By BeauHD from Slashdot's Pokemon-Master department
An anonymous reader writes: If you're an iPhone user and have installed Pokemon GO, you may have noticed that the app grants itself full access to your Google account. It can read your email, location history, documents and pretty much every else associated with your Google account. (You can check to see for yourself here.) Given the nature of the game, it's understandable for it to request a lot of permissions, as it needs your precise location, ability to access the camera and motion sensors, read and write the SD card, and charge you money when you run out of Pokeballs or eggs. But full access to your Google account is pushing it, even if Niantic or Nintendo has no malicious intentions. If you're concerned about these permissions, you can always sign-up using a Pokemon Trainer account, assuming the servers are permitting. Google describes full account access as such: "When you grant full account access, the application can see and modify nearly all information in your Google Account (but it canâ(TM)t change your password, delete your account, or pay with Google Wallet on your behalf). This 'Full account access' privilege should only be granted to applications you fully trust, and which are installed on your personal computer, phone, or tablet."Read Replies (0)
By BeauHD from Slashdot's professional-athletes department
netbuzz writes: [Network World reports:] "Golfer Jordan Spieth announced this morning that he will not play in the Olympics, citing Zika, meaning the world's top four players in his sport have now opted out of going to Brazil. They're self-employed and answer to no one. But what of the rank-and-file employees who work for major technology companies sending large contingents to Brazil? Are they being asked -- or compelled -- to ignore the risks? Conversely, could women of child-bearing age be denied the opportunity to go at an employer's discretion?" Major vendors like Cisco and GE say they're not making anyone go, though at least one expert says that doing so wouldn't necessarily be a violation of employment law. When asked if anyone declined to go, a Cisco spokesperson said via email: "We're not in a position to confirm whether employees have opted out (that is between them and their manager), but we provide for that option." GE provided a similar response, saying, "No GE employees have opted out of going, but GE employees are free to opt out at any time." Patricia Pryor, an attorney at Jackson Lewis P.C. in Cincinnati who has addressed these issues in a piece for The National Law Review earlier this year, was asked by Network World as well. She says: "Employers are wise to be flexible with travel requirements to Zika-infested areas when they can and when doing so is reasonable. However, there are some jobs where the purpose of the job/or the essential functions of the job require travel to these areas. If it is not reasonable or possible to delay travel to the area, an employer generally can require employees to travel."Read Replies (0)
By BeauHD from Slashdot's watching-your-every-move department
An anonymous reader writes from a report via PC Magazine: Following the recent vulnerabilities in Tor, researchers at MIT's Computer Science and Artificial Intelligence Laboratory and the Ecole Polytechnique Federale de Lausanne have been working on a new anonymity network that they say is more secure than Tor. While the researchers are planning to present their new system, dubbed Riffle, at the Privacy Enhancing Technologies Symposium later this month, they did say the system uses existing cryptographic techniques, but in new ways. A series of servers are what make up Riffle, each of which "permutes the order in which it receives messages before passing them on to the next," according to a news release. "For instance, messages from senders Alice, Bob, and Carol reach the first server in the order A, B, C, that server would send them to the second server in a different order -- say C, B, A. The second server would permute them before sending them to the third, and so on." Nobody would know which was which by the time they exited the last server. Both Tor and MIT's anonymity network use onion encryption. Riffle uses a technique called verifiable shuffle in addition to onion encryption to thwart tampering and prevent adversaries from infiltrating servers with their own code. Last but not least, it uses authentication encryption to verify the authenticity of an encrypted message. The researchers say their system provides strong security while using bandwidth much more efficiently than similar solutions.Read Replies (0)
By manishs from Slashdot's easy-fix department
Dan Goodin, reporting for Ars Technica: Over the past few months, a cluster of megabreaches has dumped account credentials for a mind-boggling 642 million accounts into the public domain, where they can then be used to compromise other accounts that are protected by the same password. Now, there's software that can streamline this vicious cycle by testing for reused passcodes on Facebook and other popular sites. Shard, as the command-line tool has been dubbed, is designed to allow end users to test if a password they use for one site is also used on Facebook, LinkedIn, Reddit, Twitter, or Instagram, its creator, Philip O'Keefe, told Ars. The security researcher said he developed the tool after discovering that the randomly generated eight-character password protecting several of his accounts was among the more than 177 million LinkedIn passwords that were leaked in May. "I used that password as a general password for many services," he wrote in an e-mail. "It was a pain to remember which sites it was shared and to change them all. I use a password manager now."Read Replies (0)
By manishs from Slashdot's build-your-own-device department
