By EditorDavid from Slashdot's telnet-trouble department
"A backdoor has been found in devices made by a Chinese tech firm specializing in VoIP products," reports TechRadar. An anonymous reader quotes their article:
Security outfit Trustwave made the discovery of a hidden backdoor in DblTek's devices which was apparently put there to allow the manufacturer access to said hardware -- but of course, it's also open to being exploited by other malicious parties. The backdoor is in the Telnet admin interface of DblTek-branded devices, and potentially allows an attacker to remotely open a shell with root privileges on the target device.
What's perhaps even more worrying is that when Trustwave contacted DblTek regarding the backdoor last autumn -- multiple times -- patched firmware was eventually released at the end of December. However, rather than removing the flaw, the vendor simply made it more difficult to access and exploit. And further correspondence with the Chinese company has apparently fallen on deaf ears.
The firmware with the hole "is present on almost every GSM-to-VoIP device which DblTek makes," and Trustwave "found hundreds of these devices on the net, and many other brands which use the same firmware, so are equally open to exploit."Read Replies (0)
By EditorDavid from Slashdot's patchwork-of-patches department
An anonymous reader writes: "A vulnerability discovered by Google Project Zero security researchers and left without a patch by Microsoft received a temporary fix from third-party security vendor ACROS Security," according to Bleeping Computer. Microsoft is set to officially patch the flaw on March 15, after it previously pushed back February's Patch Tuesday for next month.
"According to Google researchers, attackers could leverage malformed EMF files to expose data found in the victim's memory, which can then be leveraged to bypass ASLR protection and execute code on the user's computer... ACROS Security has issued a temporary patch that can be applied to Windows computers via its product, called 0patch, a platform that applies fixes for zero-days, unpatched vulnerabilities, end-of-life and unsupported products, for legacy OSes, vulnerable 3rd party components, and customized software." When Microsoft issues an official update, the temporary patch will stop working immediately.Read Replies (0)
By EditorDavid from Slashdot's may-our-kiosk-take-your-order? department
An anonymous reader writes:
Wendy's is adding self-service ordering kiosks "to at least 1,000 restaurants, or about 15% of its stores," reports the Los Angeles Times, while McDonald's and Panera Bread are now planning to add kiosks to every restaurant. "Lots of restaurants, not just fast-food chains, are really trying to mitigate the costs of higher wages," says one market research firm, while also citing a survey which found 40% of millennials willing to use kiosks (compared to 30% of restaurant-goers overall).
But in some cases this means more work for human employees. Quartz points out that McDonalds doesn't plan to reduce its workforce after installing kiosks, and Panera Bread "has said that at some locations where it has ordering kiosks, it has actually increased human hours to help the kitchen keep up with the higher number of orders that come in through the more efficient ordering system."Read Replies (0)
By EditorDavid from Slashdot's getting-it-wrong department
Very long-time Slashdot reader Andy Smith writes:
Yesterday I received an email from my ISP telling me that I had illegally downloaded an animated film called Cubo and the Two Strings. I'd never heard of the film and hadn't downloaded it. The accusation came from a government-approved group called Get It Right From a Genuine Site. I contacted that group and was directed to their FAQ. Worryingly, there's no way to correct a false report. The entire FAQ is written from the position that either you, or someone on your network, definitely downloaded what you're accused of downloading. Their advice to avoid any problems with your ISP is simply to not download anything illegally again. But if they can get it wrong once, then surely they can get it wrong again. How widespread is this problem? What safeguards are in place to ensure that people aren't falsely accused? Why has the government allowed this scheme to operate without the accused having some right to defend themselves?
After advising users to check their wifi password -- and confront all the network's users about whether they've downloaded Cubo and the Two Strings -- the site concludes simply that "If there is no further activity identified for an IP address associated with your account, you will NOT receive further Educational Emails." Six weeks ago the U.K. government reported that "The campaign has now reached 21% of the population and, whilst piracy levels remain constant, it has decreased significantly among those exposed to the campaign."
Have any other Slashdot users experienced problems with bogus copyright infringement notifications? And if so, how did you handle it?Read Replies (0)
By EditorDavid from Slashdot's bad-taste-in-videogames department
Now that the Nintendo Switch has launched, "lots of people are just licking their video games," reports McClatchy.
