By manishs from Slashdot's curious-case-of-Telegram department
Earlier this week, The Intercept evaluated the best instant messaging clients from the privacy standpoint. The list included Facebook's WhatsApp, Google's Allo, and Signal -- three apps that employ end-to-end encryption. One popular name that was missing from the list was Telegram. A report on Gizmodo sheds further light on the matter, adding that Telegram is riddled with a wide range of security issues, and "doesn't live up to its proclamations as a safe and secure messaging application." Citing many security experts, the report states:One major problem Telegram has is that it doesn't encrypt chats by default, something the FBI has advocated for. "There are many Telegram users who think they are communicating in an encrypted way, when they're not because they don't realize that they have to turn on an additional setting," Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. "Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if it's not turned on by default, it doesn't matter."The other issue that security experts have taken a note of is that Telegram employs its own encryption, which according to them, "is widely considered to be a fatal flaw when developing encrypted messaging apps." The report adds:"They use the MTproto protocol which is effectively homegrown and I've seen no proper proofs of its security," Alan Woodward, professor at the University of Surrey told Gizmodo. Woodward criticized Telegram for their lack of transparency regarding their home cooked encryption protocol. "At present we don't know enough to know if it's secure or insecure. That's the trouble with security by obscurity. It's usual for cryptographers to reveal the algorithms completely, but here we are in the dark. Unless you have considerable experience, you shouldn't write your own crypto. No one really understands why they did that."The list goes on and on.Read Replies (0)
By EditorDavid from Slashdot's commuting-cops department
Since the Uber and Lyft ride-sharing apps stopped service in Austin, drunk driving has increased, riders are hunting for alternatives, and the police are conducting undercover sting operations against unauthorized ride-sharing drivers. With Chicago also considering new restrictions on ride-sharing apps, Slashdot reader MarkWhittington shares this report from Austin:
With thousands of drivers and tens of thousands of riders who once depended on ride-sharing services in a lurch, a group called Arcade City has tried to fill the void with a person-to-person site to link up drivers and riders who then negotiate a fare. Of course, according to a story on KVUE, the Austin city government, and the police are on the case. The Austin Police Department has diverted detectives and resources to conduct sting operations on ride-sharing drivers who attempt to operate without official sanction. Undercover operatives will arrange for a ride with an Arcade City driver and then bust them, impounding their vehicle and imposing a fine.
"The first Friday and Saturday after Uber was gone, we were joking that it was like the zombie apocalypse of drunk people," one former ride-sharing driver told Vocative.com. Earlier this month the site compared this year's drunk driving arrests to last years -- and discovered that in the three weeks since Uber and Lyft left Austin, 7.5% more people have been arrested for drunk driving.Read Replies (0)
By EditorDavid from Slashdot's short-circuits department
Slashdot reader Taco Cowboy brings a new report about Russian robot IR77, which has escaped from its research lab again...
The story goes that an engineer working at Promobot Laboratories, in the Russian city of Perm, had left a gate open. Out trundled Promobot, traveling some 150 feet into the city before running out of juice. There it sat, batteries mostly dead, in the middle of a Perm street for 40 minutes, slowing cars to a halt and puzzling traffic cops
A researcher at Promobot's facility in Russia said that the runaway robot was designed to interact with human beings, learn from experiences, and remember places and the faces of everyone it meets. Other versions of the Promobot have been docile, but this one just can't seem to fall in line, even after the researchers reprogrammed it twice. Despite several rewrites of Promobot's artificial intelligence, the robot continued to move toward exits. "We have changed the AI system twice," Kivokurtsev said. "So now I think we might have to dismantle it".
Fans of the robot are pushing for a reprieve, according to an article titled 'Don't kill it!': Runaway robot IR77 could be de-activated because of 'love for freedom'Read Replies (0)
By EditorDavid from Slashdot's watch-your-language department
"Researchers have discovered a vulnerability within the Swagger specification which may place tools based on NodeJS, PHP, Ruby, and Java at risk of exploit," warns ZDNet's blog Zero Day, adding "the severe flaw allows attackers to remotely execute code." Slashdot reader msm1267 writes:
A serious parameter injection vulnerability exists in the Swagger Code Generator that could allow an attacker to embed executable code in a Swagger JSON file. The flaw affects NodeJS, Ruby, PHP, Java and likely other programming languages. Researchers at Rapid7 who found the flaw disclosed details...as well as a Metasploit module and a proposed patch for the specification. The matter was privately disclosed in April, but Rapid7 said it never heard a response from Swagger's maintainers. Swagger produces and consumes RESTful web services APIs; Swagger docs can be consumed to automatically generate client-server code. As of January 1, the Swagger specification was donated to the Open API Initiative and became the foundation for the OpenAPI Specification. The vulnerability lies in the Swagger Code Generator, and specifically in that parsers for Swagger documents (written in JSON) don't properly sanitize input. Therefore, an attacker can abuse a developer's trust in Swagger to include executable code that will run once it's in the development environment.Read Replies (0)
By BeauHD from Slashdot's under-the-political-radar department
HughPickens.com writes: With nearly 40 percent of all pregnancies in the United States unintended, birth control is a critical public health issue. For short-term methods, visiting the doctor for a prescription can be time-consuming and sometimes costly and for some, like teenagers, it can be intimidating or embarrassing. Now Pam Belluck reports at the NYT that a growing assortment of new apps and websites now make it possible to get prescription contraceptives without going to the doctor as public health experts hope the new apps will encourage more women to start, or restart, using contraception and help reduce the country's stubbornly high rate of unintended pregnancies, as well as the rate of abortions. At least six digital ventures, by private companies and nonprofits, including Planned Parenthood, now provide prescriptions written by clinicians after women answer questions about their health online or by video. All prescribe birth control pills, and some prescribe patches, rings and morning-after pills and some ship contraceptives directly to women's doors. "At first I didn't believe it," said Susan Hashem, who wanted to restart birth control pills without missing work for a doctor's appointment. Hashem used an app called Lemonaid and paid $15 for a doctor to review her medical information and send a pill prescription to a local pharmacy. "I thought it was just a setup to get money," Hashem said. But after she answered the health questions one evening, "a doctor actually contacted me after office hours," and the next morning, she picked up three months' worth of pills.Read Replies (0)
