By EditorDavid from Slashdot's telnet-botnet department
Remember that historically massive denial-of-service attack last month against security researcher Brian Krebs? The source code's just been leaked, Krebs reports, "virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices." An anonymous Slashdot reader quotes KrebsOnSecurity:
The malware, dubbed "Mirai," spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords. Infected systems can be cleaned up by simply rebooting them -- thus wiping the malicious code from memory. But experts say there is so much constant scanning going on for vulnerable systems that vulnerable IoT devices can be re-infected within minutes of a reboot. Only changing the default password protects them from rapidly being reinfected on reboot...
The user who leaked the source code says "there's lots of eyes looking at IOT now... I usually pull max 380K bots from telnet alone. However, after the Krebs DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300K bots, and dropping"...
Now that the source code has been released online for that 620-Gbps attack, Krebs predicts "there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth. On the bright side, if that happens it may help to lessen the number of vulnerable systems."
He points out that 5.5 million new things get connected to the internet each day, according to Gartner. And they're also predicting that 6.4 billion things will be connected to the internet by the end of the year -- reaching 20.8 billion over the next four years.Read Replies (0)
By msmash from Slashdot's complicated-things department
The U.S. has given up its remaining control over the Internet. The formal handover, which took effect on Saturday, followed a last-ditch attempt by a group of Republicans to block the move. They had argued that the US concession would open the door for authoritarian governments get control of the network of networks, leading to greater censorship. From a BBC report:A judge in Texas has put the kibosh on a last-minute legal attempt to block the controversial decision for the US to give up control of one of the key systems that powers the internet. It's a move being breathlessly described by some as the US "giving up the internet" to the likes of China, Russia and the Middle East. For starters, while they can take the credit for inventing the underlying technology, the US never "had the internet" to begin with. Nobody did. It's a, duh, network. Decentralised. That's what makes it so powerful. But there are bits of internet infrastructure that some people and governments do have control over, and that's what this row is all about. One of them is the DNS - Domain Name System. This is the system for looking after web addresses. Thanks to the DNS, when you type bbc.com, you're taken to the correct servers for the BBC website. It saves you the grief of having to remember a string of numbers. That pairing of names and numbers is kept in one great big master file, the land registry of the web. The only organisation that can make changes is Icann, the Internet Corporation for Assigned Names and Numbers. As of Saturday 1 October 2016, Icann will no longer be under US government oversight.Read Replies (0)
By EditorDavid from Slashdot's dammed-if-you-do department
A team of researchers from Canada, Holland, China, the U.S. and Brazil "found that greenhouse gas emissions from man-made reservoirs were likely equal to the equivalent of one gigaton of carbon dioxide being released into the atmosphere every year...a little less than one-sixth of the United State's greenhouse gas emissions." An anonymous Slashdot reader quotes Popular Science:
A reservoir is usually created by damming a river, overflowing the banks and flooding the surrounding area, creating a man-made lake...the perfect conditions for microbes to generate greenhouse gases like carbon dioxide and methane (a gas that is about 25 times more potent than carbon dioxide)... "When reservoirs are first flooded there's organic matter in the soil and vegetation that can be converted by microbes into methane and carbon dioxide," John Harrison, a co-author of the paper, tells Popular Science.
"Also, reservoirs because they are in line in rivers, they receive a lot of organic matter and organic sediment from upstream that can fuel the production of methane, carbon dioxide and nitrous oxide." Harrison says that reservoirs also tend to occur in areas where fertilizers are used on the surrounding land. Runoff from those fertilizers into bodies of water can cause algal blooms that can also produce more methane and carbon dioxide.
If the world's reservoirs were a country, they'd be #8 on a list of polluters -- right behind Brazil, China, the EU and the U.S.Read Replies (0)
By EditorDavid from Slashdot's Apple-Pay(s) department
Slashdot reader chasm22 quotes Reuters:
A federal jury in Texas on Friday night ordered Apple Inc to pay more than $302 million in damages for using VirnetX Holding Corp's patented internet security technology without permission in features including its FaceTime video conferencing application. The verdict came in a new trial in Tyler, Texas that had been ordered by the judge in the case, Robert Schroeder, who last August threw out VirnetX's $625.6 million win over Apple from a previous trial because he said jurors in that case may have been confused...
A jury in 2012 awarded $368.2 million in damages, but the U.S. Court of Appeals for the Federal Circuit in Washington, D.C., partly overturned that verdict, saying there were problems with how the trial judge instructed jurors on calculating damages.
