By EditorDavid from Slashdot's IP-freely department
There are lots of tools and different secure protocols that could be used by internet service providers to embed security into the fabric of the internet, making the internet secure by default, but that's not something that Facebook's Chief Security Officer, Alex Stamos wants to happen. Instead of security by default, his view is that carriers should be neutral and let malicious traffic do whatever it wants.
"I believe strongly in the end-to-end principle, I think we should have neutral carriers in the middle and it should not be the responsibility of ISPs to secure the internet," Stamos said in a press conference at the Black Hat USA conference last week.
Slashdot reader Darth Technoid disagrees, calling a lack of security "the Original Sin of the Internet," and speculating that Vint Cerf and Bob Metcalfe "thought that future technology would resolve the issues." What do other Slashdot readers think?
Should the internet be secure by default?Read Replies (0)
By EditorDavid from Slashdot's burglaring-bitcoins department
For months, the ransom money from the massive WannaCry cyberattack sat untouched in online accounts. Now, someone has moved it. More than $140,000 worth of digital currency bitcoin has been drained from three accounts linked to the ransomware virus that hit hundreds of thousands of computers around the world in May.
Meanwhile, a Ukrainian law firm wants NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, said to be the point of origin of the NotPetya ransomware outbreak. An anonymous reader quotes BleepingComputer:
The NotPetya ransomware spread via a trojanized M.E.Doc update, according to Microsoft, Bitdefender, Kaspersky, Cisco, ESET, and Ukrainian Cyber Police. A subsequent investigation revealed that Intellect-Service had grossly mismanaged the hacked servers, which were left without updates since 2013 and were backdoored on three different occasions... The Juscutum Attorneys Association says that on Tuesday, Ukrainian Cyber Police confirmed that M.E.Doc servers were backdoor on three different occasions in an official document. The company is now using this document as the primary driving force behind its legal action.
The law firm says victims must pay all of the court fees -- and give them 30% of any awarded damages.Read Replies (0)
By EditorDavid from Slashdot's one-of-our-own department
TheSync writes: The Syrian open source developer, blogger, entrepreneur, hackerspace founder, and free culture advocate Bassell Khartabil was swept up in a wave of military arrests in March 2012. A CBC report states that his wife wrote on Facebook late Tuesday that she has received confirmation that security services executed Khartabil in October 2015 after torturing him in prison. Before his arrest, his most recent work included a 3D virtual reconstruction of the ancient city of Palmyra in Syria.
At the time of his arrest, Khartabi was 30 years old -- after which he started a blog called "MeInSyrianJail" and a Twitter account called "Live from my cell." Though he spent the last three and half years of his life in prison, he once tweeted that "Jail is not walls, not the executioner and guards. It is the hidden fear in our hearts that makes us prisoners." The latest tweet on his feed says "Rest in power our friend."
Thursday the Creative Commons nonprofit described the developer as "our friend and colleague," and announced the Bassel Khartabil Memorial Fund, "which will support projects in the spirit of Bassel's work."Read Replies (0)
By EditorDavid from Slashdot's way-back-machines department
An anonymous reader quotes Smithsonsian:
It was with minimal expectations that, on August 3, 1977, Tandy Corporation teamed up with Radio Shack to release the TRS-80, one of the first personal computers available to consumer markets. While Don French -- a buyer for the Tandy Radio Shack consumer electronic chain -- had convinced some Tandy executives of the need to release a personal computer, most felt it was unlikely to gross substantial profits. This bulky item with complex operating procedures would never sell, they thought, more than 1,000 units in its first month... As it turned out, the TRS-80 surpassed even the most cautious sales estimates by tenfold within its first month on the market; the burgeoning prospects of a new era in personal electronics and computing could no longer be denied.
It had no hard drive and four kilobytes of memory, according to the article. Radio Shack's $600 PC was preceded by the MITS Altair, as well as PCs from both Apple and IBM, but "the TRS-80 was one of the first products that came fully assembled and ready to use, bridging the gap in accessibility between hobbyists -- who took interest in the actual building of the computer -- and the average American consumer, who wanted to know what this new, cutting-edge technology had in store for them." Does this bring back any memories for anyone?Read Replies (0)
By EditorDavid from Slashdot's using-the-force department
Earlier this summer, popular YouTube channel Auralnauts received some unfortunate news: Warner/Chappell had filed a monetization claim on their "Star Wars Minus Williams" video through YouTube's Content ID System. More than anything, the Auralnauts were confused -- the video the music company was claiming rights over didn't have any music in it at all.
