By EditorDavid from Slashdot's internet-of-poorly-secured-things department
Ars Technica reports on Hajime, a sophisticated "vigilante botnet that infects IoT devices before blackhats can hijack them."
Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as "just a white hat, securing some systems." But unlike the bare-bones functionality found in Mirai, Hajime is a full-featured package that gives the botnet reliability, stealth, and reliance that's largely unparalleled in the IoT landscape...
Hajime doesn't rashly cycle through a preset list of the most commonly used user name-password combinations when trying to hijack a vulnerable device. Instead, it parses information displayed on the login screen to identify the device manufacturer and then tries combinations the manufacturer uses by default... Also, in stark contrast to Mirai and its blackhat botnet competitors, Hajime goes to great lengths to maintain resiliency. It uses a BitTorrent-based peer-to-peer network to issue commands and updates. It also encrypts node-to-node communications. The encryption and decentralized design make Hajime more resistant to takedowns by ISPs and Internet backbone providers.
Pascal Geenens, a researcher at security firm Radware, watched the botnet attempt 14,348 hijacks from 12,000 unique IP addresses around the world, and says "If Hajime is a glimpse into what the future of IoT botnets looks like, I certainly hope the IoT industry gets its act together and starts seriously considering securing existing and new products. If not, our connected hopes and futures might depend on...grey hat vigilantes to purge the threat the hard way."
< article continued at Slashdot's internet-of-poorly-secured-things department
>Read Replies (0)
By EditorDavid from Slashdot's countdown-to-unemployment department
An anonymous reader quotes CNBC:
Robots are likely to replace 50 percent of all jobs in the next decade, according to Kai-Fu Lee, founder of venture capital firm Sinovation Ventures and a top voice on tech in China. Artificial intelligence is the wave of the future, the influential technologist told CNBC, calling it the "singular thing that will be larger than all of human tech revolutions added together, including electricity, [the] industrial revolution, internet, mobile internet -- because AI is pervasive"...
For example, he said, companies in which his firm has invested can accomplish feats such as recognizing 3 million faces at the same time, or dispersing loans in eight seconds. "These are things that are superhuman, and we think this will be in every industry, will probably replace 50% of human jobs, create a huge amount of wealth for mankind and wipe out poverty," Lee said, later adding that he expected that displacement to occur in the next 10 years.Read Replies (0)
By EditorDavid from Slashdot's not-fooling-anyone department
An anonymous reader quote Neowin:
If you've been expecting Microsoft to issue a press release formally announcing the end of its Windows phone business, you're probably hoping for a bit too much. But make no mistake: its phone hardware business is dead. RIP-dead. Send-flowers-dead. Worm-food-dead. Some fans, and even some in the media, have consistently refused to acknowledge this, despite the clear signs in recent quarters. Now, Microsoft's own figures, and its statements regarding its phone division, should make it irrefutably clear that there is no life left in its Windows phone business.
During the quarter ending in December, Microsoft's phone revenue dropped to just $200 million, which included some sales of feature phones, before the company completed its sale of that business unit to Foxconn in November. That figure has now dropped to virtually nothing... Today, as Microsoft published its earnings report for Q3 FY2017, it revealed that its "Phone revenue declined $730 million". Based on its earlier financial disclosures, that means the company's phone hardware revenue fell to just $5 million for the entire quarter ending March 31, 2017. During Microsoft's earnings call today, its chief financial officer, Amy Hood, acknowledged this, stating that there was "no material phone revenue this quarter". The outlook for the next few months is similarly bleak, as Hood predicted "negligible revenue from Phone" in the coming quarter.Read Replies (0)
By EditorDavid from Slashdot's money-for-media department
An anonymous reader writes:
"A hacker (or hacker group) known as The Dark Overlord (TDO) has leaked the first ten episodes of season 5 of the "Orange Is The New Black" show after two failed blackmail attempts, against Larson Studios and Netflix," reports BleepingComputer. The hacker said he stole hundreds of gigabytes of audio files from Larson Studios last December. "TDO claims the studio initially agreed to pay a ransom of 50 Bitcoin ($67,000) by January 31, and the two parties even signed a contract, albeit TDO signed it using the name 'Adolf Hitler.'" This might have been the reason why the company thought this was a joke and didn't pay the ransom as initially agreed.