By BeauHD from Slashdot's automated-pizza-making department
kheldan writes: Do you want robots making your pizza? Alex Garden, co-founder and executive chairman of Mountain View startup Zume, is betting you will. Garden, the former president of Zynga Studios, was previously a general manager of Microsoft's Xbox Live. Garden launched Zume in stealth mode last June, when he began quietly recruiting engineers under a pseudonym and building his patented trucks in an unmarked Mountain View garage. In September, he brought on Julia Collins, a 37-year-old restaurant veteran. She became chief executive officer and a co-founder. Collins was previously the vice president and CEO of Harlem Jazz Enterprises, the holding company for Minton's, a historic Harlem eatery. The company consists of an army of robot sauce-spreaders and trucks packed full of ovens. "In the back of Mountain View's newest pizzeria, Marta works tirelessly, spreading marinara sauce on uncooked pies. She doesn't complain, takes no breaks, and has never needed a sick day. She works for free." The pie then "travels on a conveyer belt to human employees who add cheese and toppings." From there, "The decorated pies are then scooped off the belt by a 5-foot tall grey automation, Bruno, who places each in a 850-degree oven. For now, the pizzas are fully cooked and delivered to customers in branded Fiats painted with slogans, including: 'You want a piece of this?' and 'Not part of the sharing economy.'" Garden says, "We are going to be the Amazon of food. [...] Just imagine Domino's without the labor component. You can start to see how incredibly profitable that can be."Read Replies (0)
By BeauHD from Slashdot's sell-out department
An anonymous reader writes: According to Snapchat's latest patent filings, the company could begin paying users to post photos and videos. Los Angeles Times reports: "The filings reveal that Snapchat automatically could analyze annotations on an image, including text and digital stickers, to prompt users to place their image in a collective gallery. In other words, people who type some variation of 'Clippers!!!' on top of their photo during a Clippers basketball game would have access to a library of images related to the game. Especially intriguing, the company could use computer vision technology to identify objects in an image -- say, a Coke bottle -- to encourage a user to share the shot in a Coca-Cola-sponsored story. Contributors could walk away with cash through a flat fee or some other deal based on views or sales generated by the story. The idea in the patent filing also would give advertisers an official way to compensate people for creative posts, compared with the usual strategy of paying top users to turn their personal accounts into an ad. Other types of automatically generated galleries mentioned in the patent application include stories based on a time stamp, temperature or movement. People could definite their own categories too. Curation of the galleries could be optional, with object recognition and text analysis as potential ways to filter inappropriate submissions. Users who get into audio timeline could get paid too, the patent filing states."Read Replies (0)
By BeauHD from Slashdot's beginning-of-the-end department
An anonymous reader writes: Microsoft's Surface 3 may be coming to an end. Brad Sams at Thurrott.com reports that many versions of the Surface 3 are listed as being out of stock in Microsoft's online store, with no expected availability. He notes that the only version in stock online is the version with 2GB RAM/64GB storage/LTE. There's more availability in-store, but stock appears to be limited overall. What this generally means is that manufacturing is slowing down or going to stop entirely. In a statement, Microsoft said: "Since launching Surface 3 over a year ago, we have seen strong demand and satisfaction amongst our customers. Inventory is now limited and by the end of December 2016, we will no longer manufacture Surface 3 devices." It's possible a Surface 3 successor is right around the corner, although Ars Technica notes "there hasn't even been the merest hint of a rumor about such a device." The Surface 3 is being powered by a Cherry Trail Atom processor, which hasn't seen a major upgrade or replacement since they were released in the first quarter of 2015. "Without new processors, there's little reason to update the Surface 3 line," writes Ars. Microsoft could equip the Surface 3 successor with a Core M processor, but the implications of that decision would likely cause the device's price to shoot up or cause the device's quality to significantly decrease. Microsoft may simply abandon the segment entirely and focus strictly on the Surface Pro line.Read Replies (0)
By manishs from Slashdot's playing-with-fire department
Apple doesn't like collecting your data. This is one of iPhone maker's biggest selling points. But this approach has arguably acted as a major roadblock for Apple in its AI and bots efforts. With iOS 10, the latest version of company's mobile operating system, Apple announced that it will begin collecting a range of new information as it seeks to make Siri and iPhone as well as other apps and services better at predicting the information its owner might want at a given time. Apple announced that it will be collecting data employing something called differential privacy. The company wasn't very clear at the event, which caused confusion among many as to what data Apple is exactly collecting. But now it is offering more explanation. Recode reports:As for what data is being collected, Apple says that differential privacy will initially be limited to four specific use cases: New words that users add to their local dictionaries, emojis typed by the user (so that Apple can suggest emoji replacements), deep links used inside apps (provided they are marked for public indexing) and lookup hints within notes. Apple will also continue to do a lot of its predictive work on the device, something it started with the proactive features in iOS 9. This work doesn't tap the cloud for analysis, nor is the data shared using differential privacy.Additionally, Recode adds that Apple hasn't yet begun collecting data, and it will ask for a user's consent before doing so. The company adds that it is not using a users' cloud-stored photos to power its image recognition feature.Read Replies (0)