By msmash from Slashdot's fixing-things department
An anonymous reader writes:Chinese firm Hangzhou Xiongmai said it will recall some of its products sold in the United States after it was identified by security researchers as having made parts for devices that were targeted in a major hacking attack on Friday. Hackers unleashed a complex attack on the Internet through common devices like webcams and digital recorders, and cut access to some of the world's best known websites in a stunning breach of global internet stability. The electronics components firm, which makes parts for surveillance cameras, said in a statement on its official microblog that it would recall some of its earlier products sold in the United States, strengthen password functions and send users a patch for products made before April last year. It said the biggest issue was users not changing default passwords, adding that, overall, its products were well protected from cyber security breaches. It said reports that its products made up the bulk of those targeted in the attack were false. "Security issues are a problem facing all mankind. Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too," the company statement said.Read Replies (0)
By EditorDavid from Slashdot's droning-on department
Slashdot reader Presto Vivace tipped us off to news reports that U.S. police officials are considering the use of flying drones to taser their suspects. From Digital Trends:
Talks have recently taken place between police officials and Taser International, a company that makes stun guns and body cameras for use by law enforcement, the Wall Street Journal reported on Thursday. While no decision has yet been made on whether to strap stun guns to remotely controlled quadcopters, Taser spokesman Steve Tuttle said his team were discussing the idea with officials as part of broader talks about "various future concepts."
Tuttle told the Journal that such technology could be deployed in "high-risk scenarios such as terrorist barricades" to incapacitate the suspect rather than kill them outright... However, critics are likely to fear that such a plan would ultimately lead to the police loading up drones with guns and other weapons. Portland police department's Pete Simpson told the Journal that while a Taser drone could be useful in some circumstances, getting the public "to accept an unmanned vehicle that's got some sort of weapon on it might be a hurdle to overcome."
The article points out that there's already a police force in India with flying drones equipped with pepper spray.Read Replies (0)
By EditorDavid from Slashdot's scratching-the-Surface department
An anonymous reader writes;
"These tablets always malfunction," complained one NFL offensive lineman in January, foreshadowing a growing backlash to Microsoft's $400 million deal with the NFL to use Surface tablets. Friday the coach of the San Francisco 49ers and their controversial quarterback Colin Kaepernick both complained they've also experienced problems, with Kaepernick saying the screen freezes "every once in a while and they have to reboot it."
Friday Microsoft called their tablet "the center of the debate on the role of technology in the NFL," saying they deeply respect NFL teams "and the IT pro's who work tirelessly behind the scenes to help them succeed." It included quotes from NFL quarterbacks -- for example, "Every second counts and having Microsoft Surface technology on sidelines allows players and coaches to analyze what our opponents are trying to do in almost real time." But Yahoo Finance wrote that "The quotes read like they were written by the Microsoft public relations team," arguing that Microsoft's NFL deal "has been a disaster... The tablets failed to work during a crucial AFC Championship game last January -- again for the New England Patriots... sports media interpreted that the malfunction benefited the Broncos on the field, giving the team an unfair advantage -- the very last thing Microsoft's tablets, meant to aid coaches in their play calling, should be doing."
The NFL issued a statement calling Microsoft "an integral, strategic partner of the NFL," adding "Within our complex environment, many factors can affect the performance of a particular technology either related to or outside of our partner's solutions."Read Replies (0)
By EditorDavid from Slashdot's j'accuse department
"Wondering which IoT device types are part of the Mirai botnet causing trouble today? Brian Krebs has the list, tweeted Trend Micro's Eric Skinner Friday, sharing an early October link which identifies Panasonic, Samsung and Xerox printers, and lesser known makers of routers and cameras. An anonymous reader quotes Fortune:
Part of the responsibility should also lie with lawmakers and regulators, who have failed to create a safety system to account for the Internet-of-Things era we are now living in. Finally, it's time for consumers to acknowledge they have a role in the attack too. By failing to secure the internet-connected devices, they are endangering not just themselves but the rest of the Internet as well.
