By EditorDavid from Slashdot's error-message-1337 department
An anonymous reader quotes Bloomberg:
The websites of Ohio Governor John Kasich and other state government agencies were hacked on Sunday with a posting professing love for the jihadist group Islamic State. Ten state websites and two servers were affected, and they've been taken off line for an investigation with law enforcement into how the hackers were able to deface them, said Tom Hoyt, a spokesman for the Ohio Department of Administrative Services... The same pro-Islamic State message, accompanied by music, were also shown on Sunday on the website of Brookhaven, a town on New York's Long Island about 50 miles (80 kilometers) from Manhattan, the New York Post reported... Ohio Treasurer Josh Mandel, a Republican candidate for the U.S. Senate in 2018, posted on Facebook that the Department of Rehabilitation and Correction website had been hacked and said, "Wake up freedom-loving Americans. Radical Islam infiltrating the heartland."Read Replies (0)
By EditorDavid from Slashdot's wanna-speed? department
Long-time Slashdot reader nri tipped us off to a developing story in Victoria, Australia. Yahoo News reports:
Victoria Police officials announced on Saturday, June 24, they were withdrawing all speed camera infringement notices issued statewide from June 6 after a virus in the cameras turned out to be more widespread than first thought. "That does not mean they [the infringement notices] won't not be re-issued," Assistant Commissioner Doug Fryer told reporters, explaining that he wants to be sure the red light and speed cameras were working correctly. Acting Deputy Commissioner Ross Guenther told reporters on Friday that 55 cameras had been exposed to the ransomware virus, but they've now determined 280 cameras had been exposed. The cameras are not connected to the internet, but a maintenance worker unwittingly connected a USB stick with the virus on it to the camera system on June 6.
Fryer said that about 1643 tickets would be withdrawn -- up from the 590 that police had announced on Friday -- and another five and a half thousand tickets pending in the system would be embargoed. Fryer said he was optimistic the 7500 to 8000 tickets affected could be re-issued, but for now police would not issue new tickets until police had reviewed the cameras to ensure they were functioning properly... The "WannaCry" malware caused the cameras to continually reboot, Fryer said. Fryer said there was no indication the malware had caused inaccurate radar readings, but police were being "over cautious" to maintain public faith in the system.
Last week Victoria's Police Minister was "openly furious" with the private camera operator, saying the group hadn't notified the relevant authorities about the infection.Read Replies (0)
By EditorDavid from Slashdot's Aussie-encryption department
An anonymous reader quotes Ars Technica:
Two top Australian government officials said Sunday that they will push for "thwarting the encryption of terrorist messaging" during an upcoming meeting next week of the so-called "Five Eyes" group of English-speaking nations that routinely share intelligence... According to a statement released by Attorney General George Brandis, and Peter Dutton, the country's top immigration official, Australia will press for new laws, pressure private companies, and urge for a new international data sharing agreement amongst the quintet of countries... "Within a short number of years, effectively, 100 per cent of communications are going to use encryption," Brandis told Australian newspaper The Age recently. "This problem is going to degrade if not destroy our capacity to gather and act upon intelligence unless it's addressed"... Many experts say, however, that any method that would allow the government access even during certain situations would weaken overall security for everyone.
America's former American director of national intelligence recently urged Silicon Valley to "apply that same creativity, innovation to figuring out a way that both the interests of privacy as well as security can be guaranteed." Though he also added, "I don't know what the answer is. I'm not an IT geek, but I just don't think we're in a very good place right now."Read Replies (0)
By EditorDavid from Slashdot's threads-about-HyperThreading department
MojoKid writes: A new flaw has been discovered that impacts Intel 6th and 7th Generation Skylake and Kaby Lake-based processors that support HyperThreading. The issue affects all OS types and is detailed by Intel errata documentation and points out that under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers, as well as their corresponding wider register (e.g. RAX, EAX or AX for AH), may cause unpredictable system behavior, including crashes and potential data loss. The OCaml toolchain community first began investigating processors with these malfunctions back in January and found reports stemming back to at least the first half of 2016. The OCaml team was able pinpoint the issue to Skylake's HyperThreading implementation and notified Intel. While Intel reportedly did not respond directly, it has issued some microcode fixes since then. That's not the end of the story, however, as the microcode fixes need to be implemented into BIOS/UEFI updates as well and it is not clear at this time if all major vendors have included these changes in their latest revisions.Read Replies (0)
By EditorDavid from Slashdot's seeing-you-in-court department
An anonymous reader quotes CNET:
Anthem, the largest health insurance company in the U.S., has agreed to settle a class action lawsuit over a 2015 data breach for a record $115 million, according to lawyers for the plaintiffs. The settlement still has to be approved by US District Court Judge Lucy Koh, who is scheduled to hear the case on August 17 in San Jose, California. And Anthem, which didn't immediately respond to a request for confirmation and comment, isn't admitting any admitting any wrongdoing, according to a statement it made to CyberScoop acknowledging the settlement.
But if approved, it would be the largest data breach settlement in history, according to the plaintiffs' lawyers, who announced the agreement Friday. The funds would be used to provide victims of the data breach at least two years of credit monitoring and to reimburse customers for breach-related expenses. The settlement would also guarantee a certain level of funding for "information security to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls," the plaintiff attorneys said.
The breach compromised data for 80 million people, including their social security numbers, birthdays, street addresses (and email addresses) as well as income data. The $115 million settlement averages out to $1.43 for every person who was affected.Read Replies (0)
By EditorDavid from Slashdot's lost-and-fund department
An anonymous reader writes:
"The price of ethereum crashed as low as 10 cents from around $319 in about a second on the GDAX cryptocurrency exchange on Wednesday," reports CNBC, calling it "a move that is being blamed on a 'multimillion dollar market sell' order... As the price continued to fall, another 800 stop loss orders and margin funding liquidations caused ethereum to trade as low as 10 cents." An executive for the exchange said "Our matching engine operated as intended throughout this event and trading with advanced features like margin always carries inherent risk."
