An anonymous reader quotes Ars Technica:
Equifax isn't the only credit-reporting behemoth with a website redirecting visitors to fake Adobe Flash updates. A security researcher from AV provider Malwarebytes said transunioncentroamerica.com, a TransUnion site serving people in Central America, [was] also sending visitors to the fraudulent updates and other types of malicious pages... Malwarebytes security researcher Jerome Segura says he was able to repeatedly reproduce a similar chain of fraudulent redirects when he pointed his browser to the transunioncentroamerica.com site. On some occasions, the final link in the chain would push a fake Flash update. In other cases, it delivered an exploit kit that tried to infect computers with unpatched browsers or browser plugins... "This is not something users want to have," Segura told Ars...
Equifax on Thursday was quick to say that its systems were never compromised in the attacks. TransUnion said much the same thing. This is an important distinction in some respects because it means that the redirections weren't the result of attackers having access to restricted parts of either company's networks. At the same time, the incidents show that visitors to both sites remain much more vulnerable to malicious content than they should be.
Both sites hosted fireclick.js, an old script from a small web analytics company which pulls pages from sites like Akamai, SiteStats.info, and Ostats.net. "It appears that attackers have compromised the third-party library," writes BankInfoSecurity, adding that Malwarebytes estimates over a 1,000 more sites are using the same library.Read Replies (0)
By EditorDavid from Slashdot's litter-from-space department
China launched a space laboratory named Tiangong 1 into orbit in 2011. The space laboratory was supposed to become a symbol of China's ambitious bid to become a space superpower. After two years in space, Tiangong 1 started experiencing technical failure. Last year Chinese officials confirmed that the space laboratory had to be scrapped. The 8.5 ton heavy space laboratory has begun its descent towards Earth and is expected to crash back to Earth within the next few months.
Most of the laboratory is expected to burn up in earth's atmosphere, but experts believe that pieces as heavy as 100 kilograms (220 pounds) may survive re-entry and impact earth's surface. Nobody will be able to predict with any precision where those chunks of space laboratory will land on Earth until a few hours before re-entry occurs. The chance that anyone would be harmed by Tiangong-1's debris is considered unlikely.
When NASA's SkyLab fell to earth in 1979, an Australian town fined them $400 -- for littering.Read Replies (0)
By EditorDavid from Slashdot's extortion-through-encryption department
Slashdot reader rmurph04 writes:
Ransomware is a $6.2 million industry, based on sales generated from a network of more than 6,300 Dark Web marketplaces that sell over 45,000 products, according to a report released Wednesday by cybersecurity firm Carbon Black.
While the authors of the software are earning six-figure incomes, ransom payments totalled $1 billion in 2016, according to FBI estimates -- up from just $24 million in 2015. Carbon Black, which was founded by former U.S. government "offensive security hackers," argues that ransomware's growth has been aided by "the emergence of Bitcoin for ransom payment, and the anonymity network, Tor, to mask illicit activities.. Bitcoin allows money to be transferred in a way that makes it nearly impossible for law enforcement to 'follow the money.'"Read Replies (0)
By EditorDavid from Slashdot's losing-your-keys department
Computer keyboards will be phased out over the next 20 years, and we should think carefully about what replaces them as the dominant mode of communicating with machines, argues Android co-founder Rich Miner. Virtual reality technology and brain-computer links -- whose advocates include Elon Musk -- could lead to a "dystopian" future where people live their lives inside of goggles, or they jack directly into computers and become completely "de-personalized," Miner worries.
He takes a more "humanistic" view of the future of human-machine interfaces, one that frees us to be more expressive and requires computers to communicate on our level, not the other way around. That means software that can understand our speech, facial expressions, gestures, and handwriting. These technologies already exist, but have a lot of room for improvement.
One example he gives is holding up your hand to pause a video.Read Replies (0)
By EditorDavid from Slashdot's code-for-currency department
Long-time Slashdot reader Esther Schindler quotes Hewlett Packard Enterprise:
When you handle trillions of dollars a year in transactions and manage the largest known vault of gold in the world, security and efficiency are top priorities. Open source reusable software components are key to the New York Fed's successful operation, explains Colin Wynd, vice president and head of the bank's Common Service Organization... The nearly 2,000 developers across the Federal Reserve System used to have a disparate set of developer tools. Now, they benefit from a standard toolset and architecture, which also places limits on which applications the bank will consider using. "We don't want a third-party application that isn't compatible with our common architecture," said Wynd.
One less obvious advantage to open source adoption is in career satisfaction and advancement. It gives developers opportunities to work on more interesting applications, said Wynd. Developers can now take on projects or switch jobs more easily across Federal Reserve banks because the New York Fed uses a lot of common open source components and a standard tool set, meaning retraining is minimal if needed at all."
