By BeauHD from Slashdot's welcome-to-the-family department
An anonymous reader quotes a report from Ars Technica: President Donald Trump has selected Andrei Iancu, the managing partner of a major Los Angeles law firm, to be the next head of the U.S. Patent and Trademark Office. Iancu has been a partner at Irell & Manella since 2004 and was an associate at the firm for five years earlier. His most notable work in the tech sector is likely his representation of TiVo Corp. in its long-running patent battles with companies like EchoStar, Motorola, Microsoft, Verizon, and Cisco. TiVo ultimately succeeded in compelling those defendants to pay up for its pioneering DVR patents, and payments to TiVo ultimately totaled more than $1.6 billion, according to Iancu's biography page. Iancu also had a hand in Immersion Corp.'s $82 million jury verdict against Sony Computer Entertainment, in which a jury found that Immersion's patent claims on tactile feedback technology were valid and infringed. Those big wins aside, most of Iancu's work has been on the defense side. He's represented eBay in a case against Acacia Research Corp., a large, publicly traded non-practicing entity, and he worked for Hewlett-Packard when it defended against Xerox patent claims. He's also worked in the medical device area, enforcing patents for St. Jude Medical on vascular closure devices.Read Replies (0)
By msmash from Slashdot's privacy-woes department
An anonymous reader writes: A list of thousands of fully working Telnet credentials has been sitting online on Pastebin since June 11, credentials that can be used by botnet herders to increase the size of their DDoS cannons. The list includes an IP address, device username, and a password, and is mainly made up of default device credentials in the form of "admin:admin", "root:root", and other formats. There are 33,138 entries on the list, which recently became viral on Twitter after several high-profile security experts retweeted a link to it. During the past week, a security researcher has been working to find affected devices and notify owners or their ISPs. Following his work, only 2,174 devices still allow an attacker to log on via its Telnet port, and 1,775 of the published credentials still work. "There are devices on the list of which I never heard of," the researcher said, "and that makes the identification process much slower."Read Replies (0)
By msmash from Slashdot's unstoppable department
An anonymous reader shares a report: Nearly 3 million viewers are estimated to have watched the fight this weekend via online streams, according to Irdeto, a digital security firm. Though many of these were slick, traditional streaming websites, there was also a new surge in social streams. Between Periscope, Instagram live, Facebook live, YouTube, Twitch, and smaller platforms like Kodi, Irdeto identified 239 streams of the fight over the weekend. And with the option to have private, share-with-just-your-friends streams (like private Facebook Live feeds), it's likely there are many more streams of the fight that were running than Irdeto wasn't able to track. Social media livestreaming has exploded in recent years, creating a whole new avenue for illegal sharing. In 2015, when Mayweather squared off against Manny Pacquiao in another much-anticipated fight, Periscope was only two months' old. Facebook and Instagram's live feed functions were still a year away. Now, they're as ubiquitous as the platforms that host them. Plus, with every smartphone now equipped with a high definition camera, most homes connected to high-speed internet, and the ease of streamable services on already-familiar social media sites, it's no wonder there was such a torrent of pirated feeds.Read Replies (0)
By msmash from Slashdot's tech-to-rescue department
An anonymous reader shares a report: The early diners are dawdling, so your 7:30 p.m. reservation looks more like 8. While you wait, the last order of the duck you wanted passes by. Tonight, you'll be eating something else -- without a second bottle of wine, because you can't find your server in the busy dining room. This is not your favorite night out. The right data could have fixed it, according to the tech wizards who are determined to jolt the restaurant industry out of its current slump. Information culled and crunched from a wide array of sources can identify customers who like to linger, based on data about their dining histories, so the manager can anticipate your wait, buy you a drink and make the delay less painful. It can track the restaurant's duck sales by day, week and season, and flag you as a regular who likes duck. It can identify a server whose customers have spent a less-than-average amount on alcohol, to see if he needs to sharpen his second-round skills. So Big Data is staging an intervention. Both start-ups and established companies are scrambling to deliver up-to-the-minute data on sales, customers, staff performance or competitors by merging the information that restaurants already have with all sorts of data from outside sources: social media, tracking apps, reservation systems, review sites, even weather reports.Read Replies (0)
By msmash from Slashdot's privacy-woes department
An anonymous reader shares a report: Sarahah, a new app that lets people sign up to receive anonymized, candid messages, has been surging in popularity; somewhere north of 18 million people are estimated to have downloaded it from Apple and Google's online stores, making it the No. 3 most downloaded free software title for iPhones and iPads. Sarahah bills itself as a way to "receive honest feedback" from friends and employees. But the app is collecting more than just feedback messages. When launched for the first time, it immediately harvests and uploads all phone numbers and email addresses in your address book. Although Sarahah does in some cases ask for permission to access contacts, it does not disclose that it uploads such data, nor does it seem to make any functional use of the information. Zachary Julian, a senior security analyst at Bishop Fox, discovered Sarahah is uploading of private information when he installed the app on his Android phone, a Galaxy S5 running Android 5.1.1. The phone was outfitted with monitoring software, known as Burp Suite, which intercepts internet traffic entering and leaving the device, allowing the owner to see what data is sent to remote servers. When Julian launched Sarahah on the device, Burp Suite caught the app in the act of uploading his private data.Read Replies (0)
