By BeauHD from Slashdot's safety-alert department
secwatcher shares a report from Threatpost: A popular smartwatch that allows parents to track their children's whereabouts, TicTocTrack, has been discovered to be riddled with security issues that could allow hackers to track and call children. Researchers at Pen Test Partners revealed vulnerabilities in the watch (sold in Australia) on Monday, which could enable hackers to track children's location, spoof the child's location or view personal data on the victims' accounts. The parent company of the TicTocTrack watch, iStaySafe Pty Ltd., has temporarily restricted access to the watch's service and app while it investigates further. Researchers found that the service's back end does not make any authorization attempt on any request -- besides the user having a valid username and password combination. That means that an attacker who is logged into the service could remotely compromise the app and track other accounts that are based in Australia.
The smartwatch, available in Australia for $149 (USD), is designed for children and uses GPS to track the movement of the wearer every six minutes, and offers voice calling and SMS features. The smartwatch's API can be attacked by changing the FamilyIdentifier number (which identifies the family that the user belongs to), which then could give a bad actor complete access to the user's data -- including the children's location, parent's full names, phone numbers and other personal identifiable information. Researchers with Pen Test Partners collaborated with security researcher Troy Hunt to test the attack. Hunt uploaded a video showing how the smartwatch vulnerability could be exploited to call his daughter -- and how her smartwatch would answer automatically without any interaction needed from her end.Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
John Timmer from Ars Technica got a chance to take a look at Trek's new bicycle helmet that they claim offers "the first major change in helmet technology in years," and is backed up with peer-reviewed science. Here's an excerpt from Timmer's report: WaveCel is the product of orthopedic surgeon Steve Madey and a biomedical engineer named Michael Bottlang. The two had been working on a variety of ideas related to medical issues and protective gear, funded in part by federal grant money. When considering the idea of a lightweight material that could evenly distribute forces, Bottlang told Ars that they first focused on a honeycomb pattern. But they found that it was actually too robust -- the honeycomb wouldn't collapse until a lot of force had been applied, and then it would fail suddenly.
The design they eventually developed has a shape that allows flexing almost immediately when force is applied. "It starts to glide right away," Bottlang said. The manufacturing technique creates a clear point of failure that allows more extensive flexing once a certain level of force is exceeded -- part of the structure will fold over rather than experiencing a complete failure. Then, once folded, the polymer it's made of will allow neighboring cells to glide over each other. This provides some resistance even after the structure has collapsed. For the helmet, a patch of this material is attached to the inside of a more traditional EPS helmet, which provides impact resistance. But the WaveCel mesh is allowed to float within the helmet and can absorb much of the force of off-axis impacts. The thin strips of soft material that cushion the helmet where it rests on the head (also found in more traditional helmets) are attached directly to the WaveCel mesh.
< article continued at Slashdot's new-and-improved department
>Read Replies (0)
By BeauHD from Slashdot's upsetting-updates department
An anonymous reader quotes a report from The Verge: SpaceX successfully landed the center core of its Falcon Heavy rocket on a drone ship last week, but the vehicle accidentally fell into the ocean while in transit to the Florida coast. The company blamed the loss on choppy seas. "Over the weekend, due to rough sea conditions, SpaceX's recovery team was unable to secure the center core booster for its return trip to Port Canaveral," SpaceX said in a statement to The Verge. "As conditions worsened with eight to ten foot swells, the booster began to shift and ultimately was unable to remain upright. While we had hoped to bring the booster back intact, the safety of our team always takes precedence. We do not expect future missions to be impacted."