According to IGN, the tech company coated the cartridges, which are roughly the size of a SIM card, in a bittering agent called denatonium benzoate, which is also used in rat poison and antifreeze to deter human consumption. The chemical is also used to deter nail-biting, per the Telegraph. Nintendo used the chemical as a safety measure to stop small children and pets from eating the cartridges. While there is no adverse health effects from consuming denatonium benzoate, it does leave a sour, bitter taste that lasts for hours, according to taste testers from BBC News, Quartz and IGN. But even as more and more people take to social media to let others know how bad the cartridges taste, more and more people seem determined to try it in what some are calling the Nintendo cartridge challenge...
"Humanity deserves no faith," opines Slashdot reader RavenLrD20k. But meanwhile on Twitter, one gamer was already complaining that their morning coffee tasted like a Nintendo Switch cartridge.Read Replies (0)
By EditorDavid from Slashdot's waffling-on-Windows? department
Munich's "LiMux" project brought FOSS software to their city's IT administration -- until a vote last month on whether to abandon Linux and return to Windows. "Since this decision was reached, the majority of media have reported that a final call was made to halt LiMux and switch back to Microsoft software," reports the Free Software Foundation Europe. "This is, however, not an accurate representation of the outcome of the city council meeting." An anonymous reader quotes their report:
The opposing parties were overruled, but the decision was amended such that the strategy document must specify which LiMux-applications will no longer be needed, the extent in which prior investments must be written off, and a rough calculation of the overall costs of the desired unification... [Only then will the city council make their final decision...] We succeeded thus far in forcing the mayor Dieter Reiter to postpone the final decision, and this was possible through the unwavering pressure created by joint efforts between The Document Foundation, KDE, OSBA, and the FSFE together with all the individuals who wrote to city council members and took the issue to the media. Although the mandate is highly suggestive in that it suggests that the existing vendor-neutral approach is to be replaced with a proprietary solution, it leaves the door open... The new mandate buys us some time. And we will keep going.
Some politicians said they'd never received this much input from the public before, and the Free Software Foundation Europe says the city's issues were caused "from organizational problems, including lack of clear structures and responsibilities," which should not be attributed to the Linux operating system. "LiMux as such is still one of the best examples of how to create a vendor-neutral administration based on Free Software."Read Replies (0)
By EditorDavid from Slashdot's closing-the-Open-Directory department
Its volunteer-edited web directory formed the basis for early search offerings from Netscape, AOL, and Google. But 19 years later, there's some bad news. koavf
As posted on the DMOZ homepage, the Open Directory Project's web listing will go offline on March 14, 2017. Founded in 1998 as "Gnuhoo", the human-curated directory once powered Google and served as a model for Wikipedia.
A 1998 Slashdot editorial prompted Richard Stallman and the Free Software Foundation to complain about how "Gnu" was used in the site's name. "We renamed GnuHoo to NewHoo," a blog post later explained, "but then Yahoo objected to the 'Hoo' (and our red letters, exclamation point, and 'comical font')." After being acquired for Netscape's "Open Directory Project," their URL became directory.mozilla.org, which was shortened to DMOZ. Search Engine Land predicts the memory of the Open Directory Project will still be kept alive by the NOODP meta tag.
The site was so old that its hierarchical categories were originally based on the hierarchy of Usenet newsgroups. As it nears its expiration date, do any Slashdot readers have thoughts or memories to share about DMOZ?Read Replies (0)
By EditorDavid from Slashdot's war-of-the-web-browsers department
ZDNet's Networking blog calls Firefox "the default web browser for most Linux distributions" and "easily the most popular Linux web browser" (with 51.7% of the vote in a recent survey by LinuxQuestions, followed by Chrome with 15.67%). But is it the fastest? An anonymous reader writes:
The results? Firefox emerged "far above" the other browsers for the everyday tasks measured by WebXPRT, but ranked near the bottom in all of the other tests. "Taken all-in-all, I think Linux users should look to Chrome for their web browser use," concludes ZDNet's contributing editor. "When it's not the fastest, it's close to being the speediest. Firefox, more often than not, really isn't that fast. Of the rest, Opera does reasonably well. Then, Chromium and Vivaldi are still worth looking at. Gnome Web, however, especially with its dreadful HTML 5 compatibility, doesn't merit much attention." The article also reports some formerly popular Linux browsers are no longer being maintained, linking to a KDE forum discussion that concludes that Konqueror and Rekonq "are both more or less dead."Read Replies (0)
By EditorDavid from Slashdot's beyond-JSON department
In other news, Crockford also proposed ending the "spaces vs. tabs" debate by simply eliminating tabs altogether.Read Replies (0)
By EditorDavid from Slashdot's no-fast-tracking department
"Starting April 3, 2017, U.S. Citizenship and Immigration Services will temporarily suspend premium processing for all H-1B petitions," read Friday's announcement, which says the suspension "may last up to 6 months." Slashdot reader elrous0 sees it as part of the "ongoing efforts to curb abuses in the controversial H-1B program." The San Francisco Chronicle reports:
While it could be difficult to divorce the move Friday from the Trump administration's broader immigration crackdown, some experts believed the agency's decision to be apolitical. "It has everything to do with an understaffed, overworked, U.S. Citizenship and Immigration Services," said Jason Finkelman, an Austin, Texas, immigration attorney, adding that the wait time for an H-1B visa in California is currently about eight months. However, Vivek Wadhwa, an adjunct professor at Carnegie Mellon University's Silicon Valley campus in NASA Ames Research Center at Moffett Field, said the suspension seems like a message from the government that you "can't buy your way into America."
