By msmash from Slashdot's catch-me-if-you-can department
There are cyberheists, and then there's Carbanak, a cybercriminal gang that has stolen about $1.2 billion from more than 100 banks in 40 nations. The suspected 34-year-old ringleader is under arrest, but the whopping $1.2 billion amount remains missing. And to add insult to the injury, the malware attacks live on. Bloomberg Businessweek has an insightful story on this, which includes comments from none other than Europol itself, on the chase to catch Carabanak which has lasted for three years. Some excerpts from the story: Before WannaCry, before the Sony Pictures hack, and before the breaches that opened up Equifax and Yahoo!, there was a nasty bit of malware known as Carbanak. Unlike those spectacular attacks, this malware wasn't created by people interested in paralyzing institutions for ransom, publishing embarrassing emails, or taking personal data. The Carbanak guys just wanted loot, and lots of it. Since late 2013, this band of cybercriminals has penetrated the digital inner sanctums of more than 100 banks in 40 nations, including Germany, Russia, Ukraine, and the U.S., and stolen about $1.2 billion, according to Europol, the European Union's law enforcement agency. The string of thefts, collectively dubbed Carbanak -- a mashup of a hacking program and the word "bank" -- is believed to be the biggest digital bank heist ever. In a series of exclusive interviews with Bloomberg Businessweek, law enforcement officials and computer-crime experts provided revelations about their three-year pursuit of the gang and the mechanics of a caper that's become the stuff of legend in the digital underworld. Besides forcing ATMs to cough up money, the thieves inflated account balances and shuttled millions of dollars around the globe. Deploying the same espionage methods used by intelligence agencies, they appropriated the identities of network administrators and executives and plumbed files for sensitive information about security and account management practices. The gang operated through remotely accessed computers and hid their tracks in a sea of internet addresses.Read Replies (0)
By msmash from Slashdot's it's-here department
On Tuesday, Mozilla released Firefox 61, the newest version of its web browser for Windows, Mac, Linux, and Android platforms. The release builds on Firefox Quantum, which the company calls "by far the biggest update since Firefox 1.0 in 2004." VentureBeat: Version 61 brings TLS 1.3, the ability to add custom search engines to the location bar, tab warming, retained display lists, WebExtension tab management, and the Accessibility Tools Inspector. Mozilla doesn't break out the exact numbers for Firefox, though the company does say "half a billion people around the world" use the browser. In other words, it's a major platform that web developers have to consider.Read Replies (0)
By msmash from Slashdot's mixed-feelings department
AOL discontinued AIM, its 20-year-old iconic instant messaging service, last December, months after cutting third-party access to it. Now Motherboard reports a a small team of developers has resurrected it with a private server. From the report: The new chat service is called AIM Phoenix, and it works by running the messages through a private Dynamic DNS run by Wildman Productions, a non-profit group of hobbyist programers. This isn't a new AIM client, it literally uses the old software running on a new server, so it looks and feels exactly like AIM. It's simple to set up. First, you download an old version of AIM from the AIM Phoenix website, register for a new username, tweak the settings to reroute through Wildman Productions' server, and then open yourself up the nostalgic glory of Web 2.0. The old versions of AIM are touchy on new machines and I had to play with a few different versions before I got 5.0 working on my Windows 10 machine.Read Replies (0)
By msmash from Slashdot's closer-look department
An anonymous reader writes: A survey conducted among the tech workers, including many employees of Silicon Valley's elite tech companies, has revealed that over 57% of respondents are suffering from job burnout. The survey was carried out by the makers of an app that allows employees to review workplaces and have anonymous conversations at work, behind their employers' backs. Over 11K employees answered one question -- if they suffer from job burnout, and 57.16% said "Yes." The company with the highest employee burnout rate was Credit Karma, with a whopping 70.73%, followed by Twitch (68.75%), Nvidia (65.38%), Expedia (65.00%), and Oath (63.03% -- Oath being the former Yahoo company Verizon bought in July 2017). On the other end of the spectrum, Netflix ranked with the lowest burnout rate of only 38.89%, followed by PayPal (41.82%), Twitter (43.90%), Facebook (48.97%), and Uber (49.52%).Read Replies (0)
By BeauHD from Slashdot's heads-up department
An anonymous reader quotes a report from Bleeping Computer: Security researchers have found, on average, five security flaws in each cryptocurrency ICO held last year. Only one ICO held in 2017 did not contain any critical flaws. According to Positive.com, a security firm specialized in ICO security audits, most of the vulnerabilities they found, they discovered in the smart contracts at the base of the ICO itself.