In fact, the video is almost entirely silent, augmented with a few awkward coughs as Han Solo and Luke Skywalker plod noiselessly toward Princess Leia in a two-minute scene where they're awarded ceremonial medallions. Wired's article describes it as "a tongue-in-cheek tribute" to John Williams' Star Wars score for the film's final scene, also reporting that it had been online for almost three years before Warner/Chappell music publishing claimed rights to all money the video would receive:
When I tried to get Warner/Chappell's side of this story, the company offered no comment. But apparently my reporting helped bring the "Star Wars Minus Williams" copyright dispute to an unexpectedly speedy resolution. When Koonce told his YouTube partner manager that a journalist had interviewed him, YouTube stepped in and removed the copyright claim against the video.
YouTube has also created a "Fair Use Protection" program covering legal costs for channels they believe are unfairly targeted with video takedown notices. But the article points out that 95% of the time music companies just chose YouTube's "monetize" option to claim the ad revenue rather than asking that a video be blocked -- and that last year YouTube paid the music industry $1 billion. (Though the music industry insists that amount is still below what they're receiving from streaming music services.)Read Replies (0)
By EditorDavid from Slashdot's permission-slips department
pizzutz writes: Chrome's popular Web Developer plugin was briefly hijacked on Wednesday when an attacker gained control of the author's Google account and released a new version (0.49) which injected ads into web pages of more than a million users who downloaded the update. The version was quickly replaced with an uncompromised version (0.5) and all users are urged to update immediately.
Lauren Weinstein has a broader warning:
While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by add-ons, some of which are downright crooked, many more of which are sloppily written and poorly maintained. Ironically, some of these add-on extensions and apps claim to be providing more security, while actually undermining the intrinsic security of the browsers themselves. Others (and this is an extremely common scenario) claim to be providing additional search or shopping functionalities, while actually only existing to silently collect and sell user browsing activity data of all sorts.
Lauren also warns about sites that "push users very hard to install these privacy-invasive, data sucking extensions" -- and believes requests for permissions aren't a sufficient safeguard for most users. "Expecting them to really understand what these permissions mean is ludicrous. We're the software engineers and computer scientists -- most users aren't either of these. They have busy lives -- they expect our stuff to just work, and not to screw them over."Read Replies (0)
By EditorDavid from Slashdot's finish-this-level department
This question came from two things noticed by Slashdot reader dryriver:
"Myself and just about every other kid I was friends with in the 1980s were definitely addicted to computers when we were young, and stayed that way until we reached college."
"There is increasing concern about everybody from young kids to people 60+ staring into smartphone, tablet computer and laptop screens for hours and hours every day and not partaking in other activities they used to before the "glowing screen" hooked them."
Are interactive computing devices, whether networked or not, addictive in nature? What kind of applications appear to be the most addictive? (AAA games? Casual games? Social media? Texting?) And could the addiction have something to do with "Neuroplasticity", the fact that doing an activity over and over again each day that you place great importance in, and pay great attention to, can actually rewire the neurons in your brain?
Nicholas Carr once argued that "We're training ourselves, through repetition, to be facile skimmers, scanners, and message-processors -- important skills, to be sure -- but, perpetually distracted and interrupted, we're not training ourselves in the quieter, more attentive modes of thought." Slashdot readers seem uniquely qualified to address this, so leave your own attentive thoughts in the comments. Are interactive computing devices addictive?Read Replies (0)
By EditorDavid from Slashdot's pushing-peer-to-peer-payments department
BrianFagioli quotes BetaNews: Microsoft has partnered with PayPal for a new way to transfer funds using Skype... "Today, we're excited to announce that PayPal is now partnering with Skype to allow users in 22 countries to send money to other Skype users with PayPal via their Skype mobile app. With over one billion Skype mobile downloads to date globally, users will be able to use PayPal directly from their Skype app to seamlessly send money in the moment...across the country or internationally," says John Kunze, VP of Xoom, PayPal.