At this point, the hacker turned from the studio to Netflix, but the company didn't want to pay either. As a warning, the hacker leaked the first episode of season 5, but half a day later, he leaked 9 more. "According to Netflix's website, season 5 is supposed to have 13 episodes and is scheduled for release in June, this year." The hacker also claims he's in possession of shows and movies from other movie studios and television channels, such as FOX, IFC, NAT GEO, and ABC. Some of the titles include "Celebrity Apprentice," "NCIS Los Angeles," "New Girl," and "XXX The return of Xander Cage".Read Replies (0)
By EditorDavid from Slashdot's photos-of-faces department
Images of Tinder users "were swept up in a massive grab of some 40,000 photos from the dating app by a dataset collector who plans to use the selfies in artificial intelligence training," writes Slashdot reader Frosty Piss, sharing this summary of a report in TechCrunch.
Tinder said in a statement that the photo sweeper "violated the terms of our service" and "we are taking appropriate action and investigating further." The creator of the data set, Stuart Colianni, has released it under a CC0: Public Domain License and also uploaded his scraper script to GitHub.
He describes it as a "simple script to scrape Tinder profile photos for the purpose of creating a facial dataset," saying his inspiration for creating the scraper was disappointment working with other facial data sets. He also describes Tinder as offering "near unlimited access to create a facial data set," and says scraping the app offers "an extremely efficient way to collect such data."
The article notes that Tinder's API has already been used for other "weird, wacky, and creepy" projects, including "hacking it to automatically like every potential date to save on thumb-swipes; offering a paid look-up service for people to check up on whether a person they know is using Tinder; and even building a catfishing system to snare horny bros and make them unwittingly flirt with each other.
"So you could argue that anyone creating a profile on Tinder should be prepared for their data to leech outside the community's porous walls in various different ways -- be it as a single screenshot, or via one of the aforementioned API hacks. But the mass harvesting of thousands of Tinder profile photos to act as fodder for feeding AI models does feel like another line is being crossed."Read Replies (0)
By EditorDavid from Slashdot's send-in-the-drones department
The Atlantic's CityLab describes "a massive surge in deliveries to residential dwellings...creating a traffic nightmare." An anonymous reader quotes their report:
While truck traffic currently represents about 7% of urban traffic in American cities, it bears a disproportionate congestion cost of $28 billion, or about 17% of the total U.S. congestion costs, in wasted hours and gas. Cities, struggling to keep up with the deluge of delivery drivers, are seeing their curb space and streets overtaken by double-parked vehicles, to say nothing of the bonus pollution and roadwear produced thanks to a surfeit of Amazon Prime orders... Often, the box trucks will double-park in a two-lane street if there's no loading zone to pull into, snarling traffic behind them... "The streets were not designed for that kind of activity," says Alison Conway, an assistant professor of civil engineering at the City College of New York.
Scott Kubly, director of the Seattle Department of Transportation, says "With the volume of deliveries, ticketing isn't effective for us in terms of managing the street. UPS and FedEx will just negotiate a lump sum payment for all the tickets they get instead of fighting every ticket"... In 2011 in Washington, D.C., UPS alone received just shy of 32,000 tickets. Instead of adjudicating each ticket, many large cities will strike agreements or introduce programs through which delivery companies can pay off all tickets in one swoop.
The article points out online retails sales have grown 15% every year this decade in the U.S. -- calling it the other side of the "retail apocalypse" that's killing brick-and-mortar stores.Read Replies (0)
By EditorDavid from Slashdot's policing-the-internet department
An anonymous reader quotes Sopho's Naked Security blog:
In a column in The West Australian, Dan Tehan, Australia's cybersecurity minister, wrote: "Just as we trust banks to hold our money, just as we trust doctors with our health, in a digital age we need to be able to trust telecommunications companies to protect our information from threats." A companion news article in the same newspaper cited Tehan as arguing that "the onus is on telecommunications companies to develop products to stop their customers being infected with viruses"...