Whatever the motivation, Engadget believes this will impact large tech companies. "Financial Times quotes a lawyer saying that 'close to 100 percent' of applications from companies like Microsoft utilize the option."Read Replies (0)
By EditorDavid from Slashdot's Android-alternatives department
Jolla released their Android-free mobile Linux OS (Sailfish) on their own smartphones, "but has always intended to offer it to other manufacturers," according to Silicon. The next Sailfish smartphone was the Inex Aqua Fish, and people with Sony Xperia phones can now also run Sailfish through the Sony Open Devices Program. But their next big customer is the nation of China. Mickeycaskill
The Sailfish China Consortium has gained the exclusive rights and license to develop a Chinese operating system based on Sailfish. Russia is also using Sailfish to build a national mobile OS in a bid to reduce its reliance on Western technology and reduce the risk of foreign surveillance. Jolla claimed that there have been many attempts to build a national OS on Android but these had been unsuccessful because of Google's control over the code.
One of the consortium's investors claims "several" major Chinese companies are already interested in joining them, adding "I have been closely following Sailfish OS development, and seen many Chinese projects fail, while Jolla's Sailfish OS has been steadily progressing. Sailfish OS is the only viable alternative for China."Read Replies (0)
By EditorDavid from Slashdot's encrypting-emails department
Last week Google released E2EMail, "a Gmail client that exchanges OpenPGP mail." Google's documentation promises that "Any email sent from the app is also automatically signed and encrypted... The target is a simple user experience -- install app, approve permissions, start reading or send sending messages." Trailrunner7 quotes On The Wire:
People have been trying to find a replacement for PGP almost since the day it was released, and with limited success. Encrypted email is still difficult to use and painful to implement in most cases, but Google has just released a Chrome plugin designed to address those problems.
The new E2EMail extension doesn't turn a user's Gmail inbox into an encrypted mail client. Rather, it is a replacement that gives users a separate inbox for encrypted messages. The system is built on Google's end-to-end encryption library, and the company has released E2EMail as an open-source project.
Wired quotes a web security researcher who calls the open sourcing "a telltale sign the project isn't going anywhere. This is a way for them to get their work out there but to absolve themselves of future obligations." But Google's privacy and security product manager responds that they're tackling some very thorny issues like secure key handling, and "The reason we want to put this into the open source community is precisely because everyone cares about this so much. We don't want everyone waiting for Google to get something done."Read Replies (0)
By EditorDavid from Slashdot's arguing-over-HTML5 department
Slashdot reader Atticus Rex writes: On Monday, W3C (World Wide Web Consortium) director Tim Berners-Lee released a post defending his decision to allow Netflix, Microsoft, Apple and Google to enshrine DRM in Web standards, arguing that blocking it would be pointless. Zak Rogoff, FSF campaigns manager, writes in the response: "As Director of the W3C (World Wide Web Consortium), Berners-Lee has the ability to block [the DRM proposal] from ratification as an official Web standard... Of course, a refusal to ratify could not immediately stop the use of DRM, but it could meaningfully weaken the position of DRM in the court of public opinion, and put EME proponents Netflix, Microsoft, Apple, and Google on notice that a very prominent figure was willing to stand up to them on behalf of users. Changes in society's technological infrastructure require political movements, not just technological arguments, and political movements benefit greatly from the support of prominent figures." Berners-Lee takes the position that "The web has to be universal, to function at all. It has to be capable of holding crazy ideas of the moment, but also the well polished ideas of the century. It must be able to handle any language and culture. It must be able to include information of all types, and media of many genres. Included in that universality is that it must be able to support free stuff and for-pay stuff, as they are all part of this world.
"This means that it is good for the web to be able to include movies, and so for that, it is better for HTML5 to have EME than to not have it."Read Replies (0)