It's part of a push to make it easier to share money, PayPal writes:
Over the past year, we've partnered with Apple, Slack and Microsoft to enable peer-to-peer payments with PayPal and Venmo in more places and in more contexts where people are connecting online and on mobile, such as a voice command with Siri, in chat with iMessage and Slack, and in email via Microsoft's Outlook.com.Read Replies (0)
By EditorDavid from Slashdot's cheaters-never-prosper department
An anonymous reader quotes Ars Technica:
A former Volkswagen executive has pleaded guilty to two charges related to the companyâ(TM)s diesel emissions scandal. He is the second VW Group employee to do so, following retired engineer James Liang pleading guilty last summer. The VW Group executive, Oliver Schmidt, was based outside of Detroit and was in charge of emissions compliance for Volkswagen in the years before the company was caught using illegal software to cheat on federal emissions tests.
Schmidt, a German citizen who was 48 when he was arrested in Miami in January on vacation, was originally charged with 11 felony counts. In accepting a plea deal from US federal officials, Schmidt will only plead guilty to two charges: conspiracy to defraud the US government and violate the Clean Air Act, and making a false statement under the Clean Air Act. Schmidt will be sentenced in December. He could face up to seven years in prison, as well as fines from $40,000 to $400,000, according to the plea agreement. After that, Schmidt could also be required to serve four years of supervised release.Read Replies (0)
By EditorDavid from Slashdot's can-you-hear-me-now? department
schwit1 shared WIRED's report on "a life-changing technology." Steven Levy spoke with Mathias Bahnmueller as he tested a new Apple sound processor that beams digital audio directly into hearing aids.
Bahnmueller suffers from hearing loss so severe that a year ago he underwent surgery to install a cochlear implant -- an electronic device in the inner ear that replaces the usual hearing mechanism. Around a million patients have undergone this increasingly mainstream form of treatment, and that's just a fraction of those who could benefit from it. (Of the 360 million people worldwide with hearing loss, about 10 percent would qualify for the surgery.) "For those who reach a point where hearing aids no longer help, this is the only solution," says Allison Biever, an audiologist in Englewood, CO who works with implant patients. "It's like restoring a signal in a radio station."
Cochlear implants bypass the usual hearing process by embedding a device in the inner ear and connecting it via electrodes to the nerve that sends audio signals to the brain... The system Bahnmueller was using came from a collaboration between Apple and Cochlear, a company that has been involved with implant technology since the treatment's early days. The firms announced last week that the first product based on this approach, Cochlear's Nucleus 7 sound processor, won FDA approval in June -- the first time that the agency has approved such a link between cochlear implants and phones or tablets. Those using the system can not only get phone calls directly routed inside their skulls, but also stream music, podcasts, audio books, movie soundtracks, and even Siri -- all straight to the implant... Apple will offer the technology free to qualified manufacturers.
Google's accessibility team for Android has no public timeline for any similar hearing aid support, though according to the article it's "on the roadmap."Read Replies (0)
By EditorDavid from Slashdot's stoked-on-storage department
An anonymous reader quotes Fortune:
Business software company Red Hat said on Monday that it is acquiring the technology assets of Permabit, a small company that specializes in cleaning up corporate data to make storage more efficient and data access faster. Terms of the deal were not disclosed but a Red Hat spokesman said 16 people from Permabit will be joining that company...
While the conventional wisdom is that data storage is cheap, it is not free. And with companies turning to more expensive flash storage, it saves money to remove redundant data, said Richard Fichera, vice president and principal analyst at Forrester Research... Red Hat, which sells a version of the Linux operating system used by many Fortune 500 companies, also offers its own storage software. And, it wants to become a more formidable challenger in data storage, a goal that can be furthered by buying Permabit's technology, Fichera said.
Slashdot reader See Attached points out that this week Red Hat also released RHEL 7.4, which introduces support for Network Bound Disk Encryption (NBDE) and system protection against intrusive USB devices.Read Replies (0)
By EditorDavid from Slashdot's pondering-prions department
sciencehabit quotes Science magazine:
Prions are insidious proteins that spread like infectious agents and trigger fatal conditions such as mad cow disease. A protein implicated in diabetes, a new study suggests, shares some similarities with these villains. Researchers transmitted diabetes from one mouse to another just by injecting the animals with this protein. The results don't indicate that diabetes is contagious like a cold, but blood transfusions, or even food, may spread the disease.
