By EditorDavid from Slashdot's crime-of-the-century department
"These devices kind of look like cell phone chargers, so they probably thought they had some kind of street value," said the co-founder of Roambee, a shipping-monitoring services company, in a classic story shared by Iwastheone:
[He's] talking about the hundred or so GPS tracking devices that were stolen recently from the company's Dela Cruz Avenue labs. "The moment we realized they had a box of trackers, we went into recovery mode," Subramanian said. "We notified the police and equipped them to track the devices, and in about 5 or 6 hours, it was done...." It wasn't long before the police were using Roambee's software to locate the devices and the thieves. "We were able to pinpoint the location of these trackers to a warehouse in Union City and two of the devices had gone mobile, and the thieves were driving around with them in the East Bay," Subramanian said. The two men were arrested in Alameda.
Before stealing 100 battery-powered GPS-tracking devices, one of the thieves also grabbed a beer out of the office refrigerator -- and cut themselves -- leaving behind both fingerprints and an actual blood sample.
The company is now using this 2017 episode as an instructive case study. "Roambee wirelessly synced with all 100 devices and remotely set them to stealth mode (so there's no blinking LEDs to alert the thieves) and then switched the location reporting intervals from once every hour to once every minute."Read Replies (0)
By EditorDavid from Slashdot's safety-.NET department
An anonymous Slashdot reader summarizes an article by a senior security researcher at Forecepoint Security Labs:
Among cyber criminals, there has been a trend in recent years for using more so called 'fileless' attacks. The driver for this is to avoid detection by anti-virus. PowerShell is often used in these attacks. Part of the strategy behind fileless attacks is related to the concept of 'living off the land', meaning that to blend in and avoid detection, attackers strive for only using the tools that are natively available on the target system, and preferably avoiding dropping executable files on the file system. Recently, C# has received some attention in the security community, since it has some features that may make it more appealing to criminals than PowerShell. [Both C# and Powershell use the .NET runtime.] A Forcepoint researcher has summarized the evolvement of attack techniques in recent years, particularly looking at a recent security issue related to C# in a .NET utility in terms of fileless attacks.
From the article:
A recent example of C# being used for offensive purposes is the PowerShell/C# 'combo attack' noted by Xavier Mertens earlier this month in which a malware sample used PowerShell to compile C# code on the fly. Also, a collection of adversary tools implemented in C# was released. Further, an improved way was published for injecting shellcode (.NET assembly) into memory via a C# application.... Given recent trends it seems likely that we'll start to see an increased number of attacks that utilize C# -- or combinations of C# and PowerShell such as that featured in Xavier Mertens' SANS blog -- in the coming months.Read Replies (0)
By EditorDavid from Slashdot's time-on-our-hands department
Long-time Slashdot reader kwelch007 writes:
I finally gave in, after years of Android loyalty, because the iPhone and Apple Watch just worked, so I was told (and it is true). I changed from my Motorola Maxx for an iPhone 7, because I wanted the Apple Watch. Shortly after, I purchased a second-hand Apple Watch Series 1. I have never looked back...and I'm happy with it.
Last week, I was able to buy an Apple Watch Series 4 with the exact specs I wanted... Wow! The screen is a ton bigger than my Series 1. I noticed right away when it asked me to set my passcode...the buttons were WAY bigger! It truly has the "side-to-side" screen...it's noticable... "Walkie Talkie" is super convenient (used with my associate who told me that it was in stock at Best Buy...)
1) It's big, but not much bigger on your wrist than the 42mm versions previous...rather, the screen is bigger, brighter, and more usable.
2) The speakers and mics are far and away better than previous versions of the Apple Watch.
But they don't yet have access to "the highly-touted 'ECG' capability". (Fortune reports it was only approved by America's FDA the day before the launch event -- and isn't yet available for "international" customers.) And the software also isn't ready yet for "Fall Protection," a feature which calls emergency responders if it detects that you've fallen to the ground and you don't respond to prompts for the next 60 seconds. ("The feature is automatic with Watch owners who identify themselves as 65 and up," USA Today reported last week.)
