By BeauHD from Slashdot's security-disasters department
An anonymous reader quotes a report from The Hacker News: Swedish media is reporting of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled an outsourcing deal with IBM, which led to the leak of the private data about every vehicle in the country, including those used by both police and military. The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military's most secretive units, police suspects, people under the witness relocation program, the weight capacity of all roads and bridges, and much more. The incident is believed to be one of the worst government information security disasters ever.
In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks. However, the Swedish Transport Agency uploaded IBM's entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs. The transport agency then emailed the entire database in messages to marketers that subscribe to it. And what's terrible is that the messages were sent in clear text. When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.Read Replies (0)
By msmash from Slashdot's growing-tension department
Snopes.com, which began as a small one-person effort in 1994 and has since become one of the Internet's oldest and most popular fact-checking sites, is in danger of closing its doors. From a report: Since our inception, we have always been a self-sustaining site that provides a free service to the online world: we've had no sponsors, no outside investors or funding, and no source of revenue other than that provided by online advertising. Unfortunately, we have been cut off from our historic source of advertising income. We had previously contracted with an outside vendor to provide certain services for Snopes.com. That contractual relationship ended earlier this year, but the vendor will not acknowledge the change in contractual status and continues to essentially hold the Snopes.com web site hostage. Although we maintain editorial control (for now), the vendor will not relinquish the site's hosting to our control, so we cannot modify the site, develop it, or -- most crucially -- place advertising on it. The vendor continues to insert their own ads and has been withholding the advertising revenue from us. Our legal team is fighting hard for us, but, having been cut off from all revenue, we are facing the prospect of having no financial means to continue operating the site and paying our staff (not to mention covering our legal fees) in the meanwhile.Read Replies (0)
By msmash from Slashdot's where-things-are-headed department
David Pierce, writing for Wired: Push notifications are ruining my life. Yours too, I bet. Download more than a few apps and the notifications become a non-stop, cacophonous waterfall of nonsense. Here's just part of an afternoon on my phone:
"Hi David! We found new Crown jewels and Bottle caps Pins for you!"
"Everyone's talking about Bill Nye's new book, Everything All at Once. Read a free sample."
"Alex just posted for the first time in a while."
I get notifications when an acquaintance comments on a stranger's Facebook posts, when shows I don't care about come to Netflix, and every single day at 6 PM when the crossword puzzle becomes available. Recently, I got a buzz from my close personal friends at Yelp. "We found a hot new business for you," it said. I opened the notification, on the off chance that Yelp had finally found the hot new business I've been waiting for. It did not. So I closed Yelp, stared into space for a second, and then opened Instagram. Productivity over. Over the last few years, there's been an increasingly loud call for a re-evaluation of the relationship between humans and smartphones. For all the good that phones do, their grip on our eyes, ears, and thoughts creates real and serious problems. "I know when I take [technology] away from my kids what happens," Tony Fadell, a former senior VP at Apple who helped invent both the iPod and the iPhone, said in a recent interview. "They literally feel like you're tearing a piece of their person away from them. They get emotional about it, very emotional. They go through withdrawal for two to three days." Smartphones aren't the problem. It's all the buzzing and dinging, endlessly calling for your attention.Read Replies (0)
By msmash from Slashdot's what's-happening department
Unemployment in Britain is now just 4.5 percent. There are only 1.49 million unemployed people in the UK, versus 32 million people with jobs. This is almost unheard of. Unemployment was most recently this low in December 1973, when the UK set an unrepeated record of just 3.4 percent. From a report: The problem with this record is that the statistical definition of "unemployment" relies on a fiction that economists tell themselves about the nature of work. As the rate gets lower and lower, it tests that lie. Because -- as anyone who has studied basic economics knows -- the official definition of unemployment disguises the true rate. In reality, about 21.5 percent of all working-age people (defined as ages 16 to 64) are without jobs, or 8.83 million people, according to the Office for National Statistics. That's more than four times the official number. For decades, economists have agreed on an artificial definition of what unemployment means. Their argument is that people who are taking time off, or have given up looking for work, or work at home to look after their family, don't count as part of the workforce.Read Replies (0)
