By BeauHD from Slashdot's area-code department
Trailrunner7 quotes a report from On the Wire: A security researcher has discovered a method that would have enabled fraudsters to steal thousands of dollars from Facebook, Microsoft, and Google by linking premium-rate numbers to various accounts as part of the two-step verification process. Arne Swinnen discovered the issue several months ago after looking at the way that several of these companies's services set up their two-step verification procedures. Facebook uses two-step verification for some of its services, including Instagram, and Google and Microsoft also employ it for some of their user accounts. Swinnen realized that the companies made a mistake in not checking to see whether the numbers that users supply as contact points are legitimate. "They all offer services to supply users with a token via a computer-voiced phone call, but neglected to properly verify whether supplied phone numbers were legitimate, non-premium numbers. This allowed a dedicated attacker to steal thousands of EUR/USD/GBP," Swinnen said in a post explaining the bug. "For services such as Instagram and Gmail, users can associate a phone number with their accounts," reports On the Wire. "In the case of Instagram, users can find other people by their phone number, and when a user adds a number, Instagram will send a text to verify the number. If the user never enters the code included in the text, Instagram will eventually call the number. Swinnen noticed that Instagramâ(TM)s robocallers would call any number supplied, including premium-rate numbers. 'One attacker could thus steal 1 GBP per 30 minutes, or 48 GBP/day, 1.440 GBP/month or 17.280/year with one pair. However, a dedicated attacker could easily setup and manage 100 of these pairs, increasing these numbers by a factor 100: 4.800 GBP/day, 144.000 GBP/month or 1.728.000 GBP/year.'"Read Replies (0)
By manishs from Slashdot's what's-real-anymore department
An article on Motherboard today investigates the reasons why people didn't go "oh-my-god, that was awesome" looking at the CGI-based scenes in the recent movies such as Independence Day: Resurgence, Batman v Superman and X-Men: Apocalypse. Though the article acknowledges that this could be the result of some poor-acting, spotty storyline, or bad editing, it also underscores the possibility that this could be the aftermath of a "deeper mechanism that is draining all substance from our cinematic imaginary worlds?" The author of the article, Riccardo Manzotti to make his case stronger adds that the original Alien movie was able to impress us because what we saw was strongly linked to actual life. From the article: The humongous spaceship Nostromo -- a miniature model -- provoked awe and respect. When the creature erupted from Kane's abdomen -- a plaster model encased in fake blood and animal entrails -- people were horrified. The shock was registered on the faces of the actors, who, per James Cameron's direction, weren't told ahead of time that the moment would include a giant splatter of blood. "That's why their looks of disgust and horror are so real," producer and co-writer David Giler said. Manzotti further argues that some of the modern movies haven't left us awe-inspired because there is just too much CGI content. Compared to 430 computerized shots in the original Independence Day movie, for instance, the new one has 1,750 digitized shots. "People have been looking at pixels for much too long," the author argues, adding: Our imaginary world has been diluted and diluted to the point that, so to speak, there is no longer even a stain of real blood, love, and pain. Nowadays, when spectators see blood, they see pixels. [...] VR and augmented reality and the steady pace of CGI have pushed the process of substitution of reality to a higher level. At least, movies were once made using real stunts and real objects. Now, the actual world is no longer needed. The actual world, which is the good money, is no longer required. The virtual world, the bad money, is taking over. Yet, it lacks substance. The author makes several more compelling arguments, that are worth mulling.Read Replies (0)
By BeauHD from Slashdot's are-your-battle-stations department
An anonymous reader writes from a report via CNBC: The Republican National Convention will be a popular target for cyberattacks. An official in charge of securing the network has said the RNC already had to fend off a wave of cyberattacks before the convention opened. Many more attacks are expected throughout the convention ranging from "nation-states hunting for intelligence or protesters trying to disrupt the network at the convention," said the consulting chief information officer for the RNC, Max Everett. Donald Trump's campaign appears to only fuel attackers, security experts said. The convention opens Monday afternoon and will attract roughly 50,000 people in addition to a global audience watching from afar. "A successful attack could impact physical security on the ground, for example, by taking connected security scanners offline. It could also affect online activity, for example, by hijacking the livestream and derailing the GOP's message," reports CNBC. The Secret Service has designated the conventions "national special security events." Everett and his team of 70 IT specialists will be using Microsoft and ForeScout software to monitor the network in real time, working with ATT and Cisco on securing external access to the network and a firm called Dark Cubed to share real-time threat information among the firms trying to defend against cyberattacks.Read Replies (0)
By manishs from Slashdot's squashing-bugs,-bringing-happiness department