The work is "very exciting" and "well-documented" for showing that the protein has some prionlike behavior, says prion biologist Witold Surewicz of Case Western Reserve University in Cleveland, Ohio, who wasn't connected to the research. However, he cautions against jumping to the conclusion that diabetes spreads from person to person. The study raises that possibility, he says, but "it remains to be determined."Read Replies (0)
By EditorDavid from Slashdot's money-for-nothing department
A new class action lawsuit from a former Wells Fargo customer claimed the bank charged loan customers for auto insurance they did not need. With auto loans, the bank often requires that full coverage auto insurance be bought when the loan is made. However, lead plaintiff Paul Hancock says that Wells Fargo charged him for auto insurance even though he informed them he already had an insurance policy with another company. Wells Fargo also charged him a late fee when he disputed the charge. Wells Fargo does not dispute that it did this to customers and has offered to refund $80 million to 570,000 customers who were charged for insurance. The lawsuit however is to recoup late fees, delinquency charges, and other fees that the refund would not cover.
NPR describes Wells Fargo actually repossessing the car of a man who was "marked as delinquent for not paying this insurance -- which he didn't want or need or even know about." Friday the bank also revealed the number of "potentially unauthorized accounts" from its earlier fake accounts scandal could be much higher than previous estimates -- and that they're now expecting their legal costs to exceed the $3.3 billion they'd already set aside.
And Reuters reports that the bank will also be paying $108 million "to settle a whistleblower lawsuit claiming it charged military veterans hidden fees to refinance their mortgages, and concealed the fees when applying for federal loan guarantees."Read Replies (0)
By EditorDavid from Slashdot's reading-between-the-channels department
Microsoft recently announced their plan to deploy unused television airwaves to solve the digital divide in America. And while the media painted this effort as a noble one, at Backchannel, Susan Crawford reveals the truth: "Microsoft's plans aren't really about consumer internet access, don't actually focus on rural areas, and aren't targeted at the US -- except for political purposes." So what is Microsoft really up to?
The article's author believes Microsoft's real game is "to be the soup-to-nuts provider of Internet of Things devices, software, and consulting services to zillions of local and national governments around the world. Need to use energy more efficiently, manage your traffic lights, target preventative maintenance, and optimize your public transport -- but you're a local government with limited resources and competence? Call Microsoft."
The article argues Microsoft wants to bypass mobile data carriers who "will want a pound of flesh -- a percentage -- in exchange for shipping data generated by Microsoft devices from Point A to Point B... [I]n many places, they are the only ones allowed to use airwave frequencies -- spectrum -- under licenses from local governments for which they have paid hundreds of millions of dollars."Read Replies (0)
By EditorDavid from Slashdot's core-applications department
AmiMoJo brings news about gedit, the default text editor for GNOME:
In a post to the gedit mailing list, Sébastien Wilmet states that gedit is no longer maintained and asks "any developer interested to take over the maintenance of gedit?" Just in case you were considering it, he warns "BTW while the gedit core is written in C (with a bit of Objective-C for Mac OS X support), some plugins are written in Vala or Python. If you take over gedit maintenance, you'll need to deal with four programming languages (without counting the build system). The Python code is not compiled, so when doing refactorings in gedit core, good luck to port all the plugins (the Python code is also less "greppable" than C). At least with Vala there is a compiler, even if I would not recommend Vala."
Sébastien's comments were surrounded by a <rant-on-languages> tag, but they're still crying out for some serious discussion. Any Slashdot readers want to share their own insights on Python, some fond thoughts on gedit, or suggestions for maintaining a great piece of open source software?Read Replies (0)
By BeauHD from Slashdot's disinformation-campaigns department
An anonymous reader quotes a report from CNN: The FBI monitored social media on Election Day last year in an effort to track a suspected Russian disinformation campaign utilizing "fake news," CNN has learned. In the months leading up to Election Day, Twitter and Facebook were the feeding grounds for viral "news" stories floating conspiracies and hoaxes, many aimed at spreading negative false claims about Hillary Clinton. On Election Day, dozens of agents and analysts huddled at a command center arrayed with large monitoring screens at the FBI headquarters in Washington watching for security threats, according to multiple sources. That included analysts monitoring cyber threats, after months of mounting Russian intrusions targeting every part of the US political system, from political parties to policy think-tanks to state election systems. On this day, there was also a group of FBI cyber and counterintelligence analysts and investigators watching social media. FBI analysts had identified social media user accounts behind stories, some based overseas, and the suspicion was that at least some were part of a Russian disinformation campaign, according to two sources familiar with the investigation.Read Replies (0)
By BeauHD from Slashdot's legal-trouble department
An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others. Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.Read Replies (0)