By BeauHD from Slashdot's sooner-or-later department
New submitter Linorgese quotes a report from The Wall Street Journal (Warning: paywalled; alternate source): U.S. authorities are investigating whether Yahoo Inc.'s two massive data breaches should have been reported sooner to investors, according to people familiar with the matter, in what could prove to be a major test in defining when a company is required to disclose a hack. Last month, the Federal Bureau of Investigation said it had begun an investigation into a 2013 data breach that involved more than 1 billion users' accounts. That followed Yahoo's disclosure that a 2014 intrusion involved about 500 million accounts. As part of its investigation, the SEC last month requested documents from Yahoo, the Journal said, citing persons familiar with the situation. The agency has been seeking a model case for cybersecurity rules it issued in 2011, legal experts told the Journal. In a November 2016 SEC filing, Yahoo noted that it was cooperating with the SEC, Federal Trade Commission and other federal, state, and foreign governmental officials and agencies including "a number of State Attorneys General, and the U.S. Attorney's office for the Southern District of New York." When Yahoo reported the 2014 breach it said that evidence linked it to a state-sponsored attacker. It has not announced a suspected responsibility for the larger 2013 intrusion, but the company has said it does not believe the two breaches are linked.Read Replies (0)
By BeauHD from Slashdot's difference-of-opinions department
Over the weekend, the Sundance Film Festival was hacked. "Sundance Film Festival has been subject to a cyberattack, causing network outages that have shut down our box office," said a spokesperson for the festival. "No further information about the attack is available at this time, but our team is working hard to get our system back up and running as soon as possible. All screenings will still take place as planned." According to The Hollywood Reporter, the FBI is now investigating the hack and is working with Sundance officials to identify the culprit. From their report: Although the festival was able to get its ticketing systems back online within an hour of the Saturday breach, multiple other denial-of-service (DDoS) attacks on Sundance's IT infrastructure followed. A DDoS attack works by flooding the bandwidth or resources of a targeted server. A Sundance Film Festival rep offers the following statement: "The FBI is reviewing the case. At this point, we do not have any reason to believe the cyberattack was targeted towards a specific film. No artist or customer information was compromised." At the time of the hack, the festival offered little in the way of explanation of what happened, but hinted that filmmakers at the annual celebration of independent cinema may have been the target. One producer of a Sundance documentary critical of the Russian government believes his film could have played a role in the attack. "There's been speculation that our film may have sparked retribution," Icarus consulting producer Doug Blush tells THR. "It does not paint a flattering picture of [president Vladimir] Putin." Icarus, which made its world premiere at the festival the day before the hack, centers on a Russian doctor who oversaw and then spoke out about Russia's widespread state-sponsored sports doping. The Bryan Fogel-helmed film, which is being pitched to distributors, has played throughout the weekend in Park City at screenings for both press-and-industry and the public. Icarus isn't the only Sundance film that could antagonize the Russian government and Putin. Evgeny Afineevsky's Cries From Syria -- one of several docs tackling the war-torn nation -- also takes a critical look at Putin and Russia's military intervention in Syria. Cries From Syria made its world premiere at Sundance on Sunday, the day after the initial box-office cyberattack.Read Replies (0)
By msmash from Slashdot's behind-the-scene department
Amazon Echo and Google Home were the breakaway hits of the holiday shopping season. But both devices -- and the voice technologies that power them -- have some major hurdles to overcome if they want to keep both consumers and software developers engaged. From a report on Recode: That's one of the big takeaways from a new report that an industry startup, VoiceLabs, released on Monday. For starters, 69 percent of the 7,000-plus Alexa "Skills" -- voice apps, if you will -- have zero or one customer review, signaling low usage. What's more, when developers for Alexa and its competitor, Google Assistant, do get someone to enable a voice app, there's only a 3 percent chance, on average, that the person will be an active user by week 2, according to the report. (There are outliers that have week 2 retention rates of more than 20 percent.) For comparison's sake, Android and iOS apps have average retention rates of 13 percent and 11 percent, respectively, one week after first use. "There are lots of [voice] apps out there, but they are zombie apps," VoiceLabs co-founder Adam Marchick said in an interview.Read Replies (0)
By msmash from Slashdot's the-story-of-their-lives department
A feature report on Bloomberg today illustrates the lives of several Uber drivers, who find shelter in car parking at nights when it's too pricey and tiring to go home. An excerpt from the story: In Chicago, Walter Laquian Howard sleeps most nights at the "Uber Terminal." "I left my job thinking this would work, and it's getting harder and harder," Howard said. "They have to understand that some of us have decided to make this a full-time career." Howard has been parking and sleeping at the 7-Eleven four to five nights a week since March 2015, when he began leasing a car from Uber and needed to work more hours to make his minimum payments. Now that it's gotten cold, he wakes up every three hours to turn on the heater. He's rarely alone. Most nights, two to three other ride-hailing drivers sleep in cars parked next to his. It's safe, he said, and the employees let the drivers use the restroom. Howard has gotten to know the convenience store's staff -- Daddy-O and Uncle Mike -- over the past two years while driving for this global ride-hailing gargantuan, valued at $69 billion. "These guys have become my extended family," said Howard, 53. "It's my second home. We have this joke that I'm the resident. I keep asking them: 'Hey, did my mail come in yet?'"Read Replies (0)
By msmash from Slashdot's security-woes department