SpaceX does have ways to secure the rockets it lands in the ocean, including a robot known as the "octagrabber" that latches on to the base of the boosters. But because the center core connects to two side boosters, it has a different design than a normal Falcon 9 booster. So the octagrabber cannot hold on to it in the same way. The center core is a modified Falcon 9 booster -- one of three that make up the Falcon Heavy rocket -- which flew last week during the second flight of the Falcon Heavy. "Following takeoff, all three cores of the rocket successfully landed back on Earth: the two outer cores touched down on dual concrete landing pads at the Cape while the center core touched down on the company's drone ship named Of Course I Still Love You in the Atlantic," reports The Verge.Read Replies (0)
By BeauHD from Slashdot's it-was-fun-while-it-lasted department
As Google Fiber prepares to leave Louisville, Kentucky, Google has agreed to pay the city government $3.84 million to fix damage to city streets. "The payments, to be made over 20 months, will cover removing fiber cables and sealant from roads, milling and paving streets 'where needed' and removing Google's above-ground infrastructure," reports WDRB, citing a news release from Mayor Greg Fischer's office. From the report: Google Fiber also agreed to donate $150,000 to the Community Foundation of Louisville to support Metro's "digital inclusion" efforts, which include "refurbishing used computers for low-income individuals and the enrollment of public housing residents in low-cost internet access through other companies providing service in Louisville," according to the mayor's office. Google Fiber, a unit of the Silicon Valley tech giant, said Feb. 7 that it would abandon the Louisville market after running into too many problems with the micro-trenching technique it used to install its fiber-optic cables as shallow as two inches below the pavement surface of city streets. Louisville, which lobbied for years to get Google Fiber, has the distinction of being the first city to lose the super-fast internet service. The report notes that Google Fiber only reached a small slice of the city, estimating that the service was only available to, at most, about 11,000 households.Read Replies (0)
By msmash from Slashdot's security-woes department
A hacker who spoke with ZDNet in February about wanting to put up for sale the data of over one billion users is getting dangerously close to his goal after releasing another 65.5 million records last week and reaching a grand total of 932 million records overall. From a report: The hacker's name is Gnosticplayers, and he's responsible for the hacks of 44 companies, including last week's revelations. Since mid-February, the hacker has been putting batches of hacked data on Dream Market, a dark web marketplace for selling illegal products, such as guns, drugs, and hacking tools. He's released data from companies like 500px, UnderArmor, ShareThis, GfyCat, and MyHeritage, just to name the bigger names. Releases have been grouped in four rounds -- Round 1 (620 million user records), Round 2 (127 million user records), Round 3 (93 million user records), and Round 4 (26.5 million user records).Read Replies (0)
By msmash from Slashdot's dumb-as-a-rock department
American entertainment giant Starz is continuing to remove tweets that link to a TorrentFreak news report about leaked TV-shows. From a report: Last week we posted a news article documenting how several TV-show episodes had leaked online before their official release. Due to the leaks, complete seasons of unreleased TV-shows such as "The Spanish Princess," "Ramy," and "The Red Line," surfaced on pirate sites. In most cases, there were visible signs revealing that the leaks were sourced from promotional screeners. The leaks also hit Starz, as three then-unreleased episodes from its TV series "American Gods" appeared online as well. The American entertainment company was obviously not happy with that, but its response was rather unconventional.
Soon after the news was published, Starz issued a takedown request through The Social Element Agency, requesting Twitter to remove our tweet to our own article. Twitter was quick to comply and removed the tweet that supposedly infringed Starz copyrights. We disagreed. The article in question never linked to any infringing material. It did include a screenshot from a leaked episode, showing the screener watermarks, but those watermarks were central to the story, as we explained in a follow-up piece. The good news is that many legal scholars, journalists, and lawyers agree with our stance. The Electronic Frontier Foundation (EFF), for example, responded that Starz has no right to silence TorrentFreak and also shared that opinion on Twitter, where many others chimed in as well. That's when things started to spiral out of control. Starz takedown efforts only encouraged more people to share the original story about the leaks, which is a classic example of the 'Streisand Effect'. However, Starz didn't budge and issued takedown notices against those tweets as well.Read Replies (0)
By msmash from Slashdot's done-deal department
The European Commission, the European Union's executive body, has approved a long-gestating major reform to copyright law, which had already been passed by the European Parliament last month. From a report: The overhaul contains two controversial provisions that will make online platforms liable for illegal uploading of copyright-protected content on their sites, as well as force Google, Facebook and other digital companies to pay publishers for press articles they post online. "With today's agreement, we are making copyright rules fit for the digital age. Europe will now have clear rules that guarantee fair remuneration for creators, strong rights for users and responsibility for platforms," said European Commission president Jean-Claude Juncker. According to the French newspaper Le Monde, six countries -- Italy, Finland, Sweden, Luxembourg, Poland and the Netherlands -- voted again the reform.Read Replies (0)
By EditorDavid from Slashdot's recommended-pages department
An anonymous reader quotes a senior investigative researcher at the EFF:
Despite Facebook's repeated warnings that law enforcement is required to use "authentic identities" on the social media platform, cops continue to create fake and impersonator accounts to secretly spy on users. By pretending to be someone else, cops are able to sneak past the privacy walls users put up and bypass legal requirements that might require a warrant to obtain that same information...