< article continued at Slashdot's time-on-our-hands department
>Read Replies (0)
By EditorDavid from Slashdot's busing-in-Boston department
"Computers can solve your problem. You may not like the answer," writes the Boston Globe. Slashdot reader sandbagger explains:
"Boston Public Schools asked MIT graduate students Sebastien Martin and Arthur Delarue to build an algorithm that could do the enormously complicated work of changing start times at dozens of schools -- and re-routing the hundreds of buses that serve them. In theory this would also help with student alertness...." MIT also reported that "Approximately 50 superfluous routes could be eliminated using the new method, saving the school district between $3 million and $5 million annually."
The Globe reports:
They took to the new project with gusto, working 14- and 15-hour days to meet a tight deadline -- and occasionally waking up in the middle of the night to feed new information to a sprawling MIT data center. The machine they constructed was a marvel. Sorting through 1 novemtrigintillion options -- that's 1 followed by 120 zeroes -- the algorithm landed on a plan that would trim the district's $100 million-plus transportation budget while shifting the overwhelming majority of high school students into later start times.... But no one anticipated the crush of opposition that followed. Angry parents signed an online petition and filled the school committee chamber, turning the plan into one of the biggest crises of Mayor Marty Walsh's tenure. The city summarily dropped it. The failure would eventually play a role in the superintendent's resignation...
< article continued at Slashdot's busing-in-Boston department
>Read Replies (0)
By EditorDavid from Slashdot's show-me-the-money department
"The National Security Agency's 2018 Codebreaker Challenge kicked off on Friday, 9/21, and runs through 12/31," writes Slashdot reader eatvegetables. Each year's challenge -- which is open to U.S. students -- comes with its own (fictitious) backstory which the organizers say is "meant for providing realistic context."
This year's story?
A new strain of ransomware has managed to penetrate several critical government networks and NSA has been called upon to assist in remediating the infection to prevent massive data losses. For each infected machine, an encrypted copy of the key needed to decrypt the ransomed files has been stored in a smart contract on the Ethereum blockchain* and is set to only be unlocked upon receipt of the ransom payment. Your mission is to ultimately (1) find a way to unlock the ransomware without giving in to the attacker's demands and (2) figure out a way to recover all of the funds already paid by other victims.
* For the purposes of this challenge, a private blockchain has been created with no real monetary value associated with the Ether.
"The first half focuses on network protocol analysis and binary reverse-engineering," writes eatvegetables, while "The second half is all about attempting to exploit the blockchain."
An email address from "a recognized U.S. school or university" is required, and the original submission notes that America's college students "are already hard at work trying to push their school to the top of the leaderboard."Read Replies (0)
By EditorDavid from Slashdot's game-of-monopolies department
The Bay Area Newsgroup reports:
Political momentum for a crackdown on Silicon Valley's social media giants got a boost this week when a state attorney general said he would tell U.S. Attorney General Jeff Sessions next week that Google, Facebook and Twitter should be broken up. Louisiana Attorney General Jeff Landry wants the federal government to do to the social media firms what it did to Standard Oil in 1911, according to a Louisiana newspaper report Tuesday... "This can't be fixed legislatively," Landry told the paper. "We need to go to court with an antitrust suit." He or another high official from his office will next week present the break-up proposal to Sessions... Landry, president of the National Association of Attorneys General, had spent months with his colleagues probing what they described as anti-competitive practices by Facebook, Google and Twitter, according to the paper.
On Friday, Bloomberg reported it had obtained a draft of a potential White House executive order that asks certain government agencies to recommend actions that would "protect competition among online platforms and address online platform bias." The order, reportedly in its preliminary stages, asks US antitrust authorities to "thoroughly investigate whether any online platform has acted in violation of the antitrust laws."Read Replies (0)
By EditorDavid from Slashdot's going-ballastic department
Cody Wilson, maker of the first 3D-printed plastic gun, has been arrested in Taiwan. Long-time Slashdot reader SonicSpike quotes Reason:
Earlier this week, Texas police issued a warrant for his arrest. Wilson, they claimed, found a woman on sugardaddymeet.com, a website that requires all users to assert they are 18 or over, then met her and paid for sex with her. Police say the woman was actually 16, which made that act a violation of Texas penal code 22.011 (A)(2)(a), regarding sex with a minor, which is legally considered sexual assault regardless of consent or payment.