Tehan's government roles include assisting the prime minister on cybersecurity, so folks throughout Australia perked up when he said all this. However, it's not clear if there's an actual plan behind Tehan's observations -- or if there is, whether it will be backed by legal mandates... Back home in Australia, some early reactions to the possibility of any new government interference weren't kind. In iTWire, Sam Varghese said, "Dan Tehan has just provided the country with adequate reasons as to why he should not be allowed anywhere near any post that has anything to do with online security."
The West Australian also reports Australia's prime minister met telecommunications companies this week, "where he delivered the message the Government expected them to do more to shut dodgy sites and scams," saying the government will review current legislation to "remove any roadblocks that may be preventing the private sector and government from delivering such services."Read Replies (0)
By EditorDavid from Slashdot's book-reports department
An anonymous reader quotes CNN:
Sales of consumer ebooks plunged 17% in the U.K. in 2016, according to the Publishers Association. Sales of physical books and journals went up by 7% over the same period, while children's books surged 16%. The same trend is on display in the U.S., where ebook sales declined 18.7% over the first nine months of 2016, according to the Association of American Publishers. Paperback sales were up 7.5% over the same period, and hardback sales increased 4.1%...
Sales of e-readers declined by more than 40% between 2011 and 2016, according to consumer research group Euromonitor International. "E-readers, which was once a promising category, saw its sales peak in 2011. Its success was short-lived, as it spiraled downwards within a year with the entry of tablets," Euromonitor said in a research note.
The article includes an even more interesting statistic: that one-third of adults tried a "digital detox" in 2016, limiting their personal use of electronics. Are any Slashdot readers trying to limit their own screen time -- or reading fewer ebooks?Read Replies (0)
By EditorDavid from Slashdot's OMG-3.5-mbps department
"It's being reported by users from the DSLReports forum that the Puma 6 Intel cable modem variants are highly susceptible to a very low-bandwidth denial-of-service attack," writes Slashdot reader Idisagree. The Register reports:
Effectively, if there's someone you don't like, and they are one of thousands upon thousands of people using a Puma 6-powered home gateway, and you know their public IP address, you can kick them off the internet, we're told... According to one engineer...the flaw would be "trivial" to exploit in the wild, and would effectively render a targeted box useless for the duration of the attack... "It can be exploited remotely, and there is no way to mitigate the issue."
This is particularly frustrating for Puma 6 modem owners because the boxes are pitched as gigabit broadband gateways: the devices can be potentially choked and knocked out simply by receiving traffic that's a fraction of the bandwidth their owners are paying for... The Puma 6 chipset is used in a number of ISP-branded cable modems, including some Xfinity boxes supplied by Comcast in the US and the latest Virgin Media hubs in the UK.
The original submission also notes there's already a class action lawsuit over the performance of cable modems with Intel's Puma 6 chipset, and adds "It would appear the Atom chip was never going to live up to the task it was designed for."Read Replies (0)
By EditorDavid from Slashdot's quarterly-results department
An anonymous reader quotes the Associated Press:The fallout from the YouTube boycott is likely to be felt through the rest of this year. Skittish advertisers have curtailed their spending until they are convinced Google can prevent their brands from appearing next to extremist clips promoting hate and violence... At one point, about 250 advertisers were boycotting YouTube... The list included big-spending marketers such as PepsiCo, Wal-Mart Stores, Starbucks, AT&T, Verizon, Johnson & Johnson, and Volkswagen. It's unclear how many, if any, of those have returned to YouTube since Google promised to hire more human reviewers and upgrade its technology to keep ads away from repugnant videos. Both Verizon and AT&T, two companies that are trying to expand their own digital ad networks to compete with Google, told The Associated Press that they are still boycotting YouTube. FX Networks confirmed that it isn't advertising on YouTube either. Several other boycotting marketers contacted by AP didn't respond.
