By EditorDavid from Slashdot's tweet-revenge department
The man who sent Twitter's very first public tweet now also becomes the first Twitter CEO to have his own Twitter account compromised. An anonymous reader quotes a report from Digital Trends about this weekend's wave of high-profile attacks:
At 2:50 a.m. ET, a tweet reading, "Hey, its OurMine, we are testing your security" and linking to the group's website was briefly posted, and while it was soon deleted, identical tweets continued to appear... The group has previously taken over other social media accounts, including Google's Sundar Pichai's Quora account, and Mark Zuckerberg's Instagram, LinkedIn, Pinterest, and Twitter accounts...
Dorsey also wasn't the only tech heavy hitter whose Twitter account was breached during that 24-hour period. Yahoo CEO Marissa Mayer and venture capitalist Vinod Khosla also saw breaches to their accounts, both of which were attributed to OurMine.
The Tweets may have come from Vine, according to Digital Trends, "which suggests that Dorsey was either using an old or shared password on the video network, or had otherwise connected his account to a compromised service...it's certainly alarming that a man who ostensibly is more aware than most of security protocols (especially on Twitter) fell victim to such an attack..."Read Replies (0)
By EditorDavid from Slashdot's see-you-in-court department
The Independent newspaper reports that the warrantless NSA surveillance programs revealed by Edward Snowden are facing a constitutional challenge in court for the first time:
Lawyers for Mohamed Mohamud have argued that surveillance evidence used to convict the Somali-American man, found guilty of plotting to bomb a Christmas tree-lighting ceremony, was gathered in a manner that was unconstitutional. The lawyers laid out their arguments on Wednesday before a panel of judges of the 9th US Circuit Court of Appeals in Portland, close to the plaza where Mohamud tried detonating a fake bomb that was part of an undercover operation...
Stephen Sady, Mohamud's lawyer, urged the court to grant his client a new trial on the grounds that the evidence used against Mohamud should never have been permitted in the courtroom. Mr Sady told the judges that using surveillance information on foreigners, which does not require a warrant, to spy on any Americans they communicate with was "an incredible diminution of the privacy rights of all Americansâ¦ That is a step that should never be taken."
Last year saw
a record number of wiretaps authorized by state and federal judges -- 4,148, more than twice as many as the 1,773 that took place in 2005 -- and not a single request was rejected. (More than 95% were for cellphones, and 81% for narcotics investigations.) But The Independent notes that U.S. law enforcement officials have admitted they also "incidentally" collect information about Americans without a warrant, and then sometimes later use that information in criminal investigations.
In Mohamud's case, which dates back to 2010, "There's no doubt he tried to explode a car bomb in America," writes Slashdot reader Bruce66423, arguing that this case "elegantly demonstrates the issue of how far legal rights should overwhelm common sense."Read Replies (0)
By manishs from Slashdot's what's-happening? department
Tech job postings are down 40% year-on-year, says Cameron Moll, founder of job board Authentic Jobs. He says that job volume for April 2016 was nearly half the volume of April 2015, and currently, annual job posting volume is 63% on the platform compared to 2015, and 59% compared to 2014. But wait, there is always a chance that it is only his website that is getting less popular, right? Mr. Moll adds that it's not just his job board, but several of the competitors' as well. From a blog post: On one hand, we're cautious to assume that fewer jobs posted = fewer jobs available. We recognize companies have many avenues for advertising available jobs -- social media, recruiters, employee word-of-mouth, company websites, etc. Companies may choose at any time to broadcast jobs through these channels instead of a job board. So, for all intents and purposes, it's feasible the same number of jobs are available this year compared to previous years, just not on job boards. On the other hand, our volume trends have been very consistent the past four years. However, these trends are suddenly meaningless in 2016. It's anyone's guess what our volume will be each month regardless of what the historical data says.Read Replies (0)
By manishs from Slashdot's correlation-is-causation department