Though some users complained they lost money, the price rebounded to $325 -- and according to a report on one trading site, "one person had an order in for just over 3,800 ethereum if the price fell to 10 cents on the GDAX exchange," reports CNBC. "Theoretically this person would have spent $380 to buy these coins, and when the price shot up above $300 again, the trader would be sitting on over $1 million." Yet the currency exchange announced Friday that they're honoring everyone's gains, while also reimbursing customers who suffered losses. "We view this as an opportunity to demonstrate our long-term commitment to our customers and belief in the future of this industry."Read Replies (0)
By EditorDavid from Slashdot's big-bangs-theory department
An anonymous reader quotes Business Insider:
In more than 90 cities across the US, including New York, microphones placed strategically around high-crime areas pick up the sounds of gunfire and alert police to the shooting's location via dots on a city map... ShotSpotter also sends alerts to apps on cops' phones. "We've gone to the dot and found the casings 11 feet from where the dot was, according to the GPS coordinates," Capt. David Salazar of the Milwaukee Police Dept. told Business Insider. "So it's incredibly helpful. We've saved a lot of people's lives."
When three microphones pick up a gunshot, ShotSpotter figures out where the sound comes from. Human analysts in the Newark, California, headquarters confirm the noise came from a gun (not a firecracker or some other source). The police can then locate the gunshot on a map and investigate the scene. The whole process happens "much faster" than dialing 911, Salazar said, though he wouldn't disclose the exact time.
The company's CEO argues their technology deters crime by demonstrating to bad neighborhoods that police will respond quickly to gunshots. (Although last year Forbes discovered that in 30% to 70% of cases, "police found no evidence of a gunshot when they arrived.") And in a neighborhood where ShotSpotter is installed, one 60-year-old man is already complaining, "I don't like Big Brother being in all my business."Read Replies (0)
By EditorDavid from Slashdot's post-mortems department
troublemaker_23 quotes ITWire:
A developer who worked with the Ubuntu Phone project has outlined the reasons for its failure, painting a picture of confusion, poor communication and lack of technical and marketing foresight. Simon Raffeiner stopped working with the project in mid-2016, about 10 months before Canonical owner Mark Shuttleworth announced that development of the phone and the tablet were being stopped.
Raffeiner says, for example, that "despite so many bugs being present, developers were not concentrating on fixing them, but rather on adding support for more devices." But he says he doesn't regret the time he spent on the project -- though now he spends his free time "traveling the world, taking photographs and creating bad card games, bad comics and bad games."
"Please note that this post does not apply to the UBPorts project, which continues to work on the phone operating system, Unity 8 and other components."Read Replies (0)
By EditorDavid from Slashdot's thinking-globally department
Long-time Slashdot reader quotes Ars Technica:
The Justice Department on Friday petitioned the US Supreme Court to step into an international legal thicket, one that asks whether US search warrants extend to data stored on foreign servers. The US government says it has the legal right, with a valid court warrant, to reach into the world's servers with the assistance of the tech sector, no matter where the data is stored.
The request for Supreme Court intervention concerns a 4-year-old legal battle between Microsoft and the US government over data stored on Dublin, Ireland servers. The US government has a valid warrant for the e-mail as part of a drug investigation. Microsoft balked at the warrant, and convinced a federal appeals court that US law does not apply to foreign data.
According to the article, the U.S. government told the court that national security was at risk.Read Replies (0)
By EditorDavid from Slashdot's three-factor-authentication department
"Attackers that have set up a malicious site can use users' account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications, researchers have demonstrated." Orome1 quotes Help Net Security:
The Password Reset Man in the Middle attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource. Once the user initiates the account registration process by entering their email address, the attacker can use that information to initiate a password reset process on another website that uses that piece of information as the username (e.g. Google, YouTube, Amazon, Twitter, LinkedIn, PayPal, and so on). Every request for input from that site is forwarded to the potential victim, and then his or her answers forwarded back to that particular site.
Interestingly, it can also beat two-factor authentication -- since the targeted user will still input the phone code into the man-in-the-middle site.Read Replies (0)
By EditorDavid from Slashdot's Linus-on-Linux department
Linus Torvalds appeared in a new "fireside chat" with VMware Head of Open Source Dirk Hohndel. An anonymous reader writes:
Linus explained what still surprises him about Linux development. "Code that I thought was stable continually gets improved. There are things we haven't touched for many years, then someone comes along and improves them or makes bug reports in something I thought no one used. We have new hardware, new features that are developed, but after 25 years, we still have old, very basic things that people care about and still improve... Our processes have not only worked for 25 years, we still have a very strong maintainer group... And as these maintainers get older and fatter, we have new people coming in."
Linus also says he's surprised by the widespread popularity of Git. "I expected it to be limited mostly to the kernel -- as it's tailored to what we do... In certain circles, Git is more well known than Linux." And he also shares advice if you want to get started as an open source developer. "I'm not sure my example is the right thing for people to follow. There are a ton of open source projects and, if you are a beginning programmer, find something you're interested in that you can follow for more than just a few weeks... If you can be part of a community and set up patches, it's not just about the coding, but about the social aspect of open source. You make connections and improve yourself as a programmer."
Linus also says that "I really like what I'm doing. I like waking up and having a job that is technically interesting and challenging without being too stressful so I can do it for long stretches; something where I feel I am making a real difference and doing something meaningful not just for me."Read Replies (0)