By msmash from Slashdot's security-woes department
An anonymous reader shares a report: A mysterious piece of malware has been infecting hundreds of Mac computers for years -- and no one noticed until a few months ago. The malware is called "FruitFly," and one of its variants, "FruitFly 2" has infected at least 400 victims over the years. FruitFly 2 is intriguing and mysterious: its goals, who's behind it, and how it infects victims, are all unknown. Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as "unique" and "intriguing." It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as "FruitFly." This first strain had researchers scratching their heads. On the surface, the malware seemed "simplistic." It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely, it went undetected since at least 2015. There was no indication of who could be behind it, and it contained "ancient" functions and "rudimentary" remote control capabilities, Malwarebytes's Thomas Reed wrote at the time.Read Replies (0)
By msmash from Slashdot's embracing-technology department
An anonymous reader shares a report: In 2015, Monocle magazine, a favorite read of the global hipsterati, published an enthusiastic report on Lawrenceville, the former blue-collar neighborhood here filled with cafes, hyped restaurants and brick rowhouses being renovated by flippers. Last year, in a much-publicized development, Uber began testing self-driving cars on the streets, putting this city at the forefront of the autonomous-vehicle revolution. Also last year, in a less publicized development, Jean Yang, 30, returned to this city after more than a decade of living in Boston, finding a Pittsburgh she hardly recognized from her 1990s childhood. And four months ago, Caesar Wirth, a 28-year-old software engineer, moved from Tokyo to work for a local tech start-up, Duolingo. These seemingly unrelated events have one thing in common: Carnegie Mellon University's School of Computer Science. Much has been made of the "food boom" in Pittsburgh, and the city has long had a thriving arts scene. But perhaps the secret, underlying driver for both the economy and the cool factor -- the reason Pittsburgh now gets mentioned alongside Brooklyn and Portland, Ore., as an urban hot spot for millennials -- isn't chefs or artists but geeks. In a 2014 article in The Pittsburgh Post-Gazette, Mayor Bill Peduto compared Carnegie Mellon, along with the University of Pittsburgh, to the iron ore factories that made this city an industrial power in the 19th century. The schools are the local resource "churning out that talent" from which the city is fueled. Because of the top students and research professors at Carnegie Mellon, tech companies like Apple, Facebook, Google and Uber have opened offices here. The big tech firms, along with their highly skilled, highly paid workers, have made Pittsburgh younger and more international and helped to transform once-derelict neighborhoods like Lawrenceville and East Liberty. Indeed, East Liberty has become something of a tech hub, said Luis von Ahn, the co-founder and chief executive of Duolingo, a language-learning platform company with its headquarters in that neighborhood. Google Pittsburgh, with its more than 500 employees, also has part of its offices in East Liberty, as does AlphaLab, a start-up accelerator.Read Replies (0)
By msmash from Slashdot's duh department
Reader OneHundredAndTen writes and shares a report: Systemd doing what it does best. From a report on The Register: A few Penguinistas spent a weekend working out why they can't get through to Netflix from their Linux machines, because when they tried, their DNS lookups failed. The issue emerged over the weekend, when Gentoo user Dennis Schridde submitted a bug report to the Systemd project. Essentially, he described a failure within systemd-resolve, a Systemd component that turns human-readable domain names into IP addresses for software, like web browsers, to connect to. The Systemd resolver couldn't look up Netflix's servers for Schridde's web browser, according to the report. In his detailed post, Schridde said he expected this to happen: ipv6_1-cxl0-c088.1.lhr004.ix.nflxvideo.net gets resolved to 126.96.36.199 or 2a00:86c0:5:5::142. When in reality, that wasn't happening, so Netflix couldn't be reached on his box. His speculation that libidn2, which adds internationalised domain names support to the resolver, was at fault turned out to be accurate. Rebuilding Systemd without that library cleared the problem.Read Replies (0)
By msmash from Slashdot's not-a-feature department