A report on CNBC, citing sellers, says that counterfeit problem on the platform has gotten worse after it made it easier for Chinese manufacturers to sell goods to U.S. consumers. The report gives an example of a seller Jamie Whaley who started a bedding business on Amazon that reached $700,000 in annual sales within three years. Her patented product called BedBand consists of a set of shock cords, clamps and locks designed to keep fitted bed sheets in place. Whaley found quite an audience, selling up to 200 units a day for $13.99 a set. BedBand climbed into the top 200 selling products in the home and kitchen category. That was 2013. By mid-2015, the business was in a tailspin. Revenue plummeted by half and Whaley was forced to lay off eight employees. Her sheet fastener had been copied by a legion of mostly Chinese knockoffs that undercut BedBand on price and jumped the seller ranks by obtaining scores of reviews that watchdog site Fakespot.com determined were inauthentic and "harmful for real consumers." The report adds:Spend any time surveying Amazon sellers and Whaley's narrative will start sounding like the norm. In Amazon's quest to be the low-cost provider of everything on the planet, the website has morphed into the world's largest flea market -- a chaotic, somewhat lawless, bazaar with unlimited inventory. Always a problem, the counterfeiting issue has exploded this year, sellers say, following Amazon's effort to openly court Chinese manufacturers, weaving them intimately into the company's expansive logistics operation. Merchants are perpetually unsure of who or what may kill their sales on any given day and how much time they'll have to spend hunting down fakers.Read Replies (0)
By EditorDavid from Slashdot's unique-identifiers department
Slashdot reader schwit1 quotes an article from Bloomberg: These days, many of us regularly feed pieces of ourselves into machines for convenience and security. Our fingerprints unlock our smartphones, and companies are experimenting with more novel biometric markers -- voice, heartbeat, grip -- as ID for banking and other transactions. But there are almost no laws in place to control how companies use such information. Nor is it clear what rights people have to protect scans of their retinas or the contours of their face from cataloging by the private sector.
There's one place where people seeking privacy protections can turn: the courts. A series of plaintiffs are suing tech giants, including Facebook and Google, under a little-used Illinois law. The Biometric Information Privacy Act, passed in 2008, is one of the only statutes in the U.S. that sets limits on the ways companies can handle data such as fingerprints, voiceprints, and retinal scans. At least four of the suits filed under BIPA are moving forward... Under the Illinois law, companies must obtain written consent from customers before collecting their biometric data. They also must declare a point at which they'll destroy the data, and they must not sell it... "Social Security numbers, when compromised, can be changed," the law reads. "Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, [and] is at heightened risk for identity theft."Read Replies (0)
By EditorDavid from Slashdot's Dr.-Evil department
America's Federal Trade Commission is now investigating the "infidelity hookup site" Ashley Madison. In a possibly-related development, an anonymous reader writes:
Ashley Madison's new executive team "admits that it used fembots to lure men into paying to join the site," reports Arts Technica. More than 75% of the site's customers were convinced to join by an army of 70,000 fembot accounts, "created in dozens of languages by data entry workers...told to populate these accounts with fake information and real photos posted by women who had shut down their accounts on Ashley Madison or other properties owned by Ashley Madison's parent company, Avid Life Media... In reality, that lady was a few lines of PHP... In internal company e-mails, executives discussed openly that only about five percent of the site's members were real females."
The company only abandoned the practice in 2015, and CNN also reports that for years, if the site's male customers complained, Ashley Madison "threatened to send paperwork to users' homes if they disputed their bills -- potentially revealing cheaters to their spouses," while one user complained that the site also automatically signed up customers for recurring billing. "We are not threatening you. We are laying the facts to you..." one e-mail read, while another warned that "We do fight all charge backs."Read Replies (0)
By EditorDavid from Slashdot's open-source-in-memory-data-structure-store department
An anonymous Slashdot reader writes:
Security researchers have discovered over 6,000 compromised installations of Redis, the open source in-memory data structure server, among the tens of thousands of Redis servers indexed by Shodan. "By default, Redis has no authentication or security mechanism enabled, and any security mechanisms must be implemented by the end user."
The researchers also found 106 different Redis versions compromised, suggesting "there are a lot of Redis installations that are not upgrading to the most recent versions to fix any known security issues." 5,892 infections were linked to the same email address, with two more email addresses that were both linked to more than 200. "The key take away from this research for us has been that insecure default installations continue to be a significant issue, even in 2016."
