By msmash from Slashdot's security-woes department
The popular Pattern Lock system used to secure millions of Android phones can be cracked within just five attempts -- and more complicated patterns are the easiest to crack, security experts reveal. From a research paper: Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 percent of Android device owners. In order to access a device's functions and content, users must first draw a pattern on an on-screen grid of dots. If this matches the pattern set by the owner then the device can be used. However, users only have five attempts to get the pattern right before the device becomes locked. New research from Lancaster University, Northwest University in China, and the University of Bath, which benefitted from funding from the Engineering and Physical Sciences Research Council (EPSRC), shows for the first time that attackers can crack Pattern Lock reliably within five attempts by using video and computer vision algorithm software. By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy cafe; for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner's fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.Read Replies (0)
By msmash from Slashdot's mystery-solved department
From a report on CNET: During a press conference Sunday, Samsung said two separate battery defects caused both the original batch of Galaxy Note 7 phones and the replacement units to overheat. The first battery, it said, suffered from a design flaw. The battery's external casing was too small for the components inside, causing it to short-circuit and ignite. The second battery, which came from another supplier, didn't have the same flaw, Justin Denison, head of product strategy and marketing for Samsung's US arm, said in an interview ahead of the press conference. In the rush to pump out enough batteries for the replacement units, though, the supplier introduced a manufacturing defect that led to the same result, he said. The explanation puts to rest the mystery behind the exploding Note 7, but it kicks off a new challenge for the embattled company: winning back your trust after a disastrous several months that included two recalls and the decision to kill the critically acclaimed phone. The Sunday press conference marked the start of a Samsung campaign to rebuild company credibility, which will include the upcoming launch of the flagship Galaxy S8 phone, as well as another Note later in the year.Read Replies (0)
By EditorDavid from Slashdot's bad-news-for-Nigeria department
The head of the FTC says Western Union "facilitated scammers and rip-offs," while the company "looked the other way." An anonymous reader quotes Reuters:
The world's biggest money-transfer company agreed to pay $586 million and admitted to turning a blind eye as criminals used its service for money laundering and fraud, U.S. authorities said on Thursday. Western Union, which has over half a million locations in more than 200 countries, admitted "to aiding and abetting wire fraud" by allowing scammers to process transactions, even when the company realized its agents were helping scammers avoid detection, the U.S. Department of Justice and the Federal Trade Commission said in statements...
Fraudsters offering fake prizes and job opportunities swindled tens of thousands of U.S. consumers, giving Western Union agents a cut in return for processing the payments, authorities said. Between 2004 and 2012, the Colorado-based company knew of fraudulent transactions but failed to take steps that would have resulted in disciplining of 2,000 agents, authorities said... Between 2004 and 2015 Western Union collected 550,928 complaints about fraud, with 80 percent of them coming from the United States where it has some 50,000 locations, the government complaint said. The average consumer complaint was for $1,148, the government said.
Reuters seemed to suggest that nearly one out of every thousand transactions was fraudulent, reporting that Western Union "said consumer fraud accounts for less than one-tenth of 1 percent of consumer-to-consumer transactions."Read Replies (0)
By EditorDavid from Slashdot's if-it-ain't-OEM,-don't-fix-it department
Automakers are using the Digital Millennium Copyright Act to shut down tools used by car mechanics -- but three states are trying to stop them.
An anonymous reader quotes IFixIt.Org:
in 2014, Ford sued Autel for making a tool that diagnoses car trouble and tells you what part fixes it. Autel decrypted a list of Ford car parts, which wound up in their diagnostic tool. Ford claimed that the parts list was protected under copyright (even though data isn't creative work) -- and cracking the encryption violated the DMCA. The case is still making its way through the courts. But this much is clear: Ford didn't like Autel's competing tool, and they don't mind wielding the DMCA to shut the company down...
Thankfully, voters are stepping up to protect American jobs. Just last week, at the behest of constituents, three states -- Nebraska, Minnesota, and New York -- introduced Right to Repair legislation (more states will follow). These 'Fair Repair' laws would require manufacturers to provide service information and sell repair parts to owners and independent repair shops.
Activist groups like the EFF and Repair.org want to "ensure that repair people aren't marked as criminals under the DMCA," according to the site, arguing that we're heading towards a future with many more gadgets to fix. "But we'll have to fix copyright law first."Read Replies (0)
By EditorDavid from Slashdot's what-a-concept department
C++ creator Bjarne Stroustrup is arguing that we can improve code by grounding generic programming in concepts -- what's required by a template's arguments. An anonymous reader quotes Paul Krill's report on a new paper by Stroustrup:
In concepts, Stroustrup sees the solution to the interface specification problem that has long dogged C++, the language he founded more than 35 years ago. "The way we write generic code today is simply too different from the way we write other code," Stroustrup says... Currently an ISO technical specification, concepts provide well-specified interfaces to templates without runtime overhead. Concepts, Stroustrup writes, are intended to complete C++'s support for generic programming as initially envisioned. "The purpose of concepts is to fundamentally simplify and improve design. This leads to fewer bugs and clearer -- often shorter -- code"...