"71% of tested projects contained vulnerabilities in smart contracts, the heart and soul of an ICO," the company said. "Once an ICO starts, the contract cannot be changed and is open to everyone, meaning anyone can view it and look for flaws. Typically, these would consist of non compliance with the ERC20 standard (the token interface for digital wallets and cryptocurrency exchanges), incorrect random number generation and incorrect scoping amongst others," Positive.com experts say. "Generally, these vulnerabilities occur due to lack of programmer expertise and insufficient source code testing." According to the researchers, all the mobile apps ICO organizers have launched in 2017 contained security flaws. "The most common flaws in mobile apps are the use of insecure data transfer methods, storage of user data in phone backups, and disclosure of session IDs that an attacker could capture and use against the user," reports Bleeping Computer. Security bugs were also found in the web apps.Read Replies (0)
By BeauHD from Slashdot's technical-difficulties department
The Russian-manufactured Proton rocket that has been traveling into space since before humans landed on the Moon will finally stop flying. "In an interview with a Russian publication, Roscosmos head Dmitry Rogozin said production of the Proton booster will cease as production shifts to the new Angara booster," reports Ars Technica. "No new Proton contracts are likely to be signed." From the report: First launched in 1965, the rocket was initially conceived of as a booster to fly two-person crews around the Moon, as the Soviet Union sought to beat NASA into deep space. Indeed, some of its earliest missions launched creatures, including two turtles, to the Moon and back.
The decision will bring down the curtain on one of the longest-used and most versatile rockets in world history. As the United States developed the space shuttle in the 1970s and began flying it in the 1980s, the Russian space agency saw the opportunity to commercialize the Proton rocket, and by the end of the 1990s, the booster became a major moneymaker for the Russian space industry. With a capacity of 22.8 tons to low-Earth orbit, it became a dominant player in the commercial market for heavier satellites. An increasing rate of failures, combined with the rise of SpaceX's cheaper Falcon 9 rockets, "have caused the number of Proton launches in a given year to dwindle from eight or so to just one or two," adds Ars. "This shrinking market has opened the door to the Angara rocket, which has the advantage of not using environmentally hazardous fuel for each of its stages..."Read Replies (0)
By BeauHD from Slashdot's privacy-matters department
Troy Hunt, web security expert and creator of the website Have I Been Pwned (HIBP), wrote a blog post announcing his partnerships with Firefox and 1Password. For those unfamiliar with the site, Have I Been Pwned allows you to search across multiple data breaches to see if your email address has been compromised. The service is especially handy now that data breaches are becoming a daily occurrence. Hunt writes: Last November, there was much press about Mozilla integrating HIBP into Firefox. I was a bit surprised at the time as it was nothing more than their Breach Alerts feature which simply highlighted if the site being visited had previously been in a data breach (it draws this from the freely accessible breach API on HIBP). But the press picked up on some signals which indicated that in the long term, we had bigger plans than that and the whole thing got a heap of very positive attention. I ended up fielding a heap of media calls just on that one little feature - people loved the idea of HIBP in Firefox, even in a very simple form. As it turns out, we had much bigger plans and that's what I'm sharing here today. Over the coming weeks, Mozilla will begin trialling integration between HIBP and Firefox to make breach data searchable via a new tool called "Firefox Monitor." Here's what Hunt has to say about 1Password: As of now, you can search HIBP from directly within 1Password via the Watchtower feature in the web version of the product. This helps Watchtower become "mission control" for accounts and introduces the "Breach Report" feature. If you're a 1Password user you can use this feature right now, just head on over to the 1Password login page.Read Replies (0)
By BeauHD from Slashdot's quality-of-data department
dcblogs writes: LinkedIn has developed a new analytics platform that should make it easier to poach job candidates. It will use its vast database of nearly 600 million profiles to help recruiters find pockets of talent, know the attrition rate and glean competitive data. The platform, due in September, was discussed at a recent HR conference. One attendee asked a LinkedIn official: "Does that set up an environment for poaching talent?" And then she immediately answered her own question. "I think the answer is yes. And so why would I sign off on that?" In response to the attendees' question, Eric Owski, the head of product for Talent Insights at LinkedIn, said there was nothing wrong with making this data available. The LinkedIn team concluded that "the world is becoming more transparent," and "very sophisticated teams at large companies were able to figure out a lot of the calculations that we're making available in this product," he said. "We think by packaging it up nicely, it levels the playing field," Owski said. "We feel like we're on safe ground."Read Replies (0)
By BeauHD from Slashdot's one-size-doesn't-fit-all department
Recompiling is unlikely to be a catch-all solution for a recently unveiled Intel CPU vulnerability known as TLBleed, the details of which were leaked on Friday, the head of the OpenBSD project Theo de Raadt says. iTWire reports: The details of TLBleed, which gets its name from the fact that the flaw targets the translation lookaside buffer, a CPU cache, were leaked to the British tech site, The Register; the side-channel vulnerability can be theoretically exploited to extract encryption keys and private information from programs. Former NSA hacker Jake Williams said on Twitter that a fix would probably need changes to the core operating system and were likely to involve "a ton of work to mitigate (mostly app recompile)." But de Raadt was not so sanguine. "There are people saying you can change the kernel's process scheduler," he told iTWire on Monday. "(It's) not so easy."