Redis "is designed to be accessed by trusted clients inside trusted environments," according to its documentation. "This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket... Redis is not optimized for maximum security but for maximum performance and simplicity."Read Replies (0)
By BeauHD from Slashdot's no-minors-allowed department
An anonymous reader quotes a report fro The Register: The UK's possible future prime minister thinks all websites should be classified with minimum age ratings, just like films. Andrea Leadsom is one of two candidates left in the race for the leadership of the Conservative Party; the winner of which will become the country's Prime Minister. Although many are concerned with the authoritarian stance taken by her rival, Theresa May, Leadsom's views on many topics -- including the internet -- have come under scrutiny following her unexpected success in the leadership election. Key among those is Leadsom's apparent belief that the best solution to troublesome content on the internet is to have film-rating organization the British Board of Film Classification rate all websites, and have any unrated websites blocked by ISPs. [Writing in the New Statesman back in 2012, she focused, initially, on the need to protect children. "There are two sound ways to ensure that children are not exposed to dangerous or disturbing content," she argued. "At the level of Internet Service Provider, individual sites can be blocked 'at source' by ISPs [...] The other way is with a move away from the standard '.co.uk' and '.com' top level domains (TLDs) for more explicit content, to separate entirely inappropriate sections of the web."] She argues: "Outside of cyberspace, we have bodies such as Ofcom and the British Board of Film Classification that continually work to ensure our children are not exposed to the wrong things. This could be implemented in some way online, whereby a website would have to have its content 'rated' before being accessible online. While it sounds like a massive leap, the majority of new websites already go through testing when they are hosted to make sure that a site is intact and that files and content are free of viruses. This would simply be adding another check to the list, and in reality it is a burden already carried by film-makers."Read Replies (0)
By BeauHD from Slashdot's every-four-years department
SpzToid quotes a report from Reuters: On Saturday, the reward for [bitcoin] miners will be slashed in half. Written into bitcoin's code when it was invented in 2008 was a rule dictating that the prize would be halved every four years, in a step designed to keep a lid on bitcoin inflation. From around 1700 GMT on Saturday, instead of 25 bitcoins up for grabs globally every 10 minutes, worth around $16,000 at the current rate BTC=BTSP, there will be just 12.5. That means only the mining companies with the leanest operations will survive the ensuing profit hit. "The most important thing is to be the most efficient miner," said Streng, the 26-year-old co-founder of German firm Genesis Mining, which has "mining farms" in Canada, the United States and eastern Europe, as well as in Iceland. "When the others drop out, that means that they leave the market and give you a bigger share of the pie."Read Replies (0)
By BeauHD from Slashdot's bigger-than-a-planet-smaller-than-a-star department
An anonymous reader quotes a report from Scientific American: For the first time ever, astronomers have found strong evidence of water clouds on a body outside the solar system. New observations of a frigid object called WISE 0855, which lies 7.2 light-years from Earth, suggest that the "failed star" has clouds of water, or water ice, in its atmosphere, the researchers said. "We would expect an object that cold to have water clouds, and this is the best evidence that it does," study lead author Andrew Skemer, an assistant professor of astronomy and astrophysics at the University of California, Santa Cruz, said in a statement released by the university. Scientists discovered WISE 0855 in 2014, using data from NASA's Wide-field Infrared Survey Explorer (WISE) spacecraft. A later paper in 2014 (co-authored by Skemer) uncovered some evidence of water clouds in the object's atmosphere, based on limited photometric data (how bright the object is in specific light wavelengths). In the new study, Skemer and his colleagues used the Gemini North telescope in Hawaii to study the brown dwarf for 13 nights. Gemini North is located on the highest Hawaiian mountain (Mauna Kea), at an altitude with little water vapor to interfere with telescopic observations. These observations allowed the astronomers to make the first spectroscopy (light fingerprint) measurements of WISE 0855. The team found water vapor and also confirmed the object's temperature, which is about minus 10 degrees Fahrenheit (minus 23 degrees Celsius, or 250 kelvins).Read Replies (0)
By BeauHD from Slashdot's coming-soon-to-a-theater-near-you department
