By EditorDavid from Slashdot's then-let's-also-phish-PayPal department
During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word 'PayPal' in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites, according to an analysis carried out on a small sample of 1,000 domains, by Vincent Lynch, encryption expert for The SSL Store... Lynch, who points out the abuse of Let's Encrypt's infrastructure, doesn't blame the Certificate Authority (CA), but nevertheless, points out that other CAs have issued a combined number of 461 SSL certificates containing the term "PayPal" in the certificate information, which were later used for phishing attacks... Phishers don't target these CAs because they're commercial services, but also because they know these organizations will refuse to issue certificates for certain hot terms, like "PayPal," for example. Back in 2015, Let's Encrypt made it clear in a blog post it doesn't intend to become the Internet's HTTPS watchdog.
Of course, some web browsers don't even check whether a certificate has been revoked. An anonymous reader writes:
Browser makers are also to blame, along with "security experts" who tell people HTTPS is "secure," when they should point out HTTPS means "encrypted communication channel," and not necessarily that the destination website is secure.Read Replies (0)
By EditorDavid from Slashdot's old-OS's department
dryriver writes: A company named Arca Noae is working on a new release of the X86 OS/2 operating system code named "Blue Lion" and likely called ArcaOS 5 in its final release. Blue Lion wants to be a modern 21st Century OS/2 Warp, with support for the latest hardware and networking standards, a modern accelerated graphics driver, support for new cryptographic security standards, full backward compatibility with legacy OS/2, DOS and Windows 3.1 applications, suitability for use in mission-critical applications, and also, it appears, the ability to run "ported Linux applications". Blue Lion, which appears to be in closed beta with March 31st 2017 cited as the target release date, will come with up to date Firefox browser and Thunderbird mail client, Apache OpenOffice, other productivity tools, a new package manager, and software update and support subscription to ensure system stability. It is unclear from the information provided whether Blue Lion will be able to run modern Windows applications.Read Replies (0)
By EditorDavid from Slashdot's machines-for-mobs department
"Are you an urban police force thinking about how to control your fellow humans?" jokes Cory Doctorow. "Look no farther! Your pals at Bozena have an all-new RIOT system, a crowd-control killdozer for all your protest-suppressing needs!" He's one of several web commentators marveling at the marketing copy for a Slovenian company's new anti-riot machinery, also spotted by Slashdot reader drunkdrone. Some quotes from the BOZENA RIOT SYSTEM site about the device's features:
Easy attachable bulldozer blade.
The [6,600 pound] shield comes equipped with launching ports designed for use of guns or other rubber projectiles launchers.
The trailer is capable of displacing the water/foam or its mixtures (available additives: pepper or painting substances) under the high pressure into the distance of several dozen meters.
Communication with rioters through the loudspeakers.
Designed to control riots in streets and urbanized areas...intended predominantly for the special military and police units responsible for the CROWD CONTROL during the violent political/social demonstrations, against football hooligans, etc.Read Replies (0)
By EditorDavid from Slashdot's watching-what-you-watch department
"A week after Google apologized for running customers' advertisements alongside objectionable videos, triggering a change in policy, its YouTube site is still rife with examples that are angering more big advertisers and causing some to cut spending with the tech giant," reports the Dow Jones Newswire. Reporters from the Wall Street Journal spotted ads from Microsoft, Amazon, and Procter & Gamble appearing on hate videos -- and thus indirectly funding them. An anonymous reader quotes their report:
Asked about the Journal's finding that their ads were still appearing with such content on YouTube as of Thursday night, Coca-Cola, PepsiCo Inc., Wal-Mart Stores Inc. and Dish Network Corp. said Friday they were suspending spending on all Google advertising except targeted search ads. Starbucks Corp. and General Motors Co. said they were pulling their ads from YouTube. FX Networks, part of 21st Century Fox Inc., said it