He said that Williams was lacking all the details and not thinking it through. "They actually have sufficient detail to think it through: the article says the TLB is shared between hyperthreading CPUs, and it is unsafe to share between two different contexts. Basically you can measure evictions against your own mappings, which indicates the other process is touching memory (you can determine the aliasing factors)." De Raadt said he was still not prepared to say more, saying: "Please wait for the paper [which is due in August]."Read Replies (0)
By BeauHD from Slashdot's always-listening department
According to a new report from Bloomberg's Mark Gurman and Debby Wu, Apple is "planning higher-end AirPods, a new HomePod and studio-quality over-ear headphones for as early as next year." From the report: The Cupertino, California-based company is working on new AirPods with noise-cancellation and water resistance, the people said. Apple is trying to increase the range that AirPods can work away from an iPhone or iPad, one of the people said. You won't be swimming in them though: The water resistance is mainly to protect against rain and perspiration, the people said. Slated for 2019, the earbuds will likely cost more than the existing $159 pair, and that could push Apple to segment the product line like it does with iPhones, one of the people said. Apple is also working on a wireless charging case that's compatible with the upcoming AirPower charger.
There are over-ear headphones coming from Apple, too. Those will compete with pricey models from Bose Corp. and Sennheiser. They will use Apple branding and be a higher-end alternative to the company's Beats line. Apple originally intended to introduce the headphones by the end of 2018, but has faced development challenges, and is now targeting a launch as early as next year, the people said. A previous Bloomberg report was plugged, teasing a new version of the current AirPods that will feature a new chip and support for hands-free Siri activation. They are reportedly launching later this year.Read Replies (0)
By msmash from Slashdot's beware department
Tick bites can cause all sorts of nasty afflictions. And if you're bitten by a Lone Star tick, here's one more to add to the list: a red meat allergy. NPR reports: About 10 years ago, Dr. Scott Commins, an allergist and associate professor of medicine at the University of North Carolina, Chapel Hill, was among the first physicians to identify the allergy in patients with tick bites. Back then, there were just a few dozen known cases. That has increased dramatically. "We're confident the number is over 5,000 [cases], and that's in the U.S. alone," Commins says. There are also cases in Sweden, Germany and Australia -- likely linked to other species of ticks. In the U.S., the Lone Star tick has expanded its range beyond the Southeast, and there are documented cases of alpha gal meat allergies farther north -- including New York, Maine and Minnesota. "The range of the tick is expanding," says Commins. So is awareness about the red meat allergy it can cause. "We have a blood test, and the word is getting out."Read Replies (0)
By BeauHD from Slashdot's deal-or-no-deal department
An anonymous reader quotes a report from Bloomberg: Jane was working in Amazon's Seattle headquarters when she was asked to a meeting with her manager and a human resources representative. They gave her a document outlining concerns about her work performance and spelled out three choices. She could quit and receive severance pay, spend the next several weeks trying to keep her job by meeting certain performance goals, or square off with her manager in a videoconference version of the Thunderdome, pleading her case with a panel of co-workers while her boss argued against her. Jane, who asked that her real name not be used to discuss a personal matter, chose the last one.
Amazon is borrowing a page from union grievance processes that don't apply to most corporate employees. But only about 30 percent of those who appeal their manager's criticisms prevail, meaning they can keep their jobs or seek new ones within the company with different bosses, according to people familiar with the matter. Eighteen months after its debut, the hearing process has created resentment and raised questions about fairness, according to current and former workers as well as attorneys familiar with their situations. "It's a kangaroo court," says George Tamblyn, a Seattle employment lawyer who helped one former Amazon worker plan her appeal earlier this year. "My impression of the process is it's totally unfair." According to a person familiar with the process, the workers who fail to make their case and get their job back can still choose between severance pay or a performance-improvement plan. The program, called "Pivot," was started last year.
< article continued at Slashdot's deal-or-no-deal department
>Read Replies (0)