By BeauHD from Slashdot's cyber-range department
chicksdaddy shares a report from The Security Ledger: Amid increasing concerns about cyber threats to healthcare environments, a global network of labs will test the security of medical devices, according to an announcement on Monday by a consortium of healthcare industry firms, universities and technology firms, The Security Ledger reports. The "World Health Information Security Testing Labs (or "WHISTL") will adopt a model akin to the Underwriters Laboratory, which started out testing electrical devices, and focus on issues related to cyber security and privacy, helping medical device makers "address the public health challenges" created by connected health devices and complex, connected healthcare environments, according to a statement by The Medical Device Innovation, Safety and Security Consortium. "MDISS WHISTL facilities will dramatically improve access to medical device security know-how while protecting patient privacy and the intellectual property of our various stakeholders," said Dr. Nordenberg, MD, Executive Director of MDISS. The labs will be one of the only independent, open and non-profit network of labs specifically designed for the needs of medical field, including medical device designers, hospital IT, and clinical engineering professionals. Experts will assess the security of medical devices using standards and specifications designed by testing organizations like Underwriters Labs. Evaluations will include application security testing like "fuzzing," static code analysis and penetration testing of devices. Any vulnerabilities found will be reported directly to manufacturers in accordance with best practices, and publicly disclosed to the international medical device vulnerability database (MDVIPER) which is maintained by MDISS and the National Health Information Sharing and Analysis Center (NH-ISAC). The group says it plans for 10 new device testing labs by the end of the year including in the U.S. in states like New York to Indiana, Tennessee and California and outside North America in the UK, Israel, Finland, and Singapore. The WHISTL facilities will work with Underwriters Labs as well as AAMI, the Association for the Advancement of Medical Instrumentation. Specifically, MDISS labs will base its work on the UL Cybersecurity Assurance Program specifications (UL CAP) and follow testing standards developed by both groups including the UL 2900 and AAMI 80001 standards.Read Replies (0)
By BeauHD from Slashdot's here-we-go-again department
An anonymous reader writes: "Veritaseum has confirmed today that a hacker stole $8.4 million from the platform's ICO on Sunday, July 23," reports Bleeping Computer. "This is the second ICO hack in the last week and the fourth hack of an Ethereum platform this month. An ICO (Initial Coin Offering) is similar to a classic IPO (Initial Public Offering), but instead of stocks in a company, buyers get tokens in an online platform. Users can keep tokens until the issuing company decides to buy them back, or they can sell the tokens to other users for Ethereum. Veritaseum was holding its ICO over the weekend, allowing users to buy VERI tokens for a product the company was preparing to launch in the realm of financial services." The hacker breached its systems, stole VERI tokens and immediately dumped them on the market due to the high-demand. The hacker made $8.4 million from the token sale, which he immediately started to launder. In a post-mortem announcement, Middleton posted online today, the Veritaseum CEO said "the amount stolen was miniscule (less than 00.07%) although the dollar amount was quite material." The CEO also suspects that "at least one corporate partner that may have dropped the ball and [might] be liable." Previous Ethereum services hacks include Parity, CoinDash, and Classic Ether Wallet.Read Replies (0)
By BeauHD from Slashdot's magical-mystery-tour department
New submitter SEMLogistics writes: I'm working with a well-known rock band, that is not based in the U.S., and has an upcoming U.S. tour this fall. The issue they always run into, however, is when renting a tour bus and traveling with 12 to 14 people, they consistently blow through data allowances set by the bus company. This leads to tremendously expensive overages, and greatly throttled data. "When chartering a Nightliner tour bus, travel companies only typically allow for 10GB data a month. With 12 people, downloading music and streaming movies, we can easily exceed 12GB a day! This leads to thousands of dollars every month in overages!" Slashdot, help! Are there any good mobile hotspot options with unlimited data, and monthly contracts (I haven't found any), or other alternatives than to simply be held a data-hostage?Read Replies (0)
By BeauHD from Slashdot's consumers-first department