Concepts, Stroustrup believes, will greatly ease engineers' ability to write efficient, reliable C++ code... The most obvious effect will be a massive improvement in the quality of error messages, but the most important long-term effect will be found in the flexibility and clarity of code, Stroustrup says. "In particular, having well-specified interfaces allows for simple, general and zero-overhead overloading of templates. That simplifies much generic code"
Concepts are already available in GNU C Compiler 6.2, and Stroustrup wants them to be included in C++ 20. "In my opinion, concepts should have been part of C++ 17, but the committee couldn't reach consensus on that."Read Replies (0)
By EditorDavid from Slashdot's firmware-forking department
"With all of the drama at CyanogenMod, Android Authority takes a look at the current state of custom ROM development," writes Slashdot reader Thelasko. From the article:
The future of CyanogenMod appears uncertain, after the open source ROM was forced to fork under the name Lineage OS. Fortunately there are already other remixed versions of Android available, with some of the most popular being Paranoid Android, Resurrection Remix, and Dirty Unicorns... [But] with each new version of Android, the gap between Android and popular custom ROMs has shrunk, which begs an interesting question: Are custom ROMs even necessary anymore?
To answer this, let's take a quick look at the state of custom ROM development as it exists today.
The article points out that mobile virtual reality is "on the verge of becoming mainstream and the wearable market has grown tremendously," asking whether custom firmware will also integrate these newer technologies. But the original submission also asks a question that's closer to home. What custom ROMs do Slashdot users have installed?Read Replies (0)
By EditorDavid from Slashdot's in-ur-database-killin-ur-data department
An anonymous reader writes: Two weeks after cybercriminal groups started to hijack and hold for ransom MongoDB servers, similar attacks are now taking place against CouchDB, Hadoop, and ElasticSearch servers. According to the latest tallies, the number of hijacked MongoDB servers is 34,000 (out of 69,000 available on Shodan), 4,681 ElasticSearch clusters (out of 33,000), 126 Hadoop datastores (out of 5,400), and 452 CouchDB databases (out of 4,600). Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Two security researchers are tracking the attacks on Google spreadsheets, and report that when a ransom is paid, many victims still report that their data is never restored. But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."Read Replies (0)
By EditorDavid from Slashdot's say-ahh department
Slashdot reader Krystalo shared this VentureBeat article:
Fresh off its brand redesign, Mozilla has released The Internet Health Report, an open-source initiative to document the state of the internet, combining research and reporting from multiple sources... Mozilla's goal is to start a constructive discussion about the health of the internet by exploring what is currently healthy and unhealthy, as well as what lies ahead...
One notable statistic is the number of people who can't get online in the first place. The report shows that 57.8% of the world's population cannot afford broadband internet, and 39.5% cannot afford an internet connection on their mobile device. Other findings include the fact that there were 51 intentional internet shutdowns across 18 countries in the first 10 months of 2016; almost one-third of the world's population has no data protection rights; and 52% of all websites are in English, even though only 25% of the global population understands the language.
They're now gathering feedback and choosing which metrics to revisit every year, but five key topics include "decentralization: who controls the internet" and "open innovation: how open is it?" as well as security, web literacy, and digital inclusion. But Mozilla says their ultimate goal is very simple: to identify what's helping -- and what's hurting -- the internet.Read Replies (0)
By EditorDavid from Slashdot's blaming-the-Cloud department
"Any student progress from 9:19 to 10:33 a.m. on Friday was not saved..." explained the embarrassed CTO of the educational non-profit Code.org, "and unfortunately cannot be recovered."
Slashdot reader theodp writes:
Code.org CTO Jeremy Stone gave the kids an impromptu lesson on the powers of two with his explanation of why The Cloud ate their homework. "The way we store student coding activity is in a table that until today had a 32-bit index... The database table could only store 4 billion rows of coding activity information [and] we didn't realize we were running up to the limit, and the table got full. We have now made a new student activity table that is storing progress by students. With the new table, we are switching to a 64-bit index which will hold up to 18 quintillion rows of information.
The issue also took the site offline, temporarily making the work of 16 million K-12 students who have used the nonprofit's Code Studio disappear. "On the plus side, this new table will be able to store student coding information for millions of years," explains the site's CTO. But besides Friday's missing saves, "On the down side, until we've moved everything over to the new table, some students' code from before today may temporarily not appear, so please be patient with us as we fix it."Read Replies (0)
By EditorDavid from Slashdot's army-strong department
Thursday the U.S. Army shared some surprising results from its first bug bounty program -- a three-week trial in which they invite 371 security researchers "trained in figuring out how to break into computer networks they're not supposed to."