If you're worried, Motherboard is pointing people to an online scanning tool from BullGuard (a U.K. anti-virus firm) which checks whether devices on your home network are listed in the Shodan search engine for unsecured IoT devices. But earlier this month, Brian Krebs pointed out the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks..."Read Replies (0)
By EditorDavid from Slashdot's flight-plans department
From Hollister, California -- population 40,000 -- comes a good update from the Mercury News on Larry Page's efforts to fund a flying car:
Even from a few hundred yards away, the aircraft made a noise strikingly different from the roar of a typical plane. "It sounded like an electric motor running, just a high-pitched whine," said Steve Eggleston, assistant manager at an airplane-parts company with offices bordering the Hollister Municipal Airport tarmac. But it wasn't only the sound that caught the attention of Eggleston and his co-workers at DK Turbines. It was what the aircraft was doing. "What the heck's that?" saleswoman Brittany Rodriguez thought to herself. It's just hovering."
That, apparently, was a flying car, or perhaps a prototype of another sort of aircraft under development by a mysterious startup called Zee.Aero...one of two reportedly funded by Google co-founder Larry Page to develop revolutionary forms of transportation... A Zee.Aero spokeswoman said the firm is "currently not discussing (its) plans publicly." However, a Zee.Aero patent issued in 2013 describes in some detail an aircraft capable of the hovering seen by people working at the airport. And the drawings showcase a vision of the future in which flying cars park in lots just like their terrestrial, less-evolved cousins.
Page has invested $100 million in Zee.Aero, which appears to have hired more than 100 aerospace engineers. But the article reports that apparently, in the small town where it's headquartered, "the first rule about Zee.Aero is you don't talk about Zee.Aero."Read Replies (0)
By EditorDavid from Slashdot's you-may-have-already-won department
An anonymous reader writes:
"I didn't even know they gave out prizes," said a Brooklyn College CS professor, remembering how he'd learned that a demo of the Picat programming language won a $10,000 grand prize last month at the NYC Media Lab Summit. Professor Neng-Fa Zhou created Picat with programmer Jonathan Fruhman, and along with graduate student Jie Mei they'd created a demo titled "The Picat Language and its Application to Games and AI Problems" to showcase the language's ability to solve combinatorial search problems, "including a common interface with CP, SAT, and MIP solvers." Mie tells the Brooklyn College newspaper that Picat "is a multi-paradigm programming language aimed for general-purpose applications, which means theoretically it can be used for everything in life," and Zhou says he wants to continue making the language more useful in a variety of settings. "I want this to be successful, but not only academically... When you build something, you want people to use it. And this language has become a sensation in our community; other people have started using it."Read Replies (0)
By EditorDavid from Slashdot's p0wned department
Though regulators may not agree, "Time Warner and AT&T reps claim this is necessary just to compete," warns Mr D from 63. Reuters reports: The tie-up of AT&T Inc and Time Warner Inc, bringing together one of the country's largest wireless and pay TV providers and cable networks like HBO, CNN and TBS, could kick off a new round of industry consolidation amid massive changes in how people watch TV... Media content companies are having an increasingly difficult time as standalone entities, creating an opportunity for telecom, satellite and cable providers to make acquisitions, analysts say. Media firms face pressure to access distribution as more younger viewers cut their cable cords and watch their favorite shows on mobile devices. Distribution companies, meanwhile, see acquiring content as a way to diversify revenue.
The deal reflects "big changes in consumption of video particularly among millennials," according to one former FCC commissioner, and the article also reports that the deal "will face serious opposition." Massachusetts Democrat Edward Markey warned "we need more competition, not more consolidation... Less competition has historically resulted in fewer choices and higher prices for consumers..." And in a Saturday speech,
Donald Trump called it " an example of the power structure I'm fighting...too much concentration of power in the hands of too few."Read Replies (0)
By EditorDavid from Slashdot's one-store-to-rule-them-all department
An anonymous reader quotes USA Today:
Amazon's yearly sales account for about 15% of total U.S. consumer online sales, according to the company's statements and the Department of Commerce. But the Seattle e-commerce company may actually be handling double that amount -- 20% to 30% of all U.S. retail goods sold online -- thanks to the volume of sales it transacts for third parties on its website and app. Only a portion of those sales add to its revenue.