Providing training in-house also creates a more consistent use of best practices. "Our biggest headache is to prove to groups that an application is secure, because we have to defend against nation state attacks."Read Replies (0)
By EditorDavid from Slashdot's branching-out department
Microsoft's campus now features three outdoor treehouses for its employees. An anonymous reader quotes CNBC:
More than 12 feet off the ground, the treehouses feature charred-wood walls, skylights, at least one gas fireplace, Wi-Fi and hidden electrical outlets. Employees can even grab a bite at an outdoor extension of the indoor cafeteria. The "more Hobbit than HQ" treehouses are designed by Pete Nelson of the TV show "Treehouse Masters" and are part of Microsoft's growing "outdoor districts..." The company touts the professional benefits of working in nature -- greater creativity, focus and happiness -- but honestly, the treehouses are just plain cool.
Microsoft touts a Harvard physician who believes nature "stimulates reward neurons in your brain. It turns off the stress response, which means you have lower cortisol levels, lower heart rate and blood pressure, and improved immune response." There's a short video on the "Working at Microsoft" channel on YouTube, but I'm curious what Slashdot readers think about working outdoors. Or, in a tree...Read Replies (0)
By EditorDavid from Slashdot's gotta-catch-'em-all department
"How can the police induce citizens to help investigate crime? By trying to make it 'cool' and turning it into a game that awards points for hits," reports CSO. mrwireless writes:
Through their 'police of the future' innovation initiative, and inspired by Pokemon Go, the Dutch police are building an app where you can score points by photographing the license plates of stolen cars. When a car is reported stolen the app will notify people in the neighbourhood, and then the game is on! Privacy activists are worried this creates a whole new relationship with the police, as a deputization of citizens blurs boundaries, and institutionalizes 'coveillance' -- citizens spying on citizens. It could be a slippery slope to situations that more resemble the Stasi regime's, which famously used this form of neighborly surveillance as its preferred method of control.
CSO cites Spiegel Online's description of the unofficial 189,000 Stasi informants as "totally normal citizens of East Germany who betrayed others: neighbors reporting on neighbors, schoolchildren informing on classmates, university students passing along information on other students, managers spying on employees and Communist bosses denouncing party members."
The Dutch police are also building another app that allows citizens to search for missing persons.Read Replies (0)
By EditorDavid from Slashdot's thanks-Elon department
An anonymous reader quotes the Bay Area Newsgroup:
Tesla fired hundreds of workers this week, including engineers, managers and factory workers, even as the company struggles to expand its manufacturing and product line... The company said this week's dismissals were the result of a company-wide annual review, and insisted they were not layoffs. Some workers received promotions and bonuses, and the company expects to hire for the "vast majority" of new vacancies, a spokesman said. "As with any company, especially one of over 33,000 employees, performance reviews also occasionally result in employee departures," a spokesman said. "Tesla is continuing to grow and hire new employees around the world."
"Tesla has a hearing before the National Labor Relations Board in November for charges that company supervisors and security guards harassed workers distributing union literature," reports the Bay Area Newsgroup, adding that "Openly pro-union workers were among those fired this week. Some believe they were targeted."
Tesla denies this, and says that they've generally boosted morale this week -- by rewarding higher-performing employees.Read Replies (0)
By BeauHD from Slashdot's stoke-the-fire department
An anonymous reader quotes a report from The Verge: Russia's far-ranging campaign to promote dissension in the United States reportedly included an effort to weaponize Pokemon Go. CNN reported that in July 2016, a Tumblr page linked to Russia's now-notorious Internet Research Agency promoted a contest encouraging people sympathetic to the Black Lives Matter movement to play the game near famous sites of police brutality. Players were told to change their characters' names to the victims of those incidents -- an apparent effort to inflame racial tensions. The Tumblr page was linked to Do Not Shoot Us, a multi-platform campaign designed to mimic aspects of Black Lives Matter. (As CNN notes, the name plays on "hands up, don't shoot," one of the movement's slogans.) Do Not Shoot Us included a website, donotshoot.us, along with related pages on Facebook, Instagram, Twitter, and YouTube. The Facebook page was one of 470 pages that were removed after the company determined that it was linked to Russian groups attempting to interfere in US politics.Read Replies (0)
By BeauHD from Slashdot's helping-hand department
An anonymous reader quotes a report from TechCrunch: Steve Wozniak, the Apple co-founder who changed the world alongside Steve Jobs, has today announced the launch of Woz U. According to the release, Woz U will start as an online learning platform focused on both students and companies that will eventually hire those students. Woz U is based out of Arizona, and hopes to launch physical locations for learning in more than 30 cities across the globe. At launch, the curriculum will center around computer support specialists and software developers, with courses on data science, mobile applications and cybersecurity coming in the future. Alongside the education platform, Woz U will also offer platforms for tech companies to recruit, train and retain their workforce through on-site customized programs and subscription-based curricula. There also will be a platform for K-12 students, which will be distributed to school districts, that will offer STEAM programs to identify talent and nudge those individuals into a tech-based career. And if that weren't enough, Woz U will eventually introduce an accelerator program "to identify and develop elite tech talent." Woz U also has an app on the App Store that will help people understand which field of tech they're best suited for, so they can set up their curriculum accordingly. Pricing has yet to be announced.Read Replies (0)