Motherboard has an article in which it argues that PC gaming is still way too hard. The author of the article claims that for one to build a gaming PC, they need an "unreasonable" amount of disposable income, and also have an unreasonable amount of time to "research, shop around, and assemble parts" for their computer. The author adds that a person looking into making one such gear also needs to always have to keep investing time and money in as long as they want to stay at the cutting edge or recommended specifications range for new PC games. The author has shared the experience he had building his own gaming PC. An excerpt from it: The process of physically building a PC is filled with little frustrations, and mistakes can be costly and time consuming. I have big, dumb, sausage fingers, so mounting the motherboard into the case, and screwing in nine (!) tiny screws to keep it in place in a cramped space, in weird angles, where dropping the screwdriver can easily break something expensive -- it's just not what I'd call "consumer-friendly." This is why people buy from Apple. It designs everything from the trackpad to the box the computer comes in, which unfolds neatly to reveal everything you need. Apple reduces friction to the point where even my mom could upgrade the RAM on her iMac, and it can do this because it controls everything that goes in that box.That's accurate. But it also means -- at least as of today -- that the current Apple computer -- MacBook Air, MacBook, iMac, Mac Mini you purchase packs in at least three-year-old components.Read Replies (0)
By manishs from Slashdot's take-precaution department
An anonymous reader writes: Users eager to get their hands on the new Nintendo mobile gaming app Pokemon GO, downloading unofficial copies of the game are opening themselves up to hackers who are circulating malicious versions of the Android APK. A remote access tool (RAT), known as DroidJack (or SandroRAT), has been added to some APK files, allowing third parties to gain full control over the users' mobile devices. Permissions granted to the dodgy app include; directly calling phone numbers, reading phone status' and identities, editing and reading text messages, sending SMS messages and recording audio.The problem is that Pokemon Go is not officially available in every region, and the Google PlayStore doesn't let people in an unsupported region download the app. Also, millions of smartphones and tablets don't support many Google Mobile Services (GMS). While we do not condone downloading installation files of Android apps and games from unofficial stores, APKMirror is one of the few places that we would suggest our readers to check as it has a very commendable track record.Read Replies (0)
By manishs from Slashdot's digital-world-vs-natural-experience department
As more people come online and get hold of smartphones, we are witnessing a generation that is reliant on their phones to get news, entertainment, and educational resources among other things. They watch movies and TV shows on Netflix and other services, and they listen to music on Spotify, Apple Music and YouTube. Naturally, you would think that people in the Broadway theater business must be threatened that nobody will physically attend their show anymore, but that's not necessarily the case, at least not with everyone. Take Jeffrey Seller, for example, the producer of Broadway megahit Hamilton refuses to fold to the virtual reality laden world, and he has numbers on his side. From a Recode article (you can also found an hour-long podcast on this there): The success of "Hamilton," which is sold out in New York through May 2017 and will soon spread to Chicago, San Francisco and London, has convinced Seller that demand for a real, non-digital experience is stronger than ever. He said 13 million people went to see Broadway shows in the past season, and only 500,000 of those were "Hamilton" attendees. By contrast, when Seller first made a splash as the co-producer of "Rent" in 1996, he estimated total Broadway attendance was around eight million to nine million people. "Experiencing art live with friends, with family, with people we love, is so rewarding that people are searching it out amidst the digital age, in which our faces are in our phones seemingly every other hour of the day," he said.Explaining why he thinks that virtual reality cannot completely take over, in a rather crass example, Seller adds, "Do you want to have sex or do you want to have a virtual reality experience of sex?"Read Replies (0)
By manishs from Slashdot's security-woes department
Joseph Cox, reporting for Motherboard: Medium has become the go-to home for extended blog posts from researchers, CEOs, and even the President of the United States. Now, one hacker has found a way to edit or delete any post on the publishing platform. "I tried to think of different possibilities or testing cases on how can I delete a story of any user. And fortunately, I found a severe bug," Philippines-based freelance penetration test and bug bounty hunter Allan Jay Dumanhug told Motherboard in an email. The trick, Dumanhug explained in a blog post published at the end of last month, centres around Medium's "Publications" feature. Users can create their own publications -- perhaps a page dedicated to infosec news, for example -- and then request to add other users' posts to it. Each post on Medium is given its own unique, 12-character identifier code. The person who authored the post has to approve that request, otherwise their story doesn't go anywhere. But Dumanhug found that while adding his own story to his own publication, he could intercept the HTTP request and simply change the identifier to that of another post.Read Replies (0)
By manishs from Slashdot's gotta-catch-them-all department
Who would have thought that Nintendo will ever make a strong return to the market... especially with an app that is not designed for company's signature hardware. But that is exactly what has happened. Shares in Nintendo soared again on Monday, according to a report on Reuters, bringing market-value gains to $7.5 billion in just two days as investors cheered the runaway success of Pokemon Go, the company's first long-awaited title in mobile gaming. From the report: The game, which marries a classic 20-year old franchise with augmented reality, allows players to walk around real-life neighbourhoods while seeking virtual Pokemon game characters on their smartphone screens - a scavenger hunt that has earned enthusiastic early reviews. In the United States, by July 8 -- two days after its release -- it was installed on more than 5 percent of Android devices in the country, according to web analytics firm SimilarWeb. It is now on more Android phones than dating app Tinder and its rate of daily active users was neck and neck with social network Twitter, the analytics firm said. The game is also being played an average of 43 minutes a day, more time spent than on WhatsApp or Instagram, it added. Update: 07/11 11:03 GMT by M :A report on Quartz states that Pokemon Go has added nearly 11 billion USD to the value of Nintendo since its release.Read Replies (0)
