By msmash from Slashdot's closer-look department
Delta Air Lines and Sears Holding on Thursday disclosed a data breach that may have exposed the payment card details of hundreds of thousands of online customers. From a report: The breach originated at a software vendor called 7, which provides Sears, Delta, and other businesses with online chat services. Less than 100,000 Sears customers were supposedly impacted, according to Sears. A Delta spokesperson said hundreds of thousands of travelers are potentially exposed. Gizmodo has learned the breach was the result of a malware attack, and that the unauthorized access involved payment card numbers, CVV numbers, and expiration dates, in addition to customers' names and addresses. In a statement, 7 said the breach occurred on September 27th of last year and was contained roughly two weeks later. In a statement, Sears said it was first notified about the breach in mid-March. Credit card companies have been notified, and law enforcement is likewise investigating the incident. "Customers using a Sears-branded credit card were not impacted," Sears said. "In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible."Read Replies (0)
By msmash from Slashdot's catch-22 department
Microsoft outlined a new intellectual-property policy on Thursday for co-developed technology that embraces open source and seeks to assure customers it won't run off with their innovations. From a report: The shared innovation principles build on its Azure IP Advantage program for helping customers combat patent trolls. The new principles for co-developed innovation cover ownership of existing technology, customer ownership of new patents, support for open source, licensing new IP back to Microsoft, software portability, transparency, and learning. Microsoft president Brad Smith says the principles aim to assuage customers' fears that Microsoft may end up using co-developed technology to rival them. [...] In return, Microsoft gets to license back any of the patents in the new technology but promises to limit their use to improving its own platform technologies, such as Azure, Azure AI services, Office 365, Windows, Xbox, and HoloLens. It also reserves the right to use "code and tools developed by or on behalf of Microsoft that are intended to provide technical assistance to customers in their respective businesses."Read Replies (0)
By msmash from Slashdot's closer-look department
Taylor Lorenz, writing for The Daily Beast: There is a notion among older people that teens, with their smartphones and unlimited internet access, never experience boredom. CNN and other media outlets have repeatedly declared that smartphones have killed boredom as we know it. But today's teens are still bored, often incredibly so. They're just more likely to experience a new type of boredom: phone bored. As members of what has been dubbed "Generation Z," a cohort that spans those born roughly between the years 1998 and 2010, today's teens and tweens have had unparalleled access to technology. Many have had smartphones since elementary, if not middle school. They've grown up with high-speed internet, laptops, and social media. It's tempting to think that these devices, with their endless ability to stimulate, offer salvation from the type of mind-numbing boredom that is so core to the teen experience. But humans adapt to the conditions that surround them, and technical advances are no different. What seemed novel to one generation feels passe to the next. To many teens, smartphones and the internet have already lost their appeal.Read Replies (0)
By BeauHD from Slashdot's dirty-hacks department
An anonymous reader quotes a report from ZDNet: Cloudflare's new speed and privacy enhancing domain name system (DNS) servers, launched on Sunday, are also part of an experiment being conducted in partnership with the Asia Pacific Network Information Center (APNIC). The experiment aims to understand how DNS can be improved in terms of performance, security, and privacy. "We are now critically reliant on the integrity of the DNS, yet the details of the way it operates still remains largely opaque," wrote APNIC's chief scientist Geoff Huston in a blog post. "We are aware that the DNS has been used to generate malicious denial of service attacks, and we are keen to understand if there are simple and widely deployable measures that can be taken to mitigate such attacks. The DNS relies on caching to operate efficiently and quickly, but we are still unsure as to how well caching actually performs. We are also unclear how much of the DNS is related to end user or application requirements for name resolution, and how much is related to the DNS chattering to itself."
The Cloudflare-APNIC experiment uses two IPv4 address ranges, 1.1.1/24 and 1.0.0/24, which have been reserved for research use. Cloudflare's new DNS uses two addresses within those ranges, 18.104.22.168 and 22.214.171.124. These address ranges were originally configured as "dark traffic addresses", and some years ago APNIC partnered with Google to analyze the unsolicited traffic directed at them. There was a lot of it. "Our initial work with it certainly showed it to be an unusually strong attractor for bad traffic. At the time we stopped doing it with Google, it was over 50 gigabits per second. Quite frankly, few folk can handle that much noise," Huston told ZDNet on Wednesday. By putting Cloudflare's DNS on these research addresses, APNIC gets to see the noise as well as the DNS traffic -- or at least "a certain factored amount" of it -- for research purposes.Read Replies (0)
By BeauHD from Slashdot's show-and-tell department
An anonymous reader shares a report from Quartz, written by Estonian e-Resident April Rinne: In 2014, Estonia, a country previously known as much for its national singing revolution as anything else, became the first country in the world to launch an e-Residency program. Once admitted, e-Residents can conduct business worldwide as if they were from Estonia, which is a member of the EU. They are given government-issued digital IDs, can open Estonian bank and securities accounts, form and register Estonian companies, and have a front-row seat as nascent concepts of digital and virtual citizenship evolve. There is no requirement to have a physical presence in Estonia. [...] Three years in, what I find most incredible about e-Residency is that it actually works.