EFF is now calling on Facebook to escalate the matter with law enforcement in the United States. Facebook should take the following actions to address the proliferation of fake/impersonator Facebook accounts operated by law enforcement, in addition to suspending the fake accounts.
- As part of its regular transparency reports, Facebook should publish data on the number of fake/impersonator law enforcement accounts identified, what agencies they belonged to, and what action was taken.
- When a fake/impersonator account is identified, Facebook should alert the users and groups that interacted with the account whether directly or indirectly.
The article also suggests updating Facebook's Terms of Service to explicitly prohibit fake/impersonator profiles by law enforcement groups, and updating Facebook pages of law enforcement groups to inform visitors when those groups have a written policy allowing fake/impersonator law enforcement accounts. "These four changes are relatively light lifts that would enhance transparency and establish real consequences for agencies that deliberately violate the rules..."
"Facebook's practice of taking down these individual accounts when they learn about them from the press (or from EFF) is insufficient to deter what we believe is a much larger iceberg beneath the surface."Read Replies (0)
By EditorDavid from Slashdot's power-plays department
An anonymous reader quotes the AP:
Volkswagen is planning to release a fully-electric SUV in China which could compete with Tesla's Model X. The German automaker said Sunday the ID. ROOMZZ will be unveiled at the upcoming Shanghai Auto Show and will be available in 2021. Volkswagen says the zero-emission vehicle can go approximately 450 kilometers (280 miles) before the battery has to be recharged.
Volkswagen also claims it will have "level 4 autonomous driving," Reuters reports, adding that this electric SUV "is the latest move in Volkswagen's aggressive growth strategy in China, where electric cars are given preferential treatment by authorities..." In fact, the company's chief executive says nearly half of VW's engineers are working on products for the China market, though the electric SUV will eventually be shipped to other markets. "We plan to produce more than 22 million electric cars in the next 10 years."
VW's head of e-mobility also tells Reuters that Volkswagen will convert eight of their factories to mass produce electric Volkswagens, and eight more factories to to mass-produce electric cars under a different brand.Read Replies (0)
By EditorDavid from Slashdot's multi-million-dollar-botnet department
Three Romanians ran a complicated online fraud operation -- along with a massive malware botnet -- for nine years, reports ZDNet, netting tens of millions of US dollars, but their crime spree is now over. But now they're all facing long prison sentences.
"The three were arrested in late 2016 after the FBI and Symantec had silently stalked their malware servers for years, patiently waiting for the highly skilled group to make mistakes that would leave enough of a breadcrumb trail to follow back to their real identities."
An anonymous Slashdot reader writes:
The group started from simple eBay scams [involving non-existent cars and even a fake trucking company] to running one of the most widespread keylogger trojans around. They were considered one of the most advanced groups around, using PGP email and OTR encryption when most hackers were defacing sites under the Anonymous moniker, and using multiple proxy layers to protect their infrastructure. The group operated tens of fake websites, including a Yahoo subsidiary clone, conned and stole money from their own money mules, and were of the first groups to deploy Bitcoin crypto-mining malware on desktops, when Bitcoin could still be mined on PCs.
The Bayrob group was led by one of Romania's top IT students, who went to the dark side and helped create a malware operation that took nine years for US authorities and the FBI to track and eventually take down. Before turning hacker, he was the coach of Romania's national computer science team, although he was still a student, and won numerous awards in programming and CS contests.Read Replies (0)
By msmash from Slashdot's closer-look department
Sidewalk Labs, the urban innovation arm of Google's parent company Alphabet, plans to build a $1 billion high-tech neighborhood in Toronto. The problem? It is facing an opposition from residents who have called for its demise. As the backlash gains momentum, it could force Sidewalk Labs to abandon or alter its vision. On paper, Sidewalk Labs' idea arguably has some merits: It wishes to "set new standards" for how cities are designed and built. But some are apprehensive of Google's plans, because the company has a knack for assuming more control over things and killing local competition.