On remand, VirnetX's two suits were combined, and in February, a jury returned with an even bigger verdict, $625.6 million, one of the highest ever in a U.S. patent case... However, Schroeder later voided the result, saying that the repeated references to the earlier case could have confused jurors and were unfair to Apple... Apple will also have to contend with the trial in a second lawsuit VirnetX filed against Apple over newer versions of Apple security features, as well as its iMessage application.
The article points out that "Many patent cases are handled in the Texas court, which has a reputation for awarding favorable verdicts to plaintiffs alleging infringement."Read Replies (0)
By msmash from Slashdot's definitely,-maybe department
Microsoft may have plans to bring Windows Hello, one of the headline features of Microsoft's current operating system, to Android and iOS. Windows Hello is a feature that lets people unlock their PC with fingerprint, face, or iris. Paul Thurrott reports: With Windows 10 version 1607, Microsoft has expanded the Windows Hello authentication technologies to include support for companion devices. That we knew. But those companion devices, surprisingly, will include both Android and iPhone handsets. The question is whether those solutions will ever be made available to consumers.[...] On a Ignite 2016 session called Expand Windows Hello Family to companion devices and browser, Microsoft outlined some ideas around this. "When you think about a user and the kind of devices they carry with them," Microsoft senior program manager lead Anoosh Saboori said during the session, "they normally have the phone in their pocket, they [might] have some kind of wearable on their arm, some of them might have the security fobs given to them by their company, and many of us carry a badge with us that is used to gain access to different physical locations. We wanted to leverage these devices as a way to knowing the user."Read Replies (0)
By msmash from Slashdot's we-could-use-more-SSDs department
At its Global SSD Summit, Samsung shared its vision of the current state of SSD market and also outlined the future trends. The company noted that SSDs are steadily displacing HDDs in more applications, but NVMe is shaping up to be the dark horse that may put the venerable HDD to rest. From an article on Tom's Hardware: Samsung loves Google, and not just because it probably buys plenty of its SSDs. Samsung outlined its rather intense focus on Google Analytics for marketing purposes last year, and this year it pointed out that recent Google searches for "SSD upgrades" outweighed searches for "CPU upgrades." The historical trend indicates that this wasn't always the case (of course), but with 40 million searches for SSD upgrades this year, it is clear that SSDs are on the move. Performance stagnation in the CPU market is probably to blame here, as well, and we routinely advise readers to spend their hard-earned dollars on GPU and SSD upgrades before the CPU. The cellphone industry has long served as the prime example of an explosive growth market; it grew 19.1% in the last five years alone. SSDs, by contrast, grew 54%, and the steady downward pricing slope is a key factor. The all-important price-per-GB fell from $1.17 in 2012 to a mere $0.36 in 2016 (69% reduction). This is an average value, you can find SSDs for even less on the retail market. The SSD market grew 6x (to 130,000,000) from 2012 to 2016. Samsung's NAND shipments benefit from both the smartphone and SSD industries, and the company presented a chart that highlighted the changing NAND shipment mix. A higher percentage of flash heads into the SSD and Mobile segments every year as the percentage of UFD (USB Flash Drive), cards, and "others" decline.Read Replies (0)
By msmash from Slashdot's cc-eu-antitrust-folks department
Google is telling its home audio vendors that they won't be allowed to add support for smart assistants by rivals such as Amazon's Alexa if they want to continue to use Google Cast, according to Variety. The Mountain View-based company reportedly conducted a meeting in June with 50 of the biggest names of home audio to discuss the plan. The publication adds that Google's talks with OEMs were at least partially successful, with many of those companies planning to unveil their Google Cast-powered smart speakers as soon as next year. From the report:"Google Cast has become a Trojan horse," said one of the attendees, who wasn't authorized to speak on the record with Variety. Google's overtures to consumer electronics makers come at a time of upheaval for many home audio brands. Premium stereo equipment makers, in particular, have seen their sales diminished in recent years by both changing listening habits and a rapid evolution of technology. The move to streaming audio led music fans to massively embrace headphones and cheap Bluetooth speakers. Then Sonos came along and established itself as the market leader for premium Wifi-connected speakers. And finally, Amazon surprised everyone with the Echo, a device that redefined what a speaker does, thanks to smart voice control that can be used to request songs, news headlines, the weather, and even to order a pizza or an Uber.Weirdly enough, Google, Amazon, Facebook, IBM, and Microsoft announced a partnership this week to conduct research and promoting best practices on AI.Read Replies (0)
By EditorDavid from Slashdot's blaming-C department
"Most software, even critical system software, is insecure Swiss cheese held together with duct tape, bubble wrap, and bobby pins..." writes TechCrunch. An anonymous reader quotes their article:
Everything is terrible because the fundamental tools we use are, still, so flawed that when used they inevitably craft terrible things... Almost all software has been bug-ridden and insecure for so long that we have grown to think that this is the natural state of code. This learned helplessness is not correct. Everything does not have to be terrible...
