By msmash from Slashdot's up-next department
Mondelez, the US food company that owns the Oreo and Cadbury brands, is suing its insurance company, Zurich, for refusing to pay out on a $100m claim for damage caused by the NotPetya cyber attack. From a report: The case will be the first serious legal dispute over how companies can recover the costs of a cyber attack [Editor's note: the article may be paywalled; alternative source], as insurance groups seek to tightly define their liabilities. "It's a pretty big deal. I've never seen an insurance company take this position," said Robert Stines, a cyber law specialist at the US law firm Freeborn. "It's going to send ripples through the insurance industry. Major companies are going to rethink what's in their policies." The NotPetya attack in the summer of 2017 crippled the computer systems of companies around the world, including Merck, the pharmaceuticals company, Reckitt Benckiser, the consumer group, and Maersk, the world's largest shipping group. It caused billions of dollars of damage and has been blamed by the US and the UK on Russian hackers attacking the Ukrainian government.
[...] According to the Mondelez court documents, Zurich initially worked to adjust the claim in the usual way and at one point even promised to make a $10m interim payment. But it later refused to pay, relying on an exclusion in the policy for "a hostile or warlike action" by a government or sovereign power or people acting for them. Mondelez described Zurich's refusal as "unprecedented" and is seeking $100m in damages. Both companies declined to comment on the case.Read Replies (0)
By BeauHD from Slashdot's achievement-unlocked department
VLC has reached a rare milestone: It has been downloaded more than 3 billion times across various platforms, up from 1 billion downloads in May 2012. VentureBeat reports of the milestone and the new features coming to the media player: VLC today rolled out a minor update -- v3.0.6 -- that adds support for HDR videos in AV1, an emerging video format. But in the coming months, VLC has bigger things planned. First up is a major update to VLC's Android app in about a month, which will introduce support for AirPlay. This will enable Android users to beam video files from their Android phones to the Apple TV. [Jean-Baptiste Kempf, the president and lead developer of VLC's parent company VideoLan] then plans to update the VR app, which will enable native support for VR videos. He said his team reverse-engineered popular VR headsets so that developers no longer need to rely on the SDKs offered by vendors. The app will also receive support for 3D interactions and stereo sound, and add a virtual theater feature.
After that, a major update will be pushed to VLC across all popular platforms. The update, dubbed version 4.0, will offer playback improvements in scaling and video quality of HDR video files. But that's not all. Kempf says he plans to bring VLC to more platforms. He said he is thinking about bringing the media player to Sony's PlayStation 4, Nintendo Switch, and Roku devices. Kempf participated in Slashdot's interview a couple of years ago, offering some insight into how he's able to keep VLC sustainable (since VideoLan is a nonprofit that runs entirely on donations) and the various projects that were in the works at the time, among other things.Read Replies (0)
By BeauHD from Slashdot's time's-up department
An anonymous reader quotes a report from CNBC: Attorneys in San Francisco representing an Alphabet shareholder are suing the board of directors for allegedly covering up sexual misconduct claims against top executives. The suit comes months after an explosive New York Times report detailed how Google shielded executives accused of sexual misconduct, either by keeping them on staff or allowing them amicable departures. For example, Google reportedly paid Android leader Andy Rubin a $90 million exit package, despite asking for his resignation after finding sexual misconduct claims against him credible.
The new lawsuit, filed in California's San Mateo County, asserts claims for breach of fiduciary duty, abuse of control, unjust enrichment, and waste of corporate assets. The attorneys say the lawsuit is the result of "an extensive original investigation into non-public evidence" and produced copies of internal Google minutes from board of directors meetings. "The Directors' wrongful conduct allowed the illegal conduct to proliferate and continue," the suit reads. "As such, members of Alphabet's Board were knowing and direct enablers of the sexual harassment and discrimination."Read Replies (0)
By BeauHD from Slashdot's here-we-go-again department
Ben Klemens writes via Ars Technica: A landmark 2014 ruling by the Supreme Court called into question the validity of many software patents. In the wake of that ruling, countless broad software patents became invalid, dealing a blow to litigation-happy patent trolls nationwide. But this week the US Patent and Trademark Office (USPTO) proposed new rules that would make it easier to patent software. If those rules take effect, it could take us back to the bad old days when it was easy to get broad software patents -- and to sue companies that accidentally infringe them.
The Federal Circuit Appeals Court is the nation's highest patent court below the Supreme Court, and it is notoriously patent friendly. Ever since the Supreme Court's 2014 ruling, known as Alice v. CLS Bank, the Federal Circuit has worked to blunt the ruling's impact. In a 2016 ruling called Enfish, the Federal Circuit ruling took a single sentence from the Supreme Court's 2014 ruling and used it as the legal foundation for approving more software patents. This legal theory, known as the "technical effects doctrine," holds that software that improves the functioning of a computer should be eligible for a patent. A version of this rule has long held sway in Europe, but it has only recently started to have an impact in U.S. law.
