By EditorDavid from Slashdot's worries-for-Windows-users department
"A zero-day attack called Double Agent can take over antivirus software on Windows machines," Network World reported Wednesday. wiredmikey writes:
The attack involves the Microsoft Application Verifier, a runtime verification tool for unmanaged code that helps developers find subtle programming errors in their applications... [The exploit] allows a piece of malware executed by a privileged user to register a malicious DLL for a process associated with an antivirus or other endpoint security product, and hijack its agent.
Patches were released by Malwarebytes, AVG, and Trend Micro, the security researchers told BleepingComputer earlier this week. Kaspersky Lab told ZDNet "that measures to detect and block the malicious scenario have now been added to all its products," while Norton downplayed the exploit, saying the attack "would require physical access to the machine and admin privileges to be successful," with their spokesperson "adding that it has deployed additional detection and blocking protections in the unlikely event users are targeted."
BetaNews reports that the researchers "say that it is very easy for antivirus producers to implement a method of protection against this zero-day, but it is simply not being done. 'Microsoft has provided a new design concept for antivirus vendors called Protected Processes...specially designed for antivirus services...the protected process infrastructure only allows trusted, signed code to load and has built-in defense against code injection attacks.'"Read Replies (0)
By EditorDavid from Slashdot's survey-says? department
More than 64,000 developers from 213 countries participated in this year's annual survey by Stack Overflow -- the largest number ever -- giving a glimpse into the collective psyche of programmers around the world. An anonymous reader quotes their announcement:
A majority of developers -- 56.5% -- said they were underpaid. Developers who work in government and non-profits feel the most underpaid, while those who work in finance feel the most overpaid... While only 13.1% of developers are actively looking for a job, 75.2% of developers are interested in hearing about new job opportunities... When asked what they valued most when considering a new job, 53.3% of respondents said remote options were a top priority. 65% of developers reported working remotely at least one day a month, and 11.1% say they're full-time remote or almost all the time. Also, the highest job satisfaction ratings came from developers who work remotely full-time.
By EditorDavid from Slashdot's investing-in-automation department
Steve Wozniak -- along with Kleiner Perkins Caufield & Byer -- have invested in an automated paper-digitization company named Ripcord, which formally launched on Thursday. An anonymous reader quotes VentureBeat:
Based in Hayward, California, Ripcord has machines that can scan, index, and categorize paper records to make them searchable through companies' existing systems, via the cloud... Upon receipt, Ripcord unboxes the files and passes them to its machines, which scan, upload, and convert the content into searchable PDFs. Ripcord says that the conversion and classification process is around 80 percent automated and covers handling, the removal of fasteners (e.g. staples), and scanning.
"It sounds silly at first, but a really big part of the reason why this has never been done before are staples," explains Business Insider. "Existing scanner systems require humans to pull staples, separate three-ring binders, unclip paper clips, and occasionally even unstrip duct tape before they can go through the system -- otherwise they jam up the works."
"Our robots work their magic," explains Ripcord's web site. They're charging .004 cents per page -- for every month that it's stored in the cloud.Read Replies (0)
By BeauHD from Slashdot's live-comfortably department
An anonymous reader quotes a report from ABC57 News in South Bend, Indiana: Indiana is looking to help offenders who are behind bars. Soon, each inmate in the Hoosier state could have their own tablet. The Indiana Department of Correction says the tablet will help inmates stay connected with their families and improve their education. Offenders will be able to use the tablets to access any classwork, self-help materials or entertainment. Officials expect to use entertainment, like music or movies, to reward good behavior. The proposal was first filed in January. Apple iPad's or kindles won't be used. Instead, a company that makes tablets specifically for prisons or jails will be hired. One San Francisco based-company they may consider, Telmate, has a device that is used in more than 20 states, including some jails in Marshall County. INDOC is hoping a vendor will front the costs of the entertainment apps so taxpayers won't have to. INDOC also says it wants to avoid charging inmate fees because charging fees that they can't afford would defeat the purpose of the system. If the company selected pays, the vendor would be reimbursed and still earn a profit.Read Replies (0)
By BeauHD from Slashdot's new-band-name-ideas department