While Taiwan has no formal extradition treaty with the U.S., and Wilson was not said to have been doing anything directly criminal in Taiwan, the press there reports that he was arrested without incident because the U.S. had revoked his passport, making his mere presence in Taiwan illegal. (The U.S. government has the power to revoke the passports of people facing felony arrest warrants.) Wilson was then, according to The New York Times, "delivered...to the National Immigration Agency" in Taiwan. It is expected to deport him to the U.S. to face those charges, which carry a potential 2 to 20 years in prison and $10,000 fine.
A reporter for Ars Technica visited Wilson's home weapons printing company, and was told that "A management restructuring is coming." But they also contacted Adam Bhala Lough, who directed and wrote a documentary film about Wilson. Prior to Wilson's arrest, Lough argued that "Without Cody, it can't last. It's like Tesla and Elon Musk, you can't separate the two.
< article continued at Slashdot's going-ballastic department
>Read Replies (0)
By EditorDavid from Slashdot's falling-from-the-sky department
"The Surrey Space Center successfully used a net to capture a piece of artificial space junk in orbit for the first time in history on Sunday," writes Slashdot reader dmoberhaus. "The video was just released Wednesday and is quite stunning."
"Not only does the net look cool as hell, it's addressing a major problem for the future of space exploration," reports Motherboard:
The test was carried about by the RemoveDEBRIS satellite, an experimental space debris removal platform built by an international consortium of space companies and university research centers. There are tens of thousands of pieces of fast-moving space junk in orbit, which range from the centimeter-scale all the way to entire rocket stages. Some of these pieces are moving faster than a bullet and all of them pose a serious danger to other satellites and crewed capsules... Removing this junk from orbit is particularly challenging because of the various sizes of the debris, its erratic tumbling motion, and the fact that some pieces are moving as fast as 30,000 miles per hour.
The successful experiment follows six years of Earth-based testing, according to a professor at the lead research institution, the Surrey Space Centre.
"While it might sound like a simple idea, the complexity of using a net in space to capture a piece of debris took many years of planning, engineering and coordination."Read Replies (0)
By EditorDavid from Slashdot's something-you-have department
An anonymous reader quotes Softpedia:
Purism announced Thursday that its highly anticipated Librem Key security key is now available for purchase as the first and only OpenPGP-based smart card to offer a Heads-firmware-integrated tamper-evident boot process for laptops. Developed in partnership with Nitrokey, a company known for manufacturing open-source USB keys that enable secure encryption and signing of data for laptops, Purism's Librem Key is dedicated to Librem laptop users, allowing them to store up to 4096-bit RSA keys and up to 512-bit ECC keys on the security key, as well as to securely generate new keys directly on the device. Librem Key integrates with the secure boot process of the latest Librem 13 and 15 laptops...
Designed to let Librem laptop users see if someone has tampered with the software on their computers when it boots, Librem Key leverages the Heads-enabled TPM (Trusted Platform Module) chip in new Librem 13 and Librem 15 laptops. According to Purism, when inserted, the security key will blink green to show users that the laptop hasn't been tampered with, so they can continue from where they left off, and blinks red when tampering has occurred.
Purism's web site explains:
With so many attacks on password logins, most security experts these days recommend adding a second form of authentication (often referred to as "2FA" or "multi-factor authentication") in addition to your password so that if your password gets compromised the attacker still has to compromise your second factor.