An anonymous reader quotes a report from Ars Technica: Senate and House Democratic leaders today proposed new antitrust laws that could prevent many of the biggest mergers and break up monopolies in broadband and other industries. "Right now our antitrust laws are designed to allow huge corporations to merge, padding the pockets of investors but sending costs skyrocketing for everything from cable bills and airline tickets to food and health care," US Senate Minority Leader Chuck Schumer (D-NY) wrote in a New York Times opinion piece. "We are going to fight to allow regulators to break up big companies if they're hurting consumers and to make it harder for companies to merge if it reduces competition." The "Better Deal" unveiled by Schumer and House Democratic Leader Nancy Pelosi (D-Calif.) was described in several documents that can be found in an Axios story. The plan for "cracking down on corporate monopolies" lists five industries that Democrats say are in particular need of change, specifically airlines, cable and telecom, the beer industry, food, and eyeglasses. The Democrats' plan for lowering the cost of prescription drugs is detailed in a separate document. The Democrats didn't single out any internet providers that they want broken up, but they did say they want to stop AT&T's proposed $85.4 billion purchase of Time Warner: "Consolidation in the telecommunications is not just between cable or phone providers; increasingly, large firms are trying to buy up content providers. Currently, AT&T is trying to buy Time Warner. If AT&T succeeds in this deal, it will have more power to restrict the content access of its 135 million wireless and 25.5 million pay-TV subscribers. This will only enable the resulting behemoths to promote their own programming, unfairly discriminate against other distributors and their ability to offer highly desired content, and further restrict small businesses from successfully competing in the market."Read Replies (0)
By BeauHD from Slashdot's security-disasters department
An anonymous reader quotes a report from The Hacker News: Swedish media is reporting of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled an outsourcing deal with IBM, which led to the leak of the private data about every vehicle in the country, including those used by both police and military. The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military's most secretive units, police suspects, people under the witness relocation program, the weight capacity of all roads and bridges, and much more. The incident is believed to be one of the worst government information security disasters ever.
In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks. However, the Swedish Transport Agency uploaded IBM's entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs. The transport agency then emailed the entire database in messages to marketers that subscribe to it. And what's terrible is that the messages were sent in clear text. When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.Read Replies (0)
By msmash from Slashdot's growing-tension department
Snopes.com, which began as a small one-person effort in 1994 and has since become one of the Internet's oldest and most popular fact-checking sites, is in danger of closing its doors. From a report: Since our inception, we have always been a self-sustaining site that provides a free service to the online world: we've had no sponsors, no outside investors or funding, and no source of revenue other than that provided by online advertising. Unfortunately, we have been cut off from our historic source of advertising income. We had previously contracted with an outside vendor to provide certain services for Snopes.com. That contractual relationship ended earlier this year, but the vendor will not acknowledge the change in contractual status and continues to essentially hold the Snopes.com web site hostage. Although we maintain editorial control (for now), the vendor will not relinquish the site's hosting to our control, so we cannot modify the site, develop it, or -- most crucially -- place advertising on it. The vendor continues to insert their own ads and has been withholding the advertising revenue from us. Our legal team is fighting hard for us, but, having been cut off from all revenue, we are facing the prospect of having no financial means to continue operating the site and paying our staff (not to mention covering our legal fees) in the meanwhile.Read Replies (0)
By msmash from Slashdot's where-things-are-headed department
David Pierce, writing for Wired: Push notifications are ruining my life. Yours too, I bet. Download more than a few apps and the notifications become a non-stop, cacophonous waterfall of nonsense. Here's just part of an afternoon on my phone:
"Hi David! We found new Crown jewels and Bottle caps Pins for you!"
"Everyone's talking about Bill Nye's new book, Everything All at Once. Read a free sample."
"Alex just posted for the first time in a while."