The increased use of technology capable of photographing and sharing images has prompted the World Meteorological Organization to add 11 new cloud classifications to their International Cloud Atlas. "A far cry from simple white puffs, these 11 new cloud types roll, dip, and menace their way across the skies," reports National Geographic. From the report: These 11 additions are the first updates that the atlas has received in 30 years, and much of the change can be attributed to citizen scientists who can share and discuss clouds by uploading photos to the Atlas's site. 2017 is the first year that the renowned atlas will be published entirely online, but a hardbound version will follow later this year. Asperitas, Latin for roughness, is the cloud type that has citizen scientists most excited and has been a special victory for the UK-based Cloud Appreciation Society. This photo, first spotted in 2006, captured their attention for its inability to be described by existing cloud types. Marked by small divot-like features that create chaotic ripples across the sky, asperitas were championed by enthusiasts who noticed they did not accurately fall under existing categories. Other clouds that formerly went by more colloquial names, such as the wave-like Kelvin-Helmoltz cloud, and fallstreak holes, will now be recognized with the Latin names fluctus and cavum, respectively. You can watch a time-lapse of the newly classified asperitas here.Read Replies (0)
By BeauHD from Slashdot's bigger-picture department
rmdingler quotes a report from Consumerist: A corporate squabble over printer toner cartridges doesn't sound particularly glamorous, and the phrase "patent exhaustion" is probably already causing your eyes to glaze over. However, these otherwise boring topics are the crux of a Supreme Court case that will answer a question with far-reaching impact for all consumers: Can a company that sold you something use its patent on that product to control how you choose to use after you buy it? The case in question is Impression Products, Inc v Lexmark International, Inc, came before the nation's highest court on Tuesday. Here's the background: Lexmark makes printers. Printers need toner in order to print, and Lexmark also happens to sell toner. Then there's Impression Products, a third-party company makes and refills toner cartridges for use in printers, including Lexmark's. Lexmark, however, doesn't want that; if you use third-party toner cartridges, that's money that Lexmark doesn't make. So it sued, which brings us to the legal chain that ended up at the Supreme Court. In an effort to keep others from getting a piece of that sweet toner revenue, Lexmark turned to its patents: The company began selling printer cartridges with a notice on the package forbidding reuse or transfer to third parties. Then, when a third-party -- like Impression -- came around reselling or recycling the cartridges, Lexmark could accuse them of patent infringement. So far the courts have sided with Lexmark, ruling that Impression was using Lexmark's patented technology in an unauthorized way. The Supreme Court is Impression's last avenue of appeal. The question before the Supreme Court isn't one of "can Lexmark patent this?" Because Lexmark can, and has. The question is, rather: Can patent exhaustion still be a thing, or does the original manufacturer get to keep having the final say in what you and others can do with the product? Kate Cox notes via Consumerist that the Supreme Court ruling is still likely months away. However, she has provided a link to the transcript of this week's oral arguments (PDF) in her report and has dissected it to see which way the justices are leaning on the issue.Read Replies (0)
By BeauHD from Slashdot's Moore's-Law department
An anonymous reader quotes a report from MIT Technology Review: A streamlined set of goals for reducing carbon emissions could simplify the way nations approach the quest to reduce human impact on the planet. A group of European researchers have a refreshingly straightforward solution that they call a carbon law -- or, as the Guardian has coined it, a "Moore's law for carbon." The overarching goal is simple: globally, we must halve carbon dioxide emissions every decade. That's essentially it. The rule would ideally be applied "to all sectors and countries at all scales," and would encourage "bold action in the short term." Dramatic changes would naturally have to occur as a result -- from quick wins like carbon taxes and energy efficiency regulations, to longer-term policies like phasing out combustion-engine cars and carbon-neutral building regulations. If policy makers followed the carbon law, adoption of renewables would continue its current pace of doubling energy production every 5.5 years, and carbon dioxide sequestration technologies would need to ramp up in order for the the planet to reach net-zero emissions by the middle of the century, say the researchers. Along the way, coal use would end as soon as 2030 and oil use by 2040. There are, clearly, issues with the idea, not least being the prospect of convincing every nation to commit to such a vision. The very simplicity that makes the idea compelling can also be used as a point of criticism: Can such a basic rule ever hope to define practical ideas as to how to change the world's energy production and consumption? The study has been published in the journal Science.Read Replies (0)