Adrianne Jeffries, reporting for The Outline: Is a $4 million venture capital-funded startup stealthily taking over popular coding tools and injecting ads and spyware into them? That's what some programmers fear may be happening. It is one of the most troubling scandals to hit the open-source community -- a robust network of programmers who work on shared tools for free -- in recent memory. It started back in April, when a programmer noticed a strange change to an open-source tool called Minimap. Minimap has had more than 3.5 million downloads, but like many open-source tools, it was maintained by a single person who no one knew much about other than their username: @abe33. At some point, @abe33, whose real name is Cedric Nehemie, was hired by Kite. Kite was started by Adam Smith, a successful tech entrepreneur who raised funding from a slew of big names including the CEO of Dropbox and the creator of WordPress. It is unclear what Kite's business model is, but it says it uses machine-learning techniques to make coding tools. Its tools are not open source. After being hired by Kite, @abe33 made an update to Minimap. The update was titled "Implement Kite promotion," and it appeared to look at a user's code and insert links to related pages on Kite's website. Kite called this a useful feature. Programmers said it was not useful and was therefore just an ad for an unrelated service, something many programmers would consider a violation of the open-source spirit. "It's not a feature, it's advertising -- and people don't want it, you want it," wrote user @p-e-w. "The least you can do is own up to that." "I have to wonder if your goal was to upset enough people that you'd generate real attention on various news sites and get Kite a ton of free publicity before your next funding round," @DevOpsJohn wrote. "That's the only sane explanation I can find for suddenly dropping ads into the core of one of the oldest and most useful Atom plugins." [...] Although Kite has no business model yet, it's widely thought in Silicon Valley that having users is the first step toward profitability. Adding users potentially benefits the company in another way, by giving it access to precious data. Kite says it uses machine learning tactics to make the best coding helper tools possible. In order to do that, it needs tons of data to learn from. The more code it can look at, the better its autocomplete suggestions will get, for example.Read Replies (0)
By msmash from Slashdot's end-of-road department
Microsoft's next Windows 10 update, called the Fall Creators Update, will bring a variety of new features. But one long-standing stalwart of the Windows experience has been put on the chopping block: Microsoft Paint. From a report: First released with the very first version of Windows 1.0 in 1985, Paint in its various guises would be one of the first graphics editors used by many and became a core part of Windows. Starting life as a 1-bit monochrome licensed version of ZSoft's PC Paintbrush, it wasn't until Windows 98 that Paint could save in JPEG. With the Windows 10 Creators Update, released in April, Microsoft introduced the new Paint 3D, which is installed alongside traditional Paint and features 3D image making tools as well as some basic 2D image editing. But it is not an update to original Paint and doesn't behave like it. Now Microsoft has announced that, alongside Outlook Express, Reader app and Reading list, Microsoft Paint has been signalled for death having been added to the "features that are removed or deprecated in Windows 10 Fall Creators Update" list.Read Replies (0)
By EditorDavid from Slashdot's wise-why's-of-WiFi department
Awhile ago the FCC in the USA implemented a rule that required manufacturers to restrict end-users from tampering with the radio outputs on wi-fi routers. It was predicted that manufacturers would take the lazy way out by locking down the firmware/bootloaders of the routers entirely instead of partitioning off access to the radio transmit power and channel ranges. This has apparently proven to be the case, as even now routers that were previously marketed as "Open Source Ready" or "DD-WRT Compatible" are coming with locked firmware.
In my case, having noticed this trend, I purchased three routers from Belkin, Buffalo, and Netgear in Canada, the UK, and Germany respectively, instead of the USA, and the results: All three routers had locked firmware/bootloaders, with no downgrade rights and no way to install Tomato, DD-WRT, OpenWRT, etc. It seems the FCC rule is an example of the wide-reaching effect of US law on the products sold in other nations, etc. So, does anyone know a good source of unlocked routers or other technical information on how to bypass this ridiculous outcome of FCC over-reach and manufacturer laziness?
The FCC later specified that they were not trying to block Open Source firmware modifications -- so leave your best suggestions in the comments. How can you avoid routers with locked firmware?Read Replies (0)
By EditorDavid from Slashdot's federal-funding's-finished department
The U.S. General Services Administration has removed Kapersky Lab from its list of approved vendors for federal systems, which also eliminates the discounts it previously offered to state governments. Long-time Slashdot reader Rick Zeman writes:
"The agency's statement suggested a vulnerability exists in Kaspersky that could give the Russian government backdoor access to the systems it protects, though they offered no explanation or evidence of it," reports the Washington Post. Kaspersky, of course, denies this, offering their source code up for U.S. Government review... "Three current and former defense contractors told The Post that they knew of no specific warnings circulated about Kaspersky in recent years, but it has become an unwritten rule at the Pentagon not to include Kaspersky as a potential vendor on new projects."