Johnathan Nightingale, a former VP of Firefox, has seen such behavior first hand. He draws some parallels: I spent 8 years at Mozilla working on Firefox and for almost all of that time Google was our biggest partner. Our revenue share deal on search drove 90% of Mozilla's income. When I started at Mozilla in 2007, there was no Google Chrome and most folks we spoke with inside were Firefox fans. They were building an empire on the web, we were building the web itself. I think our friends inside Google genuinely believed that. At the individual level, their engineers cared about most of the same things we did. Their product and design folks made many decisions very similarly and we learned from watching each other.
< article continued at Slashdot's closer-look department
>Read Replies (0)
By EditorDavid from Slashdot's nuclear-winter-is-coming department
Slashdot reader Dan Drollette shared this article from the Bulletin of Atomic Scientists where a specialist in nuclear security analyzes Game of Thones, citing dragons "as living, fire-breathing metaphors for nuclear weapons."
Despite the fantasy setting, the story teaches a great deal about the inherent dangers that come with managing these game-changing agents, their propensity for accidents, the relative benefits they grant their masters, and the strain these weapons impose upon those wielding them. "Dragons are the nuclear deterrent, and only [Daenerys Targaryen, one of the series' heroines] has them, which in some ways makes her the most powerful person in the world," George R. R. Martin said in 2011. "But is that sufficient? These are the kind of issues I'm trying to explore.
"The United States right now has the ability to destroy the world with our nuclear arsenal, but that doesn't mean we can achieve specific geopolitical goals. Power is more subtle than that. You can have the power to destroy, but it doesn't give you the power to reform, or improve, or build."
It makes for a bleak outlook. Or, as a character repeatedly warns in the first episode: "Winter is coming."Read Replies (0)
By EditorDavid from Slashdot's game-changers department
"Winter is coming for fans of the hit television series Game of Thrones, with the final season set to hit screens around the world after a near two-year hiatus," reports the South China Morning Post. There were 96 million views for a discussion about the show on China's Twitter-like platform Weibo.
"But those watching inside China are also bracing for the chill of censorship."
In recent years, Chinese authorities have ramped up the pressure on the television and film industries to clean up content they deem vulgar or politically incorrect. This has led to some serious censorship of foreign productions. Recent examples include the removal of scenes of smashed heads and bare flesh from the American superhero film Logan, and the apparent manipulation of a scene in Oscar-winner The Shape of Water so that a naked woman is made to appear to be wearing clothes...
In a bid to get around the censorship, many Chinese Game of Thrones fans have turned to virtual private networks and torrent download websites to access unexpurgated versions of their favourite episodes.
Tencent Video holds the exclusive distribution rights for the show in China, leaving one Weibo user to post "I'm begging Father Tencent not to censor too much, thank you."
Another added "This censored version is not interesting. I would pay money to watch the uncut version."Read Replies (0)
By EditorDavid from Slashdot's IDE-ideologies department
Salon writes that Silicon Valley tech workers are "defying their overlords," arguing that recent unionization attempts by Kickstarter employees may be only the beginning:
The workers' Kickstarter campaign is not the first attempt, though, or even the first time rumblings of unionization, have circulated among programmers. In 2018, software engineers at the startup Lanetix announced their intent to unionize -- and were promptly fired by management (It is illegal to fire employees for trying to unionize). The National Labor Relations Board intervened, and ultimately forced Lanetix to pay the 15 fired engineers a total of $775,000. The show of worker power at Lanetix may have paved the way for Kickstarter's workers. Similarly, workers across the video game industry -- generally among the most overworked, underpaid workers within the tech industry -- have been making steps towards unionization. Game Workers Unite, profiled by Salon last year, is building a grassroots movement to organize the ranks of video game makers.
Together, this suggests that a small but visible movement for white-collar software engineers unionizing has been gaining steam in the Valley over the past few years -- suggesting that the people who make up the tech industry, once a bastion of libertarianism, are starting to understand the often subtle ways that their employers exploit them... For decades, libertarianism was part and parcel to the tech industry. Despite a grueling work culture and a high-profile collusion scandal among major tech corporations to suppress software engineers' wages, tech workers were more likely to see themselves as future founders than an exploited underclass -- a point of view encouraged by employers through high wages and generous, often absurd office perks. Recent developments suggest such endearing tactics are no longer working.Read Replies (0)