In May, Vellum's James shared an ordeal that many people were able to relate to. Apple Music had deleted music files from his computer. It's an issue that many of us have faced over the years. At the time, Apple noted that it didn't actually know what was causing this. But it appears, it has finally figured out the issue and patched it. Jim Dalrymple, reporting for The Loop: One of the biggest complaints about Apple Music over the past year was that it wouldn't properly match songs subscribers had in their existing iTunes libraries. That problem is being fixed by Apple. Apple has been quietly rolling out iTunes Match audio fingerprint to all Apple Music subscribers. Previously Apple was using a less accurate metadata version of iTunes Match on Apple Music, which wouldn't always match the correct version of a particular song. We've all seen the stories of a live version of a song being replaced by a studio version, etc. Using iTunes Match with audio fingerprint, those problems should be a thing of the past. If you had songs that were matched incorrectly using the metadata version of iTunes Match, the new version will rematch to the correct song. However, it will not delete any downloaded copies of songs you have in your library. This is a very good thing -- we don't want songs auto-deleting from our libraries.Read Replies (0)
By manishs from Slashdot's security-woes department
Reader Orome1 writes: Some account options deployed by Instagram, Google and Microsoft can be misused to steal money from the companies by making them place phone calls to premium rate numbers, security researcher Arne Swinnen has demonstrated. Swinnen calculated that, in theory, these options would allow an attacker to milk over 2 million euro per year from Instagram, 432,000 euro per year from Google, and nearly 700,000 euro from Microsoft by using a slew of fake accounts, multiple premium numbers, and different tools and approaches to automate the process.Read Replies (0)
By manishs from Slashdot's big-money department
SoftBank has agreed to acquire British chip designer ARM Holdings for $32 billion in cash. The purchase will give Japan's multinational telecommunications and Internet corporation a slice of virtually every mobile computing gadget on the planet and future connected devices in the home. ARM, unlike Intel, doesn't manufacture chips, but licenses the design for it. ARM customers shipped roughly 15 billion products with ARM chips inside in 2015. This also marks the first large-scale, cross-border transaction in Britain since it voted to exit the European Union last month. "I have admired this company for over ten years," SoftBank Chief Executive Officer Masayoshi Son told reporters at a press conference in London on Monday. "This is an endorsement into the view of the future of the U.K." ARM assumes the tentpole position in chips for mobile devices. It was one of the first companies to aggressively focus on mobile devices while other semiconductor companies were ramping up their efforts on desktops. SoftBank, which is based in Tokyo has become one of the most acquisitive companies in the recent years. It heavily invests in technology, media, and telecommunications companies. ARM could provide an additional boost to SoftBank's mobile strategy. SoftBank, for instance, also owns about 83 percent of the American wireless operator Sprint. Hermann Hauser, one of ARM's founders, said, "ARM is the proudest achievement of my life. The proposed sale to SoftBank is a sad day for me and for technology in Britain." BBC's Rory Cellan-Jones asked, "Question -- if ARM goes, what's left as a worldbeating UK-owned tech player?"Read Replies (0)
By EditorDavid from Slashdot's pretend-you're-Larry-Wall department
I thought it'd be fun to ask Slashdot readers one of the same questions we asked Larry Wall: What's your computer set-up look like? Slashdot reader LichtSpektren had asked:
Can you give us a glimpse into what your main work computer looks like? What's the hardware and OS, your preferred editor and browser, and any crucial software you want to give a shout-out to?
Larry Wall is running Linux Mint (Cinnamon edition), and he surfs the web with Firefox (and Chrome on his phone) -- "but I'm not a browser wonk. Maybe I'll have more opinions on that after our JS backend is done for Perl 6..." And for a text editor, he's currently ensconced in the vi/vim camp, though "I've used lots of them, so I have no strong religious feelings."
So leave your answers in the comments. What's your OS, hardware, preferred editor, browser, "and any crucial software you want to give a shout-out to?" What does your computer set-up look like?Read Replies (0)
By EditorDavid from Slashdot's hack-me-if-you-can department
An anonymous Slashdot reader writes: "A bunch of computers will try to hack each other in Vegas for a $2 million prize," reports Tech Insider calling it a "historic battle" that will coincide with "two of the biggest hacking conferences, Blackhat USA and DEFCON". DARPA will supply seven teams with a supercomputer. Their challenge? Create an autonomous A.I. system that can "hunt for security vulnerabilities that hackers can exploit to attack a computer, create a fix that patches that vulnerability and distribute that patch -- all without any human interference."
"The idea here is to start a technology revolution," said Mike Walker, DARPA's manager for the Cyber Grand Challenge contest. Yahoo Tech notes that it takes an average of 312 days before security vulnerabilities are discovered -- and 24 days to patch it. "if all goes well, the CGC could mean a future where you don't have to worry about viruses or hackers attacking your computer, smartphone or your other connected devices. At a national level, this technology could help prevent large-scale attacks against things like power plants, water supplies and air-traffic infrastructure.
It's being billed as "the world's first all-machine hacking tournament," with a prize of $2 million for the winner, while the second and third place tem will win $1 million and $750,000.Read Replies (0)