"The lack of information from the GSA underscores a disconnect between local officials and the federal government about cybersecurity," the Post reports, adding that "the GSA's move on July 11 has left state and local governments to speculate about the risks of sticking with the company or abandoning taxpayer-funded contracts, sometimes at great cost."
The Post also quotes a cybersecurity expert at a prominent think tank -- the Center for Strategic and International Studies -- who believes that "it's difficult, if not impossible" for a company like Kaspersky to be headquartered in Moscow "if you don't cooperate with the government and the intelligence services."Read Replies (0)
By EditorDavid from Slashdot's dog-dialects department
An anonymous reader writes: Devices that can talk to our pet dogs and cats could be less than 10 years away, according to a report Amazon commissioned that was co-authored by futurist William Higham. "Innovative products that succeed are based around genuine and major consumer needs," Higham wrote, noting the tremendous amounts already spent on our pets, and concluding, "Somebody is going to put this together." Amazon already sells one dubious device that converts human voices into meows using samples from 25 cats, according to the Guardian. (One reviewer who tested the device wrote that "the cat seems puzzled.") But Amazon's report also cites the work of Con Slobodchikoff, a professor emeritus in Northern Arizona University's biology department, who spent 30 years studying the behavior of prairie dogs. Slobodchikoff discovered prairie dogs have different words for colors and for species of predators, and is now already raising money to develop a translation device for pets.
Although Slobodchikoff concedes that "With cats I'm not sure what they'd have to say. A lot of times it might just be 'you idiot, just feed me and leave me alone.'"Read Replies (0)
By EditorDavid from Slashdot's clicking-unlike department
An anonymous reader quotes BleepingComputer:
Over 45,000 users have left one-star reviews on a company's Facebook page after the business reported a security researcher to police and had him arrested in the middle of the night instead of fixing a reported bug. The arrest took place this week in Hungary after an 18-year-old found a flaw in the online ticket-selling system of Budapesti Közlekedési Központ, Budapest's public transportation authority. The young man discovered that he could access BKK's website, press F12 to enter the browser's developer tools mode, and modify the page's source code to alter a ticket's price. Because there was no client or server-side validation put in place, the BKK system accepted the operation and issued a ticket at a smaller price...
The teenager -- who didn't want his name revealed -- reported the issue to BKK, but the organization chose to contact the police and file a complaint, accusing the young man of hacking their systems... BKK management made a fatal mistake when they brazenly boasted in a press conference about catching the hacker and declaring their systems "secure." Since then, other security flaws in BKK's system have surfaced on Twitter. As details of the case emerged, public outrage grew against BKK and its manager Kálmán Dabóczi, especially after it was revealed that BKK was paying around $1 million per year for maintenance of its IT systems, hacked in such a ludicrously simple manner.Read Replies (0)
By EditorDavid from Slashdot's exploiting-eclipses department
necro81 writes: After its successful flyby of Pluto in July 2015, the New Horizons probe received a mission extension to fly past a Kuiper Belt object -- named 2014 MU69 -- in January 2019. However, we know few details about the object -- its size, shape, albedo, whether it has any companions -- which are crucial for planning the flyby. Based on observations from Hubble, the New Horizons team knew that the object would pass in front of a star -- an occultation -- on July 17th, which could provide some of this data. But the occultation would last for less than a second, would only be visible in Patagonia, and the star itself is quite dim. NASA set up 24 telescopes near one community to capture the event, and received lots of cooperation from locals: turning off streetlights, shutting down a nearby highway, and setting up trucks as windbreaks. At least five of those telescopes captured the occultation. This was the latest in a series of observations ahead of the flyby. "We had to go up to farmers' doors and say 'Hi, we're here from NASA, we're wondering if we can set up telescopes in your back pasture?'" one astronomer told Popular Science. "More often than not people were like 'that sounds awesome, sure, we'll help out!'"Read Replies (0)