USB security tokens work well as this second factor because they are "something you have" instead of "something you know" like a password is, and because they are portable enough you can just keep them in your pocket, purse, or keychain and use them only when you need to login to a secure site.Read Replies (0)
By EditorDavid from Slashdot's old-MacDonald-had-a-sham department
An anonymous reader quotes a new Wired opinion piece by Kyle Wiens and Elizabeth Chamberlain from iFixit:
A big California farmers' lobbying group just blithely signed away farmers' right to access or modify the source code of any farm equipment software. As an organization representing 2.5 million California agriculture jobs, the California Farm Bureau gave up the right to purchase repair parts without going through a dealer. Farmers can't change engine settings, can't retrofit old equipment with new features, and can't modify their tractors to meet new environmental standards on their own. Worse, the lobbyists are calling it a victory.... John Deere and friends had already made every single "concession" earlier this year...
Just after the California bill was introduced, the farm equipment manufacturers started circulating a flyer titled "Manufacturers and Dealers Support Commonsense Repair Solutions." In that document, they promised to provide manuals, guides, and other information by model year 2021. But the flyer insisted upon a distinction between a right to repair a vehicle and a right to modify software, a distinction that gets murky when software controls all of a tractor's operations. As Jason Koebler of Motherboard reported, that flyer is strikingly similar -- in some cases, identical word-for-word -- to the agreement the Farm Bureau just brokered...
Instead of presenting a unified right-to-repair front, this milquetoast agreement muddies the conversation. More worryingly, it could cement a cultural precedent for electronics manufacturers who want to block third-party repair technicians from accessing a device's software.Read Replies (0)
By EditorDavid from Slashdot's Windows-shopping-at-the-Microsoft-Store department
An anonymous reader quotes MSPowerUser:
Nearly every Linux distro is already available in the Microsoft Store, allowing developers to use Linux scripting and other tools running on the Windows Subsystem for Linux (WSL). Now another distro has popped up in the Store, and unlike the others it claims to be specifically optimised for WSL, meaning a smaller and more appropriate package with sane defaults which helps developers get up and running faster.
WLinux is based on Debian, and the developer, Whitewater Foundry, claims their custom distro will also allow faster patching of security and compatibility issues that appear from time to time between upstream distros and WSL... Popular development tools, including git and python3, are pre-installed. Additional packages can be easily installed via the apt package management system... A handful of unnecessary packages, such as systemd, have been removed to improve stability and security.
The distro also offers out of the box support for GUI apps with your choice of X client, according to the original submission.
WLinux is open source under the MIT license, and is available for free on GitHub. It can also be downloaded from Microsoft Store at a 50% discount, with the development company promising the revenue will be invested back into new features.Read Replies (0)
By EditorDavid from Slashdot's aliens-unharmed department
"The mysterious 11-day closure of a New Mexico solar observatory stemmed from an FBI investigation of a janitor suspected of using the facility's wireless internet service to send and receive child pornography, federal court documents showed..."
An anonymous reader quotes the Washington Post:
In July, FBI agents investigating child sexual exploitation traced the location of several IP addresses linked to child pornography activity to the observatory, according to a 39-page search warrant application. During an interview with federal authorities on Aug. 21, the facility's chief observer said he had found, on a number of occasions, the same laptop hidden and running in various seldom-used offices around the observatory. He described the contents of the laptop as "not good," according to court documents. A federal agent immediately went to the observatory, located deep within Lincoln National Forest, and took the laptop into evidence...
Aside from continuing to "feverishly" search the facility, the documents state that the janitor said, "it was only a matter of time before the facility 'got hit,'" and that he "believed there was a serial killer in the area, and that he was fearful that the killer might enter the facility and execute someone." In response to the janitor's behavior, the management of the observatory, without input from the FBI, shut it down and evacuated its personnel. The facility's cleaning contract with the janitor's parents was also terminated.
The warrant application specified that the janitor "has a key to the building and unlimited access to the building, and is familiar with which offices are used only a handful of times a year."