Thursday CEO Sundar Pichai told analysts that responding to the boycott, Google held "thousands and thousands" of conversations with advertisers, and one analyst now estimates reduced ad spending on YouTube and Google could cost the company $300 million this year alone.Read Replies (0)
By EditorDavid from Slashdot's fall-of-the-machines department
An anonymous reader quotes CNN:
As robots begin to appear on sidewalks and streets, they're being hazed and bullied. Last week, a drunken man allegedly tipped over a 300-pound security robot in Mountain View, California... Knightscope, which makes the robot that was targeted in Mountain View, said it's had three bullying incidents since launching its first prototype robot three years ago. In 2014, a person attempted to tackle a Knightscope robot. Last year in Los Angeles, people attempted to spray paint a Knightscope robot. The robot sensed the paint and sounded an alarm, alerting local security and the company's engineers... the robot's cameras filmed the pranksters' license plate, making it easy to track them down.
The company's security robots are deployed with 17 clients in five states, according to the article, which notes that at best the robots' cameras allow them to "rat out the bullies." But with delivery robots now also hitting the streets in San Francisco and Washington D.C., "the makers of these machines will have to figure out how to protect them from ill-intentioned humans."Read Replies (0)
By EditorDavid from Slashdot's free-Dmitry department
An anonymous reader writes:
"Dmitry Bogatov, Debian developer and Tor node admin, is still being held in a Moscow jail," tweeted the EFF Saturday. IT Wire reports that the 25-year-old math teacher was arrested earlier this month "on suspicion of organizing riots," and is expected to be held in custody until June 8. "The panel investigating the protests claims Bogatov posted several incitory messages on the sysadmin.ru forum; for example, one claim said he was asking people to bring 'bottles, fabric, gasoline, turpentine, foam plastic' to Red Square, according to a post at Hacker News. The messages were sent in the name of one Airat Bashirov and happened to be transmitted through the Tor node that Bogatov was running. The Hacker News post said Bogatov's lawyer had produced surveillance video footage to show that he was elsewhere at the time when the messages were posted.
"After Dmitry's arrest," reports the Free Bogatov site, "Airat Bashirov continue to post messages. News outlets 'Open Russia' and 'Mediazona' even got a chance to speak with him." Earlier this month the Debian GNU/Linux project also posted a message of support, noting Dmitry maintains several packages for command line and system tools, and saying their group "honours his good work and strong dedication to Debian and Free Software... we hope he is back as soon as possible to his endeavours... In the meantime, the Debian Project has taken measures to secure its systems by removing Dmitry's keys in the case that they are compromised."Read Replies (0)
By EditorDavid from Slashdot's judgement-day department
Wired's founding executive editor Kevin Kelly wrote a 5,000-word takedown on "the myth of a superhuman AI," challenging dire warnings from Bill Gates, Stephen Hawking, and Elon Musk about the potential extinction of humanity at the hands of a superintelligent constructs. Slashdot reader mirandakatz calls it an "impeccably argued debunking of this pervasive myth." Kelly writes:
Buried in this scenario of a takeover of superhuman artificial intelligence are five assumptions which, when examined closely, are not based on any evidence...
1.) Artificial intelligence is already getting smarter than us, at an exponential rate.
2.) We'll make AIs into a general purpose intelligence, like our own.
3.) We can make human intelligence in silicon.
4.) Intelligence can be expanded without limit.
5.) Once we have exploding superintelligence it can solve most of our problems...
If the expectation of a superhuman AI takeover is built on five key assumptions that have no basis in evidence, then this idea is more akin to a religious belief -- a myth
Kelly proposes "five heresies" which he says have more evidence to support them -- including the prediction that emulating human intelligence "will be constrained by cost" -- and he likens artificial intelligence to the physical powers of machines. "[W]hile all machines as a class can beat the physical achievements of an individual human...there is no one machine that can beat an average human in everything he or she does."Read Replies (0)