies they're using," EFF writes, "especially when citizens' constitutional rights are at stake... It is past time for the Department of Justice to investigate the scope of law enforcement's digital surveillance at Standing Rock and its consequences for civil liberties and freedoms in the digital world."Read Replies (0)
By EditorDavid from Slashdot's run-everywhere department
Java SE is free, but Java SE Suite and various flavors of Java SE Advanced are not, and now Oracle "is massively ramping up audits of Java customers it claims are in breach of its licenses," reports the Register.
Oracle bought Java with Sun Microsystems in 2010 but only now is its License Management Services division chasing down people for payment, we are told by people familiar with the matter. The database giant is understood to have hired 20 individuals globally this year, whose sole job is the pursuit of businesses in breach of their Java licenses... Huge sums of money are at stake, with customers on the hook for multiple tens and hundreds of thousands of dollars.
Slashdot reader rsilvergun writes, "Oracle had previously sued Google for the use of Java in Android but had lost that case. While that case is being appealed, it remains to be seen if the latest push to monetize Java is a response to that loss or part of a broader strategy on Oracle's part." The Register interviewed the head of an independent license management service who says Oracle's even targeting its own partners now.
But after acquiring Sun in 2010, why did Oracle's License Management Services wait a full six years?
"It is believed to have taken that long for LMS to devise audit methodologies and to build a detailed knowledge of customers' Java estates on which to proceed."Read Replies (0)
By EditorDavid from Slashdot's digital-nomads department
"As companies tighten their purse strings, they're spreading out their hires -- this year, and for years to come," reports Backchannel, citing interviews with executives and other workplace analysts. mirandakatz writes:
Once a cost-cutting strategy, remote offices are becoming the new normal: from GitHub to Mozilla and Wordpress, more and more companies are eschewing the physical office in favor of systems that allow employees to live out their wanderlust. As workplaces increasingly go remote, they're adopting tools to keep employees connected and socially fulfilled -- as Mozilla Chief of Staff David Slater tells Backchannel, "The wiki becomes the water cooler."
The article describes budget-conscious startups realizing they can cut their overhead and choose from talent located anywhere in the world. And one group of analysts calculated that the number of telecommuting workers doubled between 2005 and 2014, reporting that now "75% of employees who work from home earn over $65,000 per year, putting them in the upper 80th percentile of all employees, home or office-based."
Are Slashdot's readers seeing a surge in telecommuting? And does anybody have any good stories about the digital nomad lifestyle?Read Replies (0)
By EditorDavid from Slashdot's catch-me-if-you-can department
"Following a failed takedown attempt, changes made to the Mirai malware variant responsible for building one of today's biggest botnets of IoT devices will make it incredibly harder for authorities and security firms to shut it down," reports Bleeping Computer. An anonymous reader writes: Level3 and others" have been very close to taking down one of the biggest Mirai botnets around, the same one that attempted to knock the Internet offline in Liberia, and also hijacked 900,000 routers from German ISP Deutsche Telekom.The botnet narrowly escaped due to the fact that its maintainer, a hacker known as BestBuy, had implemented a domain-generation algorithm to generate random domain names where he hosted his servers. Currently, to avoid further takedown attempts from similar security firms, BestBuy has started moving the botnet's command and control servers to Tor. "It's all good now. We don't need to pay thousands to ISPs and hosting. All we need is one strong server," the hacker said. "Try to shut down .onion 'domains' over Tor," he boasted, knowing that nobody can.Read Replies (0)
By EditorDavid from Slashdot's lager-algorithms department
At a bar in London, they're now testing the prototype for a self-driving beer tap, according to drunkdrone. Gizmodo UK reports:
All you need to do is select your pint of choice on the touchscreen, pay with a tap of your contactless card and stick your pint glass at its base. The pump contains an electronic valve, which opens to allow beer to flow through. A liquid flow meter ensures the right amount of good stuff comes out.
Meanwhile, Bloomberg is also reporting on a London startup that's brewing beer with a special algorithm that constantly modifies the percentage of each ingredient -- hops, water, yeast and grain -- based on ongoing customer feedback.
Levels of carbonation, bitterness and alcohol content all change based on how people are responding... The algorithm produces new recipes every month incorporating the feedback. "There are too many brands out there that just have one recipe for a beer, and they've had it for 60 years," said Hew Leith, co-founder of IntelligentX, the maker of the beer appropriately named AI. "We're not about that. We're about using data to listen to our customers, get all that feedback, and then brew something that's more attuned to what they actually want and need."
He believes the same process could also be used to design perfume, chocolate, and coffee.Read Replies (0)
By EditorDavid from Slashdot's internet-of-cars department
Calling it "the next revolution in roadway safety," the U.S. Department of Transportation hopes to standardize "vehicle communications" technology. Slashdot reader coondoggie writes:
The idea is to enable a multitude of new crash-avoidance applications that could save lives by preventing "hundreds of thousands of crashes every year by helping vehicles 'talk' to each other," the DOT stated... [D]evices would use the dedicated short range communications to transmit data, such as location, direction and speed, to nearby vehicles. That data would be updated and broadcast up to 10 times per second to nearby vehicles, and using that information, V2V-equipped vehicles can identify risks and provide warnings to drivers to avoid imminent crashes.
Self-driving cars (and human drivers) could be informed when it's safe to enter the passing lane (or when cars move into a vehicle's blind spot), for example, and "often in situations in which the driver and on-board sensors alone cannot detect the threat." Federal agencies estimate it will cost just $350 per vehicle by 2020 (and dropping over the decades to come), and they've also already issued guidelines about securing these systems from unauthorized access.Read Replies (0)