It also says that the janitor was the only person in the facility at the time of the alleged downloads.Read Replies (0)
By BeauHD from Slashdot's taste-of-the-past department
An anonymous reader quotes a report from the BBC: Computer historians have staged a re-enactment of World War Two code-cracking at Bletchley Park. A replica code-breaking computer called a Bombe was used to decipher a message scrambled by an Enigma machine. Held at the National Museum of Computing (TNMOC), the event honored Polish help with wartime code-cracking. Enigma machines were used extensively by the German army and navy during World War Two. This prompted a massive effort by the Allies to crack the complex method they employed to scramble messages. That effort was co-ordinated via Bletchley Park and resulted in the creation of the Bombe, said Paul Kellar who helps to keep a replica machine running at the museum. Renowned mathematician Alan Turing was instrumental in the creation of the original Bombe.
For its re-enactment, TNMOC recruited a team of 12 and used a replica Bombe that, until recently, had been on display at the Bletchley Park museum next door. The electro-mechanical Bombe was designed to discover which settings the German Enigma operators used to scramble their messages. As with World War Two messages, the TNMOC team began with a hint or educated guess about the content of the message, known as a "crib," which was used to set up the Bombe. The machine then cranked through the millions of possible combinations until it came to a "good stop," said Mr Kellar. This indicated that the Bombe had found key portions of the settings used to turn readable German into gobbledygook. After that, said Mr Kellar, it was just a matter of time before the 12-strong team cracked the message.Read Replies (0)
By BeauHD from Slashdot's sign-of-the-times department
Mallory Locklear reporting via Engadget: The Recording Industry Association of America (RIAA) has released music industry revenue statistics for the first half of 2018 in the U.S., and on average, revenue growth has slowed. While overall revenue was up 10 percent compared to the same time last year, clocking in at $4.6 billion, that rate is only around half of the increase observed between the first halves of 2016 and 2017. Streaming revenue growth slowed as well, though it was still up 28 percent compared to last year. Notably, streaming accounted for the vast majority of revenue so far this year, with 75 percent of overall revenue coming from streaming services like Spotify, Apple Music and Tidal.
The numbers also show that more people continue to join paid subscription services, with subscription rates growing by about one million per month. But while streaming revenue is still on an upward trend, the news isn't so good for digital downloads and CD sales. Digital downloads have only made up 12 percent of overall revenue so far this year, down from 19 percent last year, and CD sales saw a whopping 41 percent drop in revenue. To compare, during the same time last year, CD sales were only down three percent from the year before. Vinyl revenue, however, is up 13 percent.Read Replies (0)
By BeauHD from Slashdot's could-this-happen department
An anonymous reader quotes a report from CNN: Building walls on the seafloor could prevent glaciers from melting and sea levels rising due to global warming, scientists say. Barriers of sand and rock positioned at the base of glaciers would stop ice sheets sliding and collapsing, and prevent warm water from eroding the ice from beneath, according to research published this week in the Cryosphere journal, from the European Geosciences Union. The audacious idea centers on the construction of "extremely simple structures, merely piles of aggregate on the ocean floor, although more advanced structures could certainly be explored in the future," said the report's authors, Michael Wolovick, a researcher at the department of geosciences at Princeton University, and John Moore, professor of climate change at the University of Lapland in Finland.
Using computer models to gauge the probable impact of walls on erosion of the Thwaites glacier in Antarctica, one of the world's largest, Wolovick and Moore hoped to test the efficiency of "a locally targeted intervention." They claimed the simplest designs would allow direct comparison with existing engineering projects. "The easiest design that we considered would be comparable to the largest civil engineering projects that humanity has ever attempted," they said. "An ice sheet intervention today would be at the edge of human capabilities." For example, building four isolated walls would require between 0.1 and 1.5 cubic km of material. "That is comparable to the 0.1 km3 that was used to create Palm Jumeirah in Dubai ($12 billion)...(and) the 0.3 km3 that was used to create Hong Kong International Airport ($20 billion)," the report said. The authors say there's only a 30% probability of success due to the harsh environment, but did mention that the scientific community could work on a plan that was both achievable and had a high probability of success.Read Replies (0)