By BeauHD from Slashdot's cut-of-the-pie department
Earlier this week, CEO of Microsoft Greater China, Alain Crozier, told China Daily that the company is ready to roll out a version of Windows 10 with extra security features demanded by China's government. "We have already developed the first version of the Windows 10 government secure system. It has been tested by three large enterprise customers," Crozier said. The Register reports: China used Edward Snowden's revelations to question whether western technology products could compromise its security. Policy responses included source code reviews for foreign vendors and requiring Chinese buyers to shop from an approved list of products. Microsoft, IBM and Intel all refused to submit source code for inspection, but Redmond and Big Blue have found other ways to get their code into China. IBM's route is a partnership with Dalian Wanda to bring its cloud behind the Great Firewall. Microsoft last year revealed its intention to build a version of Windows 10 for Chinese government users in partnership with state-owned company China Electronics Technology Group Corp. There's no reason to believe Crozier's remarks are incorrect, because Microsoft has a massive incentive to deliver a version of Windows 10 that China's government will accept. To understand why, consider that China's military has over two million active service personnel, the nation's railways employ similar numbers and Microsoft's partner China Electronics Technology Group Corp has more than 140,000 people on its books. Not all of those are going to need Windows, but plenty will.Read Replies (0)
By BeauHD from Slashdot's messing-with-mother-nature department
In what will be the world's biggest solar geoengineering program to date, U.S. scientists part of the $20 million Harvard University project are going to send aerosol injections 20km (~12.4 miles) into the earth's stratosphere "to establish whether the technology can safely simulate the atmospheric cooling effects of a volcanic eruption," The Guardian reports. From the report: Scientists hope to complete two small-scale dispersals of first water and then calcium carbonate particles by 2022. Future tests could involve seeding the sky with aluminum oxide -- or even diamonds. Janos Pasztor, Ban Ki-moon's assistant climate chief at the UN who now leads a geoengineering governance initiative, said that the Harvard scientists would only disperse minimal amounts of compounds in their tests, under strict university controls. Geoengineering advocates stress that any attempt at a solar tech fix is years away and should be viewed as a compliment to -- not a substitute for -- aggressive emissions reductions action. But the Harvard team, in a promotional video for the project, suggest a redirection of one percent of current climate mitigation funds to geoengineering research, and argue that the planet could be covered with a solar shield for as little as $10 billion a year. Some senior UN climate scientists view such developments with alarm, fearing a cash drain from proven mitigation technologies such as wind and solar energy, to ones carrying the potential for unintended disasters. If lab tests are positive, the experiment would then be replicated with a limestone compound which the researchers believe will neither absorb solar or terrestrial radiation, nor deplete the ozone layer.Read Replies (0)
By BeauHD from Slashdot's gotta-pay-the-bills-somehow department
According to Crypto Insider, Venezuelan developers have been selling "rare pepes" -- trading cards that contain unique illustrations and photoshops of the character Pepe the Frog. While the trading cards started out as nothing more than a joke, many of them have been traded for thousands of dollars on the Counterparty platform, which is built on top of Bitcoin, and have provided a way for many developers to sustain themselves in Venezuela's poor economy. From the report: The basic idea behind the issuance of rare pepes on top of the Counterparty platform is that it enables scarcity in a digital world. Each rare pepe card is linked to a little bit of bitcoin through a practice known as coin coloring. Whoever owns the private keys associated with the address where the bitcoins that represent a specific rare pepe card is located is the one who owns that particular trading card. Now, a group of developers in Venezuela are building games similar to Hearthstone and Pokemon where the rare pepe trading cards will play an integral role. If you go to rarepepe.party right now, you're mainly presented with a video of what the first game based on the Rare Pepe digital trading cards will look like. The concept is similar to Hearthstone or Magic: The Gathering where players essentially do battle with their opponents via characters on trading cards, which have specific stats and features. In this case, the characters are various rare pepes. With many rare pepes already released (you can view them in the official rare pepe directory), the developers behind Rare Pepe Party are attempting to provide a use case for these new trading cards. While some rare pepe cards already have stats on them, the developer who chatted with Crypto Insider says those stats may not mean much when it's time to play the game. While rare pepes are nothing more than fun and games for much of the developed world, they're a matter of survival in Venezuela. "We're based in Venezuela, and our business has been saved by bitcoin many times," said the developer. The developer claims roughly 80 percent of the offices around the area where Rare Pepe Party is being developed have shut down over the past year. The biggest businesses on their street have also dropped as much as 90 percent of their employees.Read Replies (0)