This week, the Patent Office published a new draft of the section on examining software and other potentially abstract ideas in its Manual of Patent Examination Procedure (MPEP). This is the official document that helps patent examiners understand and interpret relevant legal principles. The latest version, drawing on recent Federal Circuit rulings, includes far tighter restrictions on what may be excluded from patentability. This matters because there's significant evidence that the proliferation of software patents during the 1990s and 2000s had a detrimental impact on innovation -- precisely the opposite of how patents are supposed to work.Read Replies (0)
By BeauHD from Slashdot's shiny-and-tiny department
Lexar has just unveiled the first commercially available 1-terabyte SD card. "Lexar's Professional 633x line of SDHC and SDXC UHS-I cards [...] is now listed for sale in capacities from 16GB all the way up to the flagship 1TB," reports The Verge. "That card claims read speeds of up to 95MB/s and write speeds of 70MB/s, though it's only rated as V30/U3, which guarantees sustained write performance of 30MB/s." Unfortunately, you'll pay a premium price of $499.99 for the new 1TB SD card, which is more than the cost of two 512GB cards. Still, the convenience may be worth it.
Joey Lopez, Senior Marketing Manager of Lexar, said in a statement: "Almost fifteen years ago, Lexar announced a 1GB SD card. Today, we are excited to announce 1TB of storage capacity in the same convenient form factor. As consumers continue to demand greater storage for their cameras, the combination of high-speed performance with a 1TB option now offers a solution for content creators who shoot large volumes of high-resolution images and 4K video."Read Replies (0)
By BeauHD from Slashdot's hidden-in-plain-view department
An anonymous reader quotes a report from ZDNet: A weather app that comes preinstalled on Alcatel smartphones contained malware that surreptitiously subscribed device owners to premium phone numbers behind their backs. The app, named "Weather Forecast-World Weather Accurate Radar," was developed by TCL Corporation, a Chinese electronics company that among other things owns the Alcatel, BlackBerry, and Palm brands. The app is one of the default apps that TCL installs on Alcatel smartphones, but it was also made available on the Play Store for all Android users --where it had been downloaded and installed more than ten million times. But at one point last year, both the app included on some Alcatel devices and the one that was available on the Play Store were compromised with malware. How the malware was added to the app is unclear. TCL has not responded to phone calls requesting comment made by ZDNet this week. The app reportedly harvested users' data and sent it to China. It collected geographic locations, email addresses, and IMEI codes, which it sent back to TCL.
Upstream, a UK-based mobile security firm, also found that "the malicious code hidden inside the app would also attempt to subscribe users to premium phone numbers that incurred large charges on users' phone bills," reports ZDNet. "All in all, the company says it detected and blocked over 27 million transaction attempts across seven markets, which would have created losses of around $1.5 million to phone owners if they hadn't been blocked." Upstream notes that most of the behavior they've seen originated only from two types of smartphones: Pixi 4 and A3 Max models.Read Replies (0)
By msmash from Slashdot's call-the-IT department
Major Linux distributions are vulnerable to three bugs in systemd, a Linux initialization system and service manager in widespread use, California-based security company Qualys said late yesterday. From a report: The bugs exist in 'journald' service, tasked with collecting and storing log data, and they can be exploited to obtain root privileges on the target machine or to leak information. No patches exist at the moment. Discovered by researchers at Qualys, the flaws are two memory corruption vulnerabilities (stack buffer overflow - CVE-2018-16864, and allocation of memory without limits - CVE-2018-16865) and one out-of-bounds error (CVE-2018-16866). They were able to obtain local root shell on both x86 and x64 machines by exploiting CVE-2018-16865 and CVE-2018-16866. The exploit worked faster on the x86 platform, achieving its purpose in ten minutes; on x64, though, the exploit took 70 minutes to complete. Qualys is planning on publishing the proof-of-concept exploit code in the near future, but they did provide details on how they were able to take advantage of the flaws.Read Replies (0)
By msmash from Slashdot's war-of-words-continues department
An anonymous reader shares a report: Yesterday, AMD announced a new graphics card, the $700 Radeon VII, based on its second-generation Vega architecture. The GPU is the first one available to consumers based on the 7nm process. It's impressive technology, and Nvidia has touted it as the primary reason to upgrade from previous generation GPUs. AMD's GPUs, notably, do not support it. And at a round table Gizmodo attended with Nvidia CEO Jensen Huang he jokingly dismissed AMD's Tuesday announcement, claiming the announcement itself was "underwhelming" and that his company's 2080 would "crush" the Radeon VII in benchmarks. "The performance is lousy," he said of the rival product. When asked to comment about these slights, AMD CEO Lisa Su told a collection of reporters, "I would probably suggest he hasn't seen it." When pressed about his comments, especially his touting of ray tracing she said, "I'm not gonna get into it tit for tat that's just not my style."Read Replies (0)