By manishs from
Slashdot's you-just-got-famous department:
An anonymous reader cites an article on CSOOnline: A 132 GB database, containing the personal information on 93.4 million Mexican voters has finally been taken offline. The database sat exposed to the public for at least eight days after its discovery by researcher Chris Vickery, but originally went public in September 2015. Vickery, who works as a security researcher at Kromtech, discovered the MongoDB instance on April 14, but had difficulty tracking down the person or company responsible for placing the voter data on Amazon's AWS. He first reached out to the U.S. State Department, as well as the Mexican Embassy, but had little success. The database contains all of the information that Mexican citizens need for their government-issued photo IDs that enable them to vote. Along with their municipality, and district information, the database records include the voter's name, address, voter ID number, date of birth, the names of their parents, occupation, and more. [...] Given that the database has been online since September 2015, it isn't clear how many people have accessed the records. Additionally, the actual owner of the account hosting the data remains unknown.
Read Replies (0)
By manishs from
Slashdot's metahype department:
Chris Plante, reporting for The Verge: Jason Bourne takes off his jacket, punches a man unconscious, looks forlornly off camera, and then a title card appears. The ad -- five seconds of action -- is a teaser for the full Jason Bourne trailer (video), which immediately follows the teaser. In fact, the micro-teaser and trailer are actually part of the same video, the former being an intro for the latter. The trend is the latest example of metahype, a marketing technique in which brands promote their advertisements as if they're cultural events unto themselves. [...] Last year, the studio advertised the teaser for Ant-Man with a ten-second cut of the footage reduced to an imperceptive scale. [...] But where previous metahype promoted key dates in a marketing campaign -- like official trailer releases and fan celebrations -- the burgeoning trend of teasers within trailers exist purely to retain the viewer's attention in that exact moment. The teaser within the trailer speaks to a moment in which we have so many distractions and choices that marketers must sell us on giving a trailer three minutes of our time. This practice isn't limited to movie trailers, though. Next time you're on Facebook, pay attention to how the popular videos in your newsfeed are edited. Is the most interesting image the first thing you see? And does that trick get you to stop scrolling and watch?
Read Replies (0)
By manishs from
Slashdot's serendipitous-discovery department:
Reader Socguy writes: A typical Lithium-ion battery breaks down badly between 5000-7000 cycles. Researchers at the University of California may have discovered a simple way to build a Lithium battery that can withstand 100,000+ cycles. This was a serendipitous discovery as the researcher was playing around with the battery and coated it in a thin gel layer. The researchers believe the gel plasticizes the metal oxide in the battery and gives it flexibility, preventing cracking.Dave Gershgorn, reporting for Popular Science: Instead of lithium, researchers at UC Irvine have used gold nanowires to store electricity, and have found that their system is able to far outlast traditional lithium battery construction. The Irvine team's system cycled through 200,000 recharges without significant corrosion or decline. However, they don't exactly know why. "We started to cycle the devices, and then realized that they weren't going to die," said Reginald Penner, a lead author of the paper. "We don't understand the mechanism of that yet." The Irvine battery technology uses a gold nanowire, no thicker than a bacterium, coated in manganese oxide and then protected by a layer of electrolyte gel. The gel interacts with the metal oxide coating to prevent corrosion. The longer the wire, the more surface area, and the more charge it can hold. Other researchers have been experimenting with nanowires for years, but the introduction of the protective gel separates UC Irvine's work from other research.Also from the report, "Penner suggests that a more common metal, like nickel, could replace the gold if the technology catches on."
Read Replies (0)
By manishs from
Slashdot's 'drones-are-the-new-UFOs' department:
Reader schwit1 writes: The drone that reportedly hit a British Airways jet earlier this week may have actually been a plastic bag, a minister has said. Transport minister Robert Goodwill admitted authorities had not yet confirmed whether what struck the Airbus A320 was a remote-controlled device. The collision on Sunday night is believed to have been at around 1,700 ft near Richmond Park in south west London, over four times higher than the legal height limit. The Air Accidents Investigation Branch is investigating, alongside the Metropolitan Police. But following his comments today, Mr Goodwill also dismissed calls for tighter rules on drone use to protect against terror threats insisting current rules governing drone use were strong enough.From a Quartz report: Motherboard's Jason Koebler dove into the data the FAA released last August dove into the data the FAA released last August, and found that, among other things, "a 'large vulture,' a 'fast moving gray object,' a 'mini blimp,' a 'red UAS or balloon,' and 'a UFO' were all classified as drones in the FAA's report." This led him to decide that, when it comes to verifiable sightings -- even from trained pilots -- "drones are the new UFOs."