Vast experience has shown us that it is unrealistic to expect programmers to write secure code in memory-unsafe languages...as an industry, let's at least set a trajectory. Let's move towards writing system code in better languages, first of all -- this should improve security and speed. Let's move towards formal specifications and verification of mission-critical code.
Their article calls for LangSec testing, and applauds the use of languages like Go and Rust over memory-unsafe languages like C. "Itâ(TM)s not just systemd, not just Linux, not just software; the whole industry is at fault."Read Replies (0)
By EditorDavid from Slashdot's send-in-the-clones department
Long-time Slashdot reader Ichijo
has a question about "(not quite) open source hardware":
One hardware project that calls itself "open source" doesn't want to make its hardware design source files publicly available because doing so would, in their words, "make it very trivial for e.g Chinese companies to start producing cheap clones... we'd be getting support requests for hardware we had no idea of the quality of." This answer was in response to a request by a user who wants to use the design in his own projects.
Have any other open source hardware projects run into support issues from people owning cheap "clones"? Have clones been produced even without the hardware design source files?
Leave your answers in the comments. Should an open source hardware project support clones?Read Replies (0)
By EditorDavid from Slashdot's see-media-for-pic department
"No matter how solid the system is, history reveals that false alarms -- of zombies, nuclear attacks, missing children -- are inevitable," warns an essay at Medium. An anonymous Slashdot reader summarizes the article: New York's police department is hailing emergency alerts as "the future" of government communications to citizens. But could the same system be used by scammers directing millions of people to a malware-installing site, or "a terrorist intent on causing mass panic (i.e., 'Tsunami imminent, evacuate immediately')... If the government can reach us at any time, who else can?"
The article runs through great moments in the history of false alerts -- including a 1971 incident where the national warning system mistakenly sent out the pre-nuclear attack warning, "normal broadcasting will cease immediately," and warnings in 2013 about zombie attacks in Montana, New Mexico, and Michigan. "To tell anybody that an agency is immune to these attacks would be a grave injustice," said the IT overseer at Iowa's Department of Public Safety.Read Replies (0)
By EditorDavid from Slashdot's peace-of-Pi department
"Today is one of the best days in Arduino history," announced Massimo Banzi, Co-Founder of Arduino LLC, calling it "a new beginning" for Ardunio. Slashdot reader ruhri reports:
Massimo Banzi and Federico Musto, co-founders of the Arduino Project, announced they have settled their differences that had resulted in the creation of Arduino LLC and Arduino SRL. A new, unified Arduino Holding and Arduino Foundation will be created.
"Massimo Banzi and Federico Musto took the stage today at the New York Maker Faire to announce the good news," reports a blog post at Arudino.cc. "At the end of 2016, the newly created 'Arduino Holding' will become the single point of contact for the wholesale distribution of all current and future products... In addition, Arduino will form a not-for-profit 'Arduino Foundation' responsible for maintaining the open source Arduino desktop IDE, and continuing to foster the open source movement by providing support for a variety of scholarships, community and developer initiatives."Read Replies (0)
By EditorDavid from Slashdot's just-ahead-of-in-time department
An anonymous Slashdot reader quotes InfoWorld:
Java applications will get faster startup times thanks to a formal proposal to include ahead-of-time compilation in the platform. The draft Java Development Kit proposal, authored by Vladimir Kozlov, principal technical staff member at Oracle, is targeted for inclusion in Java 9, which is expected to be available next summer. "We would love to see this make it into JDK 9, but that will of course depend on the outcome of the OpenJDK process for this JDK Enhancement Proposal," said Georges Saab, vice president of software development in the Java platform group at Oracle, on Thursday. Ahead-of-time compilation has been a stated goal for Java 9 to address the issue of slow startup...
The proposal summary notes that Java classes would be compiled to native code prior to launching the virtual machine. The ultimate goal is to improve the startup time of small or large Java applications while having "at most" a limited impact on peak performance and minimizing changes to the user workflow.
Tests indicates some applications perform better while some actually perform worse, so it's being proposed as an opt-in feature where dissatisfied users "can just rebuild a new JDK without ahead-of-time libraries."Read Replies (0)