I get notifications when an acquaintance comments on a stranger's Facebook posts, when shows I don't care about come to Netflix, and every single day at 6 PM when the crossword puzzle becomes available. Recently, I got a buzz from my close personal friends at Yelp. "We found a hot new business for you," it said. I opened the notification, on the off chance that Yelp had finally found the hot new business I've been waiting for. It did not. So I closed Yelp, stared into space for a second, and then opened Instagram. Productivity over. Over the last few years, there's been an increasingly loud call for a re-evaluation of the relationship between humans and smartphones. For all the good that phones do, their grip on our eyes, ears, and thoughts creates real and serious problems. "I know when I take [technology] away from my kids what happens," Tony Fadell, a former senior VP at Apple who helped invent both the iPod and the iPhone, said in a recent interview. "They literally feel like you're tearing a piece of their person away from them. They get emotional about it, very emotional. They go through withdrawal for two to three days." Smartphones aren't the problem. It's all the buzzing and dinging, endlessly calling for your attention.Read Replies (0)
By msmash from Slashdot's what's-happening department
Unemployment in Britain is now just 4.5 percent. There are only 1.49 million unemployed people in the UK, versus 32 million people with jobs. This is almost unheard of. Unemployment was most recently this low in December 1973, when the UK set an unrepeated record of just 3.4 percent. From a report: The problem with this record is that the statistical definition of "unemployment" relies on a fiction that economists tell themselves about the nature of work. As the rate gets lower and lower, it tests that lie. Because -- as anyone who has studied basic economics knows -- the official definition of unemployment disguises the true rate. In reality, about 21.5 percent of all working-age people (defined as ages 16 to 64) are without jobs, or 8.83 million people, according to the Office for National Statistics. That's more than four times the official number. For decades, economists have agreed on an artificial definition of what unemployment means. Their argument is that people who are taking time off, or have given up looking for work, or work at home to look after their family, don't count as part of the workforce.Read Replies (0)
By msmash from Slashdot's security-woes department
An anonymous reader shares a report: A mysterious piece of malware has been infecting hundreds of Mac computers for years -- and no one noticed until a few months ago. The malware is called "FruitFly," and one of its variants, "FruitFly 2" has infected at least 400 victims over the years. FruitFly 2 is intriguing and mysterious: its goals, who's behind it, and how it infects victims, are all unknown. Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as "unique" and "intriguing." It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as "FruitFly." This first strain had researchers scratching their heads. On the surface, the malware seemed "simplistic." It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely, it went undetected since at least 2015. There was no indication of who could be behind it, and it contained "ancient" functions and "rudimentary" remote control capabilities, Malwarebytes's Thomas Reed wrote at the time.Read Replies (0)
By msmash from Slashdot's embracing-technology department
An anonymous reader shares a report: In 2015, Monocle magazine, a favorite read of the global hipsterati, published an enthusiastic report on Lawrenceville, the former blue-collar neighborhood here filled with cafes, hyped restaurants and brick rowhouses being renovated by flippers. Last year, in a much-publicized development, Uber began testing self-driving cars on the streets, putting this city at the forefront of the autonomous-vehicle revolution. Also last year, in a less publicized development, Jean Yang, 30, returned to this city after more than a decade of living in Boston, finding a Pittsburgh she hardly recognized from her 1990s childhood. And four months ago, Caesar Wirth, a 28-year-old software engineer, moved from Tokyo to work for a local tech start-up, Duolingo. These seemingly unrelated events have one thing in common: Carnegie Mellon University's School of Computer Science. Much has been made of the "food boom" in Pittsburgh, and the city has long had a thriving arts scene. But perhaps the secret, underlying driver for both the economy and the cool factor -- the reason Pittsburgh now gets mentioned alongside Brooklyn and Portland, Ore., as an urban hot spot for millennials -- isn't chefs or artists but geeks. In a 2014 article in The Pittsburgh Post-Gazette, Mayor Bill Peduto compared Carnegie Mellon, along with the University of Pittsburgh, to the iron ore factories that made this city an industrial power in the 19th century. The schools are the local resource "churning out that talent" from which the city is fueled. Because of the top students and research professors at Carnegie Mellon, tech companies like Apple, Facebook, Google and Uber have opened offices here. The big tech firms, along with their highly skilled, highly paid workers, have made Pittsburgh younger and more international and helped to transform once-derelict neighborhoods like Lawrenceville and East Liberty. Indeed, East Liberty has become something of a tech hub, said Luis von Ahn, the co-founder and chief executive of Duolingo, a language-learning platform company with its headquarters in that neighborhood. Google Pittsburgh, with its more than 500 employees, also has part of its offices in East Liberty, as does AlphaLab, a start-up accelerator.Read Replies (0)
By msmash from Slashdot's duh department