The popular Pattern Lock system used to secure millions of Android phones can be cracked within just five attempts -- and more complicated patterns are the easiest to crack, security experts reveal. From a research paper: Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 percent of Android device owners. In order to access a device's functions and content, users must first draw a pattern on an on-screen grid of dots. If this matches the pattern set by the owner then the device can be used. However, users only have five attempts to get the pattern right before the device becomes locked. New research from Lancaster University, Northwest University in China, and the University of Bath, which benefitted from funding from the Engineering and Physical Sciences Research Council (EPSRC), shows for the first time that attackers can crack Pattern Lock reliably within five attempts by using video and computer vision algorithm software. By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy cafe; for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner's fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.Read Replies (0)
By msmash from Slashdot's mystery-solved department
From a report on CNET: During a press conference Sunday, Samsung said two separate battery defects caused both the original batch of Galaxy Note 7 phones and the replacement units to overheat. The first battery, it said, suffered from a design flaw. The battery's external casing was too small for the components inside, causing it to short-circuit and ignite. The second battery, which came from another supplier, didn't have the same flaw, Justin Denison, head of product strategy and marketing for Samsung's US arm, said in an interview ahead of the press conference. In the rush to pump out enough batteries for the replacement units, though, the supplier introduced a manufacturing defect that led to the same result, he said. The explanation puts to rest the mystery behind the exploding Note 7, but it kicks off a new challenge for the embattled company: winning back your trust after a disastrous several months that included two recalls and the decision to kill the critically acclaimed phone. The Sunday press conference marked the start of a Samsung campaign to rebuild company credibility, which will include the upcoming launch of the flagship Galaxy S8 phone, as well as another Note later in the year.Read Replies (0)
By EditorDavid from Slashdot's bad-news-for-Nigeria department
The head of the FTC says Western Union "facilitated scammers and rip-offs," while the company "looked the other way." An anonymous reader quotes Reuters:
The world's biggest money-transfer company agreed to pay $586 million and admitted to turning a blind eye as criminals used its service for money laundering and fraud, U.S. authorities said on Thursday. Western Union, which has over half a million locations in more than 200 countries, admitted "to aiding and abetting wire fraud" by allowing scammers to process transactions, even when the company realized its agents were helping scammers avoid detection, the U.S. Department of Justice and the Federal Trade Commission said in statements...
Fraudsters offering fake prizes and job opportunities swindled tens of thousands of U.S. consumers, giving Western Union agents a cut in return for processing the payments, authorities said. Between 2004 and 2012, the Colorado-based company knew of fraudulent transactions but failed to take steps that would have resulted in disciplining of 2,000 agents, authorities said... Between 2004 and 2015 Western Union collected 550,928 complaints about fraud, with 80 percent of them coming from the United States where it has some 50,000 locations, the government complaint said. The average consumer complaint was for $1,148, the government said.
Reuters seemed to suggest that nearly one out of every thousand transactions was fraudulent, reporting that Western Union "said consumer fraud accounts for less than one-tenth of 1 percent of consumer-to-consumer transactions."Read Replies (0)
By EditorDavid from Slashdot's if-it-ain't-OEM,-don't-fix-it department
Automakers are using the Digital Millennium Copyright Act to shut down tools used by car mechanics -- but three states are trying to stop them.
An anonymous reader quotes IFixIt.Org:
in 2014, Ford sued Autel for making a tool that diagnoses car trouble and tells you what part fixes it. Autel decrypted a list of Ford car parts, which wound up in their diagnostic tool. Ford claimed that the parts list was protected under copyright (even though data isn't creative work) -- and cracking the encryption violated the DMCA. The case is still making its way through the courts. But this much is clear: Ford didn't like Autel's competing tool, and they don't mind wielding the DMCA to shut the company down...
Thankfully, voters are stepping up to protect American jobs. Just last week, at the behest of constituents, three states -- Nebraska, Minnesota, and New York -- introduced Right to Repair legislation (more states will follow). These 'Fair Repair' laws would require manufacturers to provide service information and sell repair parts to owners and independent repair shops.
Activist groups like the EFF and Repair.org want to "ensure that repair people aren't marked as criminals under the DMCA," according to the site, arguing that we're heading towards a future with many more gadgets to fix. "But we'll have to fix copyright law first."Read Replies (0)
By EditorDavid from Slashdot's what-a-concept department
C++ creator Bjarne Stroustrup is arguing that we can improve code by grounding generic programming in concepts -- what's required by a template's arguments. An anonymous reader quotes Paul Krill's report on a new paper by Stroustrup:
In concepts, Stroustrup sees the solution to the interface specification problem that has long dogged C++, the language he founded more than 35 years ago. "The way we write generic code today is simply too different from the way we write other code," Stroustrup says... Currently an ISO technical specification, concepts provide well-specified interfaces to templates without runtime overhead. Concepts, Stroustrup writes, are intended to complete C++'s support for generic programming as initially envisioned. "The purpose of concepts is to fundamentally simplify and improve design. This leads to fewer bugs and clearer -- often shorter -- code"...
Concepts, Stroustrup believes, will greatly ease engineers' ability to write efficient, reliable C++ code... The most obvious effect will be a massive improvement in the quality of error messages, but the most important long-term effect will be found in the flexibility and clarity of code, Stroustrup says. "In particular, having well-specified interfaces allows for simple, general and zero-overhead overloading of templates. That simplifies much generic code"
Concepts are already available in GNU C Compiler 6.2, and Stroustrup wants them to be included in C++ 20. "In my opinion, concepts should have been part of C++ 17, but the committee couldn't reach consensus on that."Read Replies (0)