By BeauHD from Slashdot's iron-fist department
According to the South Korea Trade Commission (SKTC), Qualcomm prevented Samsung from selling its Exynos processors to various third-party phone manufacturers. "The Commission's report claims that Qualcomm abused its standard-essential patents -- which define technical standards like Wi-Fi and 4G -- to prevent Samsung from selling its modems, integrated processors, and other chips to smartphone makers like LG, Huawei, Xiaomi, and others," reports Digital Trends. "The Commission reportedly threatened to file suit against Samsung, which had agreed to license the patents for an undisclosed sum, if the South Korean electronics maker began competing against it in the mobile market." From the report: That bullying ran afoul of the South Korea Trade Commission's rules, which require that standard-essential patents be licensed on fair, reasonable, and non-discriminatory (FRAND) terms. "Samsung Electronics has been blocked from selling its modem chips to other smartphone manufacturers due to a license deal it signed with Qualcomm," the commissioners wrote. The report provides legal justification for the $853 million fine the SKTC placed on Qualcomm in December for "anti-competitive practices." Qualcomm intends to appeal. "[We] strongly disagree with the KFTC's announced decision, which Qualcomm believes is inconsistent with the facts and the law, reflects a flawed process, and represents a violation of due process rights owed American companies" under an applicable agreement between the U.S. and South Korea.Read Replies (0)
By BeauHD from Slashdot's money-as-an-incentive department
FedEx's Office Print department is offering customers $5 to enable Adobe Flash in their browsers. Why would they do such a thing you may ask? It's because they want customers to design posters, signs, manuals, banners and promotional agents using their "web-based config-o-tronic widgets," which requires Adobe Flash. The Register reports: But the web-based config-o-tronic widgets that let you whip and order those masterpieces requires Adobe Flash, the enemy of anyone interested in security and browser stability. And by anyone we mean Google, which with Chrome 56 will only load Flash if users say they want to use it, and Microsoft which will stop supporting Flash in its Edge browser when the Windows 10 Creators Update debuts. Mozilla's Firefox will still run Flash, but not for long. The impact of all that Flash hate is clearly that people are showing up at FedEx Office Print without the putrid plug-in. But seeing as they can't use the service without it, FedEx has to make the offer depicted above or visible online here. That page offers a link to download Flash, which is both a good and a bad idea. The good is that the link goes to the latest version of Flash, which includes years' worth of bug fixes. The bad is that Flash has needed bug fixes for years and a steady drip of newly-detected problems means there's no guarantee the software's woes have ended. Scoring yourself a $5 discount could therefore cost you plenty in future.Read Replies (0)
By BeauHD from Slashdot's insert-more-coins-to-continue department
An anonymous reader quotes a report from Ars Technica: It's game over for an Alabama man who claims his patent on "Carpenter Bee Traps" is being infringed by competing products on eBay. Robert Blazer filed his lawsuit in 2015, saying that his U.S. Patent No. 8,375,624 was being infringed by a variety of products being sold on eBay. Blazer believed the online sales platform should have to pay him damages for infringing his patent. A patent can be infringed when someone sells or "offers to sell" a patented invention. At first, Blazer went through eBay's official channels for reporting infringement, filing a "Notice of Claimed Infringement," or NOCI. At that point, his patent hadn't even been issued yet and was still a pending application, so eBay told him to get back in touch if his patent was granted. On February 19, 2013, Blazer got his patent and ultimately sent multiple NOCI forms to eBay. However, eBay wouldn't take down any items, in keeping with its policy of responding to court orders of infringement and not mere allegations of infringement. In 2015, Blazer sued, saying that eBay had directly infringed his patent and also "induced" others to infringe. That lawsuit can't move forward, following an opinion (PDF) published this week by U.S. District Judge Karon Bowdre. The judge found that eBay lacked any knowledge of actual infringement and rejected Blazer's argument that eBay was "willfully blind" to infringement of Blazer's patent. The opinion was first reported yesterday by The Recorder (registration required).Read Replies (0)