Reader OneHundredAndTen writes and shares a report: Systemd doing what it does best. From a report on The Register: A few Penguinistas spent a weekend working out why they can't get through to Netflix from their Linux machines, because when they tried, their DNS lookups failed. The issue emerged over the weekend, when Gentoo user Dennis Schridde submitted a bug report to the Systemd project. Essentially, he described a failure within systemd-resolve, a Systemd component that turns human-readable domain names into IP addresses for software, like web browsers, to connect to. The Systemd resolver couldn't look up Netflix's servers for Schridde's web browser, according to the report. In his detailed post, Schridde said he expected this to happen: ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net gets resolved to 22.214.171.124 or 2a00:86c0:5:5::142. When in reality, that wasn't happening, so Netflix couldn't be reached on his box. His speculation that libidn2, which adds internationalised domain names support to the resolver, was at fault turned out to be accurate. Rebuilding Systemd without that library cleared the problem.Read Replies (0)
By msmash from Slashdot's not-a-feature department
Adrianne Jeffries, reporting for The Outline: Is a $4 million venture capital-funded startup stealthily taking over popular coding tools and injecting ads and spyware into them? That's what some programmers fear may be happening. It is one of the most troubling scandals to hit the open-source community -- a robust network of programmers who work on shared tools for free -- in recent memory. It started back in April, when a programmer noticed a strange change to an open-source tool called Minimap. Minimap has had more than 3.5 million downloads, but like many open-source tools, it was maintained by a single person who no one knew much about other than their username: @abe33. At some point, @abe33, whose real name is Cedric Nehemie, was hired by Kite. Kite was started by Adam Smith, a successful tech entrepreneur who raised funding from a slew of big names including the CEO of Dropbox and the creator of WordPress. It is unclear what Kite's business model is, but it says it uses machine-learning techniques to make coding tools. Its tools are not open source. After being hired by Kite, @abe33 made an update to Minimap. The update was titled "Implement Kite promotion," and it appeared to look at a user's code and insert links to related pages on Kite's website. Kite called this a useful feature. Programmers said it was not useful and was therefore just an ad for an unrelated service, something many programmers would consider a violation of the open-source spirit. "It's not a feature, it's advertising -- and people don't want it, you want it," wrote user @p-e-w. "The least you can do is own up to that." "I have to wonder if your goal was to upset enough people that you'd generate real attention on various news sites and get Kite a ton of free publicity before your next funding round," @DevOpsJohn wrote. "That's the only sane explanation I can find for suddenly dropping ads into the core of one of the oldest and most useful Atom plugins." [...] Although Kite has no business model yet, it's widely thought in Silicon Valley that having users is the first step toward profitability. Adding users potentially benefits the company in another way, by giving it access to precious data. Kite says it uses machine learning tactics to make the best coding helper tools possible. In order to do that, it needs tons of data to learn from. The more code it can look at, the better its autocomplete suggestions will get, for example.Read Replies (0)
By msmash from Slashdot's end-of-road department
Microsoft's next Windows 10 update, called the Fall Creators Update, will bring a variety of new features. But one long-standing stalwart of the Windows experience has been put on the chopping block: Microsoft Paint. From a report: First released with the very first version of Windows 1.0 in 1985, Paint in its various guises would be one of the first graphics editors used by many and became a core part of Windows. Starting life as a 1-bit monochrome licensed version of ZSoft's PC Paintbrush, it wasn't until Windows 98 that Paint could save in JPEG. With the Windows 10 Creators Update, released in April, Microsoft introduced the new Paint 3D, which is installed alongside traditional Paint and features 3D image making tools as well as some basic 2D image editing. But it is not an update to original Paint and doesn't behave like it. Now Microsoft has announced that, alongside Outlook Express, Reader app and Reading list, Microsoft Paint has been signalled for death having been added to the "features that are removed or deprecated in Windows 10 Fall Creators Update" list.Read Replies (0)
By EditorDavid from Slashdot's wise-why's-of-WiFi department
Awhile ago the FCC in the USA implemented a rule that required manufacturers to restrict end-users from tampering with the radio outputs on wi-fi routers. It was predicted that manufacturers would take the lazy way out by locking down the firmware/bootloaders of the routers entirely instead of partitioning off access to the radio transmit power and channel ranges. This has apparently proven to be the case, as even now routers that were previously marketed as "Open Source Ready" or "DD-WRT Compatible" are coming with locked firmware.
In my case, having noticed this trend, I purchased three routers from Belkin, Buffalo, and Netgear in Canada, the UK, and Germany respectively, instead of the USA, and the results: All three routers had locked firmware/bootloaders, with no downgrade rights and no way to install Tomato, DD-WRT, OpenWRT, etc. It seems the FCC rule is an example of the wide-reaching effect of US law on the products sold in other nations, etc. So, does anyone know a good source of unlocked routers or other technical information on how to bypass this ridiculous outcome of FCC over-reach and manufacturer laziness?
The FCC later specified that they were not trying to block Open Source firmware modifications -- so leave your best suggestions in the comments. How can you avoid routers with locked firmware?Read Replies (0)