By msmash from Slashdot's technical-problems department
Thousands of ATMs and electronic card payment machines in Indonesia went offline over the weekend, and it might take two more weeks before full service is restored, after an outage from a satellite belonging to state-controlled telecom giant PT Telekomunikasi Indonesia (Telkom). From a report: Around 15,000 ground sites across Indonesia were affected by the problem on the 'Telkom-1' satellite, whose service is used by government agencies, banks, broadcasters and other corporations, Telkom's president director Alex Sinaga told reporters on Monday. A shift in the direction of the satelliteâ(TM)s antenna, which was first detected last Friday, had disrupted connectivity. Bank Central Asia (BCA), Indonesia's largest bank by market value, had around 5,700 of its ATMs affected by the outage, or 30 percent of the total operated by the bank, BCA chief executive Jahja Setiaatmadja told reporters. The Internet connection in some remote BCA branches were also affected, he said.Read Replies (0)
By msmash from Slashdot's next-up department
Kara Swisher, reporting for Recode: The board of Uber has voted and wants Expedia Dara Khosrowshahi to be its next CEO. But here is a shocking twist for those who have had to endure this awful, messy and convoluted process: He has not been officially offered the job as of 15 minutes ago, said sources. Still, most expect him to take it and he appears to be the one person dueling factions of the board can agree on. Unknown until now, Khosrowshahi was the third candidate -- after Hewlett Packard Enterprise CEO Meg Whitman and former General Electric CEO Jeff Immelt. Khosrowshahi is considered the "truce" choice for the board, which has been riven by ugly infighting between ousted CEO Travis Kalanick and one of its major investors, Benchmark. Benchmark had backed Whitman, while Kalanick had backed Immelt. Sources said that going into this morning, after Immelt withdrew his name from contention when it was clear he would not win the job, Whitman had the upper hand in the race for the job. But she also wanted a number of things -- including less involvement by ousted Uber CEO Travis Kalanick and more board control -- that became too problematic for the directors, said sources.Read Replies (0)
By EditorDavid from Slashdot's fraudulent-funding department
An anonymous reader quote BuzzFeed:
The vast majority of money raised to pay for the legal defense of beloved British cybersecurity researcher Marcus Hutchins was donated with stolen or fake credit card numbers, and all donations, including legitimate ones, will be returned, the manager of the defense fund says. Lawyer Tor Ekeland, who managed the fund, said at least $150,000 of the money collected came from fraudulent sources, and that the prevalence of fraudulent donations effectively voided the entire fundraiser. He said he'd been able to identify only about $4,900 in legitimate donations, but that he couldn't be certain even of those. "I don't want to take the risk, so I just refunded everything," he said.
Two days later, Hutchins posted the following on Twitter. "When sellouts are talking shit about the 'infosec community' remember that someone I'd never met flew to Vegas to pay $30K cash for my bail."
Hutchins is facing up to 40 years in prison, and at first was only allowed to leave his residence for four hours each week. Thursday a judge lifted some restrictions so that Hutchins is now allowed to travel to Milwaukee, where his employer is located. According to Bloomberg, government prosecutors complain Hutchins now "has too much freedom while awaiting trial and may skip the country."
Clickthrough for a list of the evidence government prosecutors submitted to the court this week.Read Replies (0)
By EditorDavid from Slashdot's now-this-is-pod-racing department
An anonymous reader quotes GeekWire:
The speediest team from SpaceX founder Elon Musk's first Hyperloop pod competition has done it again: WARR Hyperloop from Germany's Technical University of Munich won today's second contest by sending its magnetic-levitation pod through a nearly mile-long test tunnel at a peak speed of 201 mph. Musk announced WARR's victory to a crowd in the stands at SpaceX's headquarters in Hawthorne, California, and in a tweet... This weekend's competition brought about two dozen teams to Hawthorne, including a student group from the University of Washington. Each of the teams developed a pod that was designed to test engineering approaches for Musk's Hyperloop rapid-transit concept, which calls for sending people and cargo through low-pressure tubes at near-supersonic speeds.
Musk also tweeted that it "might be possible to go supersonic" in the 0.8-mile test Hyperloop tube, though he conceded it would require an extremely high acceleration (and deceleration) because of the short distance.
"For passenger transport, this can be spread over 20+ miles, so no spilt drinks."Read Replies (0)
By EditorDavid from Slashdot's beyond-the-bylaws department
An anonymous reader quotes InfoWorld:
To shore up Java's security, a private group that operates outside the normal open source community process is under consideration. The proposed OpenJDK Vulnerability Group would provide a secure, private forum in which trusted members of the community receive reports on vulnerabilities in code bases and then review and fix them... The vulnerability group and Oracle's internal security teams would work together, and it may occasionally need to work with external security organizations.
Due to the sensitive nature of its work, membership in the group would be more selective, there would be a strict communication policy, and members or their employers would need to sign both a nondisclosure and a license agreement, said Mark Reinhold, chief architect of the Java platform group at Oracle. "These requirements do, strictly speaking, violate the OpenJDK bylaws," Reinhold said. "The governing board has discussed this, however, and I expect that the board will approve the creation of this group with these exceptional requirements." If the Java security group is approved, Andrew Gross, leader of Oracle's internal Java vulnerability team, would lead it.Read Replies (0)