An anonymous reader quotes Threatpost:
The Army said it received more than 400 bug reports, 118 of which were unique and actionable. Participants who found and reported unique bugs that were fixed were paid upwards of $100,000... The Army also shared high-level details on one issue that was uncovered through the bounty by a researcher who discovered that two vulnerabilities on the goarmy.com website could be chained together to access, without authentication, an internal Department of Defense website.
"They got there through an open proxy, meaning the routing wasn't shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system," said a post published on HackerOne, which managed the two bounty programs on its platform. "On its own, neither vulnerability is particularly interesting, but when you pair them together, it's actually very serious."Read Replies (0)
By EditorDavid from Slashdot's golden-gates department
Why does San Francisco now have fewer children per capita than any of America's largest 100 cities? An anonymous reader writes:
A move to the suburbs began in the 1970s, but "The tech boom now reinforces the notion that San Francisco is a place for the young, single and rich," according to the New York Times. "When we imagine having kids, we think of somewhere else," one software engineer tells the paper. The article describes "neighborhoods where employees of Google, Twitter and so many other technology companies live or work" where the sidewalks make it seem "as if life started at 22 and ended somewhere around 40."
Or is San Francisco just part of a larger trend? "California, which has one of the world's 10 largest economies, recently released data showing the lowest birthrate since the Great Depression. And the Los Angeles Times argues California's experience may just be following national trends. The drop "likely stems from the recession, a drop in teenage pregnancies and an increase in people attending college and taking longer to graduate, therefore putting off having children, said Walter Schwarm, a demographer at the Department of Finance."
So is this part of a larger trend -- or something unique about San Francisco? The New York Times also quotes Richard Florida, author of The Rise of the Creative Class, who believes technology workers are putting off families when they move to the Silicon Valley area because they anticipate long working hours. There's also complaints about San Francisco's public school system -- 30% of its children now attend private schools, the highest percentage of any large American city. But according to the article, Peter Thiel believes that San Francisco is just "structurally hostile to families."Read Replies (0)
By EditorDavid from Slashdot's what-kiled-the-400-pound-birds department
"New evidence involving the ancient poop of some of the huge and astonishing creatures that once roamed Australia indicates the primary cause of their extinction around 45,000 years ago was likely a result of humans, not climate change," reports Phys.org. schwit1 quotes their report on new analysis of a prehistoric sediment core from the Indian Ocean off the coast of Australia.
The core contains chronological layers of material blown and washed into the ocean, including dust, pollen, ash and spores from a fungus called Sporormiella that thrived on the dung of plant-eating mammals, said CU Boulder Professor Gifford Miller, who participated in the study... Fungal spores from plant-eating mammal dung were abundant in the sediment core layers from 150,000 years ago to about 45,000 years ago, when they went into a nosedive, said Miller... "The abundance of these spores is good evidence for a lot of large mammals on the southwestern Australian landscape up until about 45,000 years ago," he said. "Then, in a window of time lasting just a few thousand years, the megafauna population collapsed."
The Australian collection of megafauna some 50,000 years ago included 1,000-pound kangaroos, 2-ton wombats, 25-foot-long lizards, 400-pound flightless birds, 300-pound marsupial lions and Volkswagen-sized tortoises. More than 85 percent of Australia's mammals, birds and reptiles weighing over 100 pounds went extinct shortly after the arrival of the first humans, said Miller... "There is no evidence of significant climate change during the time of the megafauna extinction."
The article adds that last year Miller also identified the first direct evidence that humans preyed on Australian megafauna -- burned eggshells from a 400-pound bird.Read Replies (0)
By EditorDavid from Slashdot's continuing-voyages department
"An asteroid going boldly through the universe now carries a new name that honors actor Will Wheaton, who played Wesley Crusher on Star Trek: The Next Generation," reports CNET. An anonymous reader quotes their article.
The announcement showed up on Twitter Wednesday from NASA's Ron Baalke, who describes himself as a "space explorer at the Jet Propulsion Laboratory". Wheaton is in good company with other Star Trek alumni. Asteroid 7307 Takei is named for Sulu actor George Takei and 68410 Nichols gets its name from Nichelle Nichols, who played Uhura. There's also asteroid 4659 Roddenberry for Star Trek creator Gene Roddenberry.
"Today, I found out that I kind of get to be in space and live right here on Earth..." Wheaton wrote on his blog Wednesday, describing his life-long interest in space exploration. "As soon as it gets dark here, I'm going to walk out into my backyard, look up into the sky, just a little above Sirius, and know that, even though I can't see it with my naked eye, it's out there, and it's named after me."Read Replies (0)