Read Replies (0)
By manishs from
Slashdot's another-day,-another-Windows-vulnerability department:
Reader msm1267 writes: A core Windows command-line utility, Regsvr32, used to register DLLs to the Windows Registry can be abused to run remote code from the Internet, bypassing whitelisting protections such as Microsoft's AppLocker. A researcher who requested anonymity found and recently privately disclosed the issue to Microsoft. It's unknown whether Microsoft will patch this issue with a security bulletin, or in a future release. Regsvr32, also known as Microsoft Register Server, is a Microsoft-signed binary that runs as default on Windows. The researcher's proof-of-concept allows him to download and run JavaScript or VBScript from a URL provided via the command line. "There's really no patch for this; it's not an exploit. It's just using the tool in an unorthodox manner. It's a bypass, an evasion tactic," the researcher said.The Register reports: "It's built-in remote code execution without admin rights and which bypasses Windows whitelisting. I'd say it's pretty bad," said Alex Ionescu, a Windows and ARM kernel guru. The trick -- Smith didn't want to call it an exploit -- is neat because it does not touch the Registry, does not need administrator rights, can be wrapped up in an encrypted HTTP session, and should leave no trace on disk as it's a pure to-memory download. No patch exists for this, although regsvr32 can be firewalled off from the internet. Microsoft was not available for immediate comment.
Read Replies (0)
By manishs from
Slashdot's seeing-eye-to-eye department:
An anonymous reader shares an article on Recode: Microsoft and Google say they have recently reached an agreement under which they will drop pending regulatory complaints against one another across the globe. The two have also agreed that they will try to work among themselves to settle any future issues before running to regulators. "Microsoft has agreed to withdraw its regulatory complaints against Google, reflecting our changing legal priorities," a Microsoft representative said in a statement to Re/code. âoeWe will continue to focus on competing vigorously for business and for customers." Google, meanwhile, offered up a similar statement, affirming that it too will withdraw any regulatory complaints it has made. âoeOur companies compete vigorously, but we want to do so on the merits of our products, not in legal proceedings."Also from the report, "The timing is interesting, coming just as European regulators charge that Google is abusing its position in the Android market. However, both sides say the deal was in the works for some time."
Read Replies (0)
By manishs from
Slashdot's act-surprised department:
The UK's intelligence agencies such as MI5, MI6, and GCHQ have been collecting personal information from citizens who are "unlikely to be of intelligence or security interest" since the 1990s, a thousand pages of documents published on Thursday revealed. The documents were published as a result of a lawsuit filed by Privacy International, a UK-based registered charity that defends and promotes the right to privacy across the world. According to the documents, GCHQ and others have been collecting bulk personal data sets since 1998 under the provisions of section 94 of the Telecommunications Act 1984. J.M. Porup, reports for Ars Technica: These records can be "anything from your private medical records, your correspondence with your doctor or lawyer, even what petitions you have signed, your financial data, and commercial activities," Privacy International legal officer Millie Graham Wood said in a statement. "The information revealed by this disclosure shows the staggering extent to which the intelligence agencies hoover up our data." Nor, it seems, are BPDs only being used to investigate terrorism and serious crime; they can and are used to protect Britain's "economic well-being" -- including preventing pirate copies of Harry Potter books from leaking before their release date. The so-called "Bulk Personal Datasets," or BPDs are so powerful, in fact, that the normally toothless UK parliament watchdog that oversees intelligence gathering, the Intelligence and Security Committee (ISC), recommended in February that "Class Bulk Personal Dataset warrants are removed from the new legislation." These data sets are so large and collect so much information so indiscriminately that they even include information on dead people.
Read Replies (0)
By BeauHD from
Slashdot's professional-communicators department:
An anonymous reader quotes a report from US Uncut: A Super PAC headed by a longtime Clinton operative is spending $1 million to hire online trolls to "correct" Bernie Sanders' supporters on social media. Correct The Record (CTR), which is operated by Clinton attack dog and new owner of Blue Nation Review David Brock, launched a new initiative this week called "Barrier Breakers 2016" for the purpose of debating supporters of Senator Bernie Sanders -- or "Bernie Bros," as they're referred to in Correct the Record's press official release -- on Facebook, Twitter, Reddit, and other social media platforms. The "Barrier Breakers" will also publicly thank Hillary Clinton's superdelegates and fans for supporting her campaign. The paid trolls are professional communicators, coming from public relations and media backgrounds. "The task force staff's backgrounds are as diverse as the community they will be engaging with and include former reporters, bloggers, public affairs specialists, designers, Ready for Hillary alumni, and Hillary super fans who have led groups similar to those with which the task force will organize," CTR stated.
Read Replies (0)
By BeauHD from
Slashdot's insecurity-about-security department:
prisoninmate quotes a report from Softpedia: According to Matthew Garrett, a renowned CoreOS security developer, and Linux kernel contributor, Canonical's new snap package format is not secure at all when it is used under X.Org Server (X Window System), which, for now, it is still the default display server of the Ubuntu 16.04 LTS (Xenial Xerus) operating system. The fact of the matter is that X11's old design is well-known for being insecure, and Matthew Garrett took the time to demonstrate this by writing a simple snap package that can steal data from any other X11 software, in this case anything you type on the Mozilla Firefox web browser. As more developers will provide snaps for their apps, Canonical needs to do something about the security of snaps in Ubuntu when using X11 or switch to the Mir display server. In the meantime, the security of snaps remains unaffected for the Ubuntu Server operating system, which is usually used without a display server. Canonical has officially released Ubuntu 16.04 LTS, which is now available to download for those interested.