HughPickens.com writes: Seth Abramovitch reports in the Hollywood Reporter that actor and LGBT activist George Takei says Paramount's plans to have Sulu's character in the upcoming 'Star Trek Beyond' the first LGBTQ lead character in Star Trek history is out of step with what creator Gene Roddenberry would have wanted. [Roddenberry] "was a strong supporter of LGBT equality," says Takei, now 79. "But he said he has been pushing the envelope and walking a very tight rope -- and if he pushed too hard, the show would not be on the air." Takei says he'd much prefer that Sulu stay straight. "I'm delighted that there's a gay character," says Takei. "Unfortunately, it's a twisting of Gene's creation, to which he put in so much thought. I think it's really unfortunate." The timeline logic of the new revelation is enough to befuddle even the most diehard of Trek enthusiasts, as the rebooted trilogy takes place before the action of the original series. In other words, assuming canon orthodoxy, this storyline suggest Sulu would have had to have first been gay and married, only to then go into the closet years later. Simon Pegg, who has co-written the latest Star Trek movie, as well as starring as Scotty, has responded to criticism by the actor George Takei at the film-makers' decision to make the character he used to play openly gay. "He's right, it is unfortunate, it's unfortunate that the screen version of the most inclusive, tolerant universe in science fiction hasn't featured an LGBT character until now. We could have introduced a new gay character, but he or she would have been primarily defined by their sexuality, seen as the 'gay character,' rather than simply for who they are, and isn't that tokenism?" says Pegg. "Our Trek is an alternate timeline with alternate details. Whatever magic ingredient determines our sexuality was different for Sulu in our timeline. I like this idea because it suggests that in a hypothetical multiverse, across an infinite matrix of alternate realities, we are all LGBT somewhere."Read Replies (0)
By BeauHD from Slashdot's always-watching department
An anonymous reader quotes a report from Phys.Org: Ransomware -- what hackers use to encrypt your computer files and demand money in exchange for freeing those contents -- is an exploding global problem with few solutions, but a team of University of Florida researchers says it has developed a way to stop it dead in its tracks. The answer, they say, lies not in keeping it out of a computer but rather in confronting it once it's there and, counterintuitively, actually letting it lock up a few files before clamping down on it. "Our system is more of an early-warning system. It doesn't prevent the ransomware from starting [...] it prevents the ransomware from completing its task [...] so you lose only a couple of pictures or a couple of documents rather than everything that's on your hard drive, and it relieves you of the burden of having to pay the ransom," said Nolen Scaife, a UF doctoral student and founding member of UF's Florida Institute for Cybersecurity Research. Scaife is part of the team that has come up with the ransomware solution, which it calls CryptoDrop. "Antivirus software is successful at stopping them when it recognizes ransomware malware, but therein lies the problem," reports Phys.Org. "'These attacks are tailored and unique every time they get installed on someone's system,' Scaife said. 'Antivirus is really good at stopping things it's seen before [...] That's where our solution is better than traditional anti-viruses. If something that's benign starts to behave maliciously, then what we can do is take action against that based on what we see is happening to your data. So we can stop, for example, all of your pictures form being encrypted.' The results, they said, were impressive. 'We ran our detector against several hundred ransomware samples that were live,' Scaife said, 'and in those case it detected 100 percent of those malware samples and it did so after only a median of 10 files were encrypted.'" The University of Florida uploaded a video briefly explaining its software.Read Replies (0)
By BeauHD from Slashdot's false-advertising department
An anonymous reader writes: The Samsung Galaxy S7 Active is apparently not-so-active. It should be the more durable version of the Galaxy S7 family but apparently it's not. Because of this, Consumer reports is not going to mark it as "Recommended" even though it performed very well in all the other tests it ran. [Jerry Beilinson writes from Consumer Reports:] "Consumer Reports technicians placed a Galaxy S7 Active in a water tank pressurized to 2.12 pounds-per-square-inch, the equivalent of just under five feet of water, and set a timer for 30 minutes. When we removed the phone, the screen was obscured by green lines, and tiny bubbles were visible in the lenses of the front- and rear-facing cameras. The touchscreen wasn't responsive. Following our standard procedure when a sample fails an immersion test, we submitted a second Galaxy S7 Active to the same test. That phone failed as well. After we removed it from the tank, the screen cycled on and off every few seconds, and moisture could be seen in the front and back camera lenses. We also noticed water in the slot holding the SIM card. For a couple of days following the test, the screens of both phones would light up when the phones were plugged in, though the displays could not be read. The phones never returned to functionality." Samsung has said "The Samsung Galaxy S7 active device is one of the most rugged phones to date and is highly resistant to scratches and IP68 certified. There may be an off-chance that a defective device is not as watertight as it should be." Although, given the fact that Consumer Reports tested multiple devices, Samsung could have a widespread issue on their hands. They company said it is investigating the issue.Read Replies (0)