By manishs from Slashdot's coming-to-terms-with-it department
An anonymous reader shares a Quartz report: The job site Indeed.com found Silicon Valley's hold on tech workers is slipping as opportunities, and the cost of living, changes the equation for living and working in one of the priciest places in the country. "There is more opportunity for tech professionals in more places than ever before," wrote Terence Chiu, vice president of Indeed Prime by email, citing cities such as Austin, Boston, Seattle, and New York City. "Obviously the San Francisco Bay remains the largest tech hub [but] what has made it so attractive has also made it expensive." Indeed's most recent survey of professional tech workers found more than 66% of tech workers say living and working in Silicon Valley is either "not that important" or "not at all important" for a career in technology. Just 12% consider it "very important." Opinions were split on generational lines. About half of millennial tech workers say it's important (26.5%) or very important (19%), but the number declined to 10.2% among the Boomer generation. "Seasoned talent is often searching for opportunity elsewhere," stated the report. New employees may see the high cost of living as an acceptable tradeoff for building up a reputation and experience in the Bay Area, but that seems to fade over time.Recently, Google co-founder Sergey Brin advised people to not come to Silicon Valley to start a business for the very same reasons.Read Replies (0)
By EditorDavid from Slashdot's what's-up,-doc? department
Slashdot reader schwit1 quotes an article from the New York Times: Something strange is going on in medicine. Major diseases, like colon cancer, dementia and heart disease, are waning in wealthy countries, and improved diagnosis and treatment cannot fully explain it...it looks as if people in the United States and some other wealthy countries are, unexpectedly, starting to beat back the diseases of aging. The leading killers are still the leading killers -- cancer, heart disease, stroke -- but they are occurring later in life, and people in general are living longer in good health.
The Times cites one researcher's pet theory" that the cellular process of aging itself may be gradually changing in humans' favor.Read Replies (0)
By EditorDavid from Slashdot's war-games department
Slashdot reader alphadogg quotes an article from Network World:
The new documentary about Stuxnet, "Zero Days", says the U.S. had a far larger cyber operation against Iran called Nitro Zeus that has compromised the country's infrastructure and could be used as a weapon in any future war. Quoting unnamed sources from inside the NSA and CIA, the movie says the Nitro Zeus program has infiltrated the systems controlling communications, power grids, transportation and financial systems, and is still ready to "disrupt, degrade and destroy" that infrastructure if a war should break out with Iran...
For the more technically inclined, the film contains some riveting interviews with researchers at Symantec who devoted their lives to unraveling the code line by line to figure out what it did, how it did it, who created it and what the target was. It was also a bit chilling in that after they figured out that governments were behind the worm they worried that the researchers themselves might be targeted to keep them silent. One Friday night, says Symantec researcher Eric Chien, he said to his research partner Liam O Murchu, "I'm not suicidal. If I should show up dead on Monday, it wasn't me."
In the film former NSA and CIA director Gen. Michael Hayden says "This stuff is hideously over classified."Read Replies (0)
By EditorDavid from Slashdot's forking-your-coding department
An anonymous Slashdot reader writes:
I always see a lot of different opinions about programming languages, but how much choice do you really get to have over which language to use? If you want to develop for Android, then you're probably using Java...and if you're developing for iOS, then you've probably been using Swift or Objective-C. Even when looking for a job, all your most recent job experience is usually tied up in whatever language your current employer insisted on using. (Unless people are routinely getting hired to work on projects in an entirely different language than the one that they're using now...)
Maybe the question I really want to ask is how often do you really get to choose your programming languages... Does it happen when you're swayed by the available development environment or intrigued by the community's stellar reputation, or that buzz of excitement that keeps building up around one particular language? Or are programming languages just something that you eventually just fall into by default?
Leave your answers in the comments. How often do you switch programming languages?Read Replies (0)
By EditorDavid from Slashdot's we-are-the-FBI department
A federal grand jury has indicted "KYAnonymous" -- more than three years after FBI agents raided and searched his home -- and charged him under the Computer Fraud and Abuse Act. An anonymous Slashdot reader quotes an article from Ars Technica:
After The New York Times published an account [late in 2012] of a horrific rape against a teenage girl in Steubenville, Ohio, an online vigilante campaign was started...the campaign targeted local officials who the vigilantes felt weren't prosecuting the rape investigation seriously because the alleged perpetrators were high school football players... Two teenage boys ended up being charged, and when the case went to trial in March 2013, the two were convicted of rape and sentenced to one to two years in prison.
The indictment says Deric Lostutter "knowingly and intentionally joined and voluntarily participated in a conspiracy" to "harass and intimidate and to gain publicity for their online identities," according to the Lexington Herald-Leader. "If convicted in the Kentucky case, Lostutter could face a maximum penalty of 16 years in prison (no more than five years on each of three counts, and one year on a fourth)..."
"The federal search warrant of Lostutter's home listed 'Guy Fawkes masks' among the items agents were looking for."Read Replies (0)