< article continued at Slashdot's show-and-tell department
>Read Replies (0)
By BeauHD from Slashdot's big-step-forward department
In a blog post today, Microsoft said that it has created what it believes is the "first technological breakthrough" toward making conversations with chatbots more like speaking to another person. Windows Central reports: Microsoft says that it has figured out how to make chatbots talk and listen at the same time, allowing them to operate in "full duplex," to use telecommunications jargon. The company says this allows chatbots or assistants to have a flowing conversation with humans, much more akin to how people talk to one another. That stands in contrast to how digital assistants and bots currently work, where only one side can talk at any given time. The technology is already up and running in Xiaolce, Microsoft's AI chatbot currently operating in China. Using "full duplex voice sense," as Microsoft calls it, Xiaolce can more quickly predict what the person it is speaking to will say. "That helps her make decisions about both how and when to respond to someone who is chatting with her, a skill set that is very natural to people but not yet common in chatbots," Microsoft says. Another bonus of the breakthrough is that people interacting with chatbots don't have to use a "wake word" every time they speak during a conversation.Read Replies (0)
By BeauHD from Slashdot's privacy-matters department
shanen writes: Due to the recent kerfuffles, I decided to try again to see what Google had on me. This time I succeeded and failed, in contrast to the previous pure failures. Yes, I did find Google's takeout website and downloaded all of "my data," but no, it means nothing to me. Here are a few sub-questions I couldn't answer: 1. Much more data than I ever created, so where did the rest come from? 2. How does the data relate to the characteristic vector that Google uses to characterize me? 3. What tools do Googlers use to make sense of the data? Lots more questions, but those are the ones that are most bugging me right now. Question 2. is probably heaviest among them, since I've read that the vector has 700 dimensions... So do you have any answers? Or better questions? Or your own takeout experiences to share?
Oh yeah, one more thing. Based on my own troubled experience with the download process, it is clear that Google doesn't really want us to download the so-called "our own" data. My Question 4. is now: "What is Google hiding about me from me?"Read Replies (0)
By BeauHD from Slashdot's stuck-in-purgatory department
Since the recent Cambridge Analytica data privacy scandal, Facebook has been rolling out more security and data privacy updates. "Today, however, the company announced sweeping changes to many of its most prominent APIs, restricting develop access in a number of crucial ways," reports The Verge. "Soon after, Tinder users started noting on Twitter that they had been kicked off the dating app and couldn't log back on, as those who used Facebook Login were caught in an infinite loop that appears to be related to an unknown bug." From the report: The app has been bringing up an error message to booted users, titled Facebook Permissions, stating that users need to provide more Facebook permissions in order to create or use a Tinder account. If users tap "Ask me," which is the only given option, the app requests they log into Facebook once more and the loop starts again. Roderick Hsiao, a senior software engineer at Tinder, tweeted that users could still access the service through its web browser while engineers worked on fixing the mobile client.Read Replies (0)
By BeauHD from Slashdot's not-expected department
An anonymous reader quotes a report from Ars Technica: CenturyLink is trying to force customers into arbitration in order to avoid a class-action lawsuit from subscribers who say they've been charged for services they didn't order. To do so, CenturyLink has come up with a surprising argument -- the company says it doesn't have any customers. While the customers sued CenturyLink itself, the company says the customers weren't actually customers of CenturyLink. Instead, CenturyLink says they were customers of 10 subsidiaries spread through the country. CenturyLink basically doesn't exist as a service provider -- according to a brief CenturyLink filed Monday.
"That sole defendant, CenturyLink, Inc., is a parent holding company that has no customers, provides no services, and engaged in none of the acts or transactions about which Plaintiffs complain," CenturyLink wrote. "There is no valid basis for Defendant to be a party in this Proceeding: Plaintiffs contracted with the Operating Companies to purchase, use, and pay for the services at issue, not with CenturyLink, Inc." CenturyLink says those operating companies should be able to intervene in the case and "enforce class-action waivers," which would force the customers to pursue their claims via arbitration instead of in a class-action lawsuit. By suing CenturyLink instead of the subsidiaries, "it may be that Plaintiffs are hoping to avoid the arbitration and class-action waiver provisions," CenturyLink wrote.Read Replies (0)