Read Replies (0)
By BeauHD from
Slashdot's can-you-hear-me-now department:
HughPickens.com writes: There's good news for aging Americans who may have damaged their hearing by attending one too many rock concerts when they were young. Andrew Pollack writes at the NYT that the consumer electronics industry is encroaching on the hearing aid business, offering products that are far less expensive and available without the involvement of audiologists or other professionals. The new devices are forcing a re-examination of the entire system for providing hearing aids, which critics say is too costly and cumbersome, hindering access to devices vital for the growing legions of older Americans. "The audiology profession is obviously scared, for good reason, right now," says Abram Bailey.
Hearing aids cost an average of nearly $2,400 each, or close to $5,000 a pair, according to a White House advisory group, and Medicare does not pay for them, nor do most insurers. By contrast, the consumer devices are not regulated and sell for a few hundred dollars apiece, at most. Hearing aid manufacturers say that diagnosing and treating hearing loss is too complex for consumers to do using consumer devices, without the aid of a professional. But sound amplifiers have been around for years and they are growing in sophistication, taking advantage of signal processing chips developed for phones, Bluetooth headsets and computers. The devices include the Smart Listening System from Soundhawk, which sells at $400 for a single ear; the Bean from Etymotic Research, at $300; the CS50+ from Sound World Solutions at $350; and the Crystal Ear from NeutronicEar, at $545. "To me it was a reasonable investment to experiment with," says Ira Dolich, 81, who bought the Soundhawk device, which he can adjust by himself using his smartphone. "I've been pretty pleased with it," he said.
Read Replies (0)
By BeauHD from
Slashdot's soak-up-the-sun department:
An anonymous reader writes: After stalling on the island of Oahu for almost 10 months, the Solar Impulse 2 continues its journey to fly across the world with no fuel. Today, it took off from Hawaii to California piloted by Swiss explorer and psychiatrist Bertrand Piccard. Since the plane travels at about the same speed as a car, it'll take 62 hours to complete the flight across the Pacific to the San Francisco Bay area, some 2,500 miles (4,000 kilometers) away. The pilots and team call this test "the moment of truth," as they've experienced weather delays slowing down the progress. It was originally scheduled to land in Abu Dhabi, where it started its journey in March 2015, by the end of last summer. The plane had to be grounded for nine months while the batteries were being fixed. Now the Solar Impulse 2 has new batteries, a new cooling system that can be manually operated by the pilot, and $20 million in fresh funding to keep the mission up and running, according to CNN.
Read Replies (0)
By BeauHD from
Slashdot's RIP department:
alphadogg writes: Reflecting on the popular musician's uneasy relationship with the Internet and social media upon the 57-year-old surprising death. In 2010, Prince "famously shuttered his LotusFlow3r.com website," proclaiming that "The Internet is completely over... All these computers and digital gadgets are no good. They just fill your head with numbers and that can't be good for you." In 2014, The Guardian ran a story titled "Prince quits the Internet," after the singer deleted his social media accounts. He filed a lawsuit against his fans, which was later dropped, for sharing bootlegged copies of his music online. He even banned fans from taking smartphone photos at his concerts in 2013. Prince did seem to open up to the Internet to some degree in the past couple years. Prince's HTNRUN album was posted on Jay Z's Tidal music site last year. In Silicon Valley, Prince is being remembered as a social innovator and a passionate advocate for Black youth," inspiring YesWeCode, Van Jones' initiative to teach 100,000 low-income kids to write code, and hackathons across the country to expose kids in underserved communities to computer science. Bob Brown from Networkworld writes, "News of Prince's death Thursday briefly crashed the TMZ news site. From there, fans flocked to the Internet and social media to mourn this music star who did his darnedest to stay off the grid." RIP Prince.
Read Replies (0)
By BeauHD from
Slashdot's right-tool-for-the-job department:
An anonymous reader writes: FBI Director James Comey has indicated the bureau paid more than $1 million for the method used to hack into the iPhone 5c belonging to one of the San Bernadino shooters. How did he allude to it? He said the FBI paid more money than he would make in the time left as FBI director. He makes just under $200,000 a year based on public files and has over seven years left on his term. "How much did you pay for this software?" Comey was asked. "A lot," he said. "More -- let's see. More than I will make in the remainder of this job, which is seven years and four months, for sure," Comey said. "And so it's a -- but it was in my view, worth it, because it's a tool that helps us with a 5c running iOS 9, which is a bit of a corner case, increasingly as the devices develop and move on to the 6 and 6s and whatnot and iOS's change, but I think it's very, very important that we get into that device." Comey said.
Read Replies (0)