"The punchline is that Amazon's twice as big as people give them credit for, because there's this iceberg under the surface, but you only see the tip," said Scot Wingo, executive chairman of Channel Advisor, an e-commerce software company that works with thousands of online sellers. When third-party sales are taken into account, Amazon's share of what U.S. shoppers spend online could be as high as $125 billion yearly...
Amazon's share will grow even larger when they can offer two-hour deliveries, warns one analyst, while another puts it more succinctly. "Amazon's just going to slowly grab more and more of your wallet."Read Replies (0)
By EditorDavid from Slashdot's squashing-bugs department
Orome1 quotes Help Net Security: VeraCrypt, the free, open source disk encryption software based on TrueCrypt, has been audited by experts from cybersecurity company Quarkslab. The researchers found 8 critical, 3 medium, and 15 low-severity vulnerabilities, and some of them have already been addressed in version 1.19 of the software, which was released on the same day as the audit report [which has mitigations for the still-unpatched vulnerabilities].
Anyone want to share their experiences with VeraCrypt? Two Quarkslab engineers spent more than a month on the audit, which was funded (and requested) by the non-profit Open Source Technology Improvement Fund "to evaluate the security of the features brought by VeraCrypt since the publication of the audit results on TrueCrypt 7.1a conducted by the Open Crypto Audit Project." Their report concludes that VeraCrypt's security "is improving which is a good thing for people who want to use a disk encryption software," adding that its main developer "was very positive along the audit, answering all questions, raising issues, discussing findings constructively..."Read Replies (0)
By EditorDavid from Slashdot's all-your-base-are-belong-to-us department
An anonymous Slashdot reader quotes CNN Money:
An American vigilante hacker -- who calls himself "The Jester" -- has defaced the website of the Russian Ministry of Foreign Affairs in retaliation for attacks on American targets... "Comrades! We interrupt regular scheduled Russian Foreign Affairs Website programming to bring you the following important message," he wrote. "Knock it off. You may be able to push around nations around you, but this is America. Nobody is impressed."
In early 2015, CNN Money profiled The Jester as "the vigilante who hacks jihadists," noting he's a former U.S. soldier who now "single-handedly taken down dozens of websites that, he deems, support jihadist propaganda and recruitment efforts. He stopped counting at 179." That article argues that "the fact that he hasn't yet been hunted down and arrested says a lot about federal prosecutors and the FBI. Several cybersecurity experts see it as tacit approval."
"In an exclusive interview with CNNMoney this weekend, Jester said he chose to attack Russia out of frustration for the massive DNS cyberattack that knocked out a portion of the internet in the United States on Friday... 'I'm not gonna sit around watching these f----rs laughing at us.'"Read Replies (0)
By EditorDavid from Slashdot's still-standing department
"It is said that eternal vigilance is the price of liberty...We must continue to work together to make the internet a more resilient place to work, play and communicate," wrote Dyn's Chief Strategy Officer in a Saturday blog post. An anonymous reader reports:
Dyn CSO Kyle York says they're still investigating Friday's attack, "conducting a thorough root cause and forensic analysis" while "carefully monitoring" for any additional attacks. In a section titled "What We Know," he describes "a sophisticated attack across multiple attack vectors and internet locations...one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack." But he warns that "we are unlikely to share all details of the attack and our mitigation efforts to preserve future defenses."
He posted a timeline of the attacks (7:00 EST and 12:00 EST), adding "While there was a third attack attempted, we were able to successfully mitigate it without customer impact... We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these." He predicts Friday's attack will be seen as "historic," and acknowledges his staff's efforts to fight the attack as well as the support received from "the technology community, from the operations teams of the world's top internet companies, to law enforcement and the standards community, to our competition and vendors... On behalf of Dyn, I'd like to extend our sincere thanks and appreciation to the entire internet infrastructure community for their ongoing show of support."
Online businesses may have lost up to $110 million in sales and revenue, according to the CEO of Dynatrace, who tells CNN more than half of the 150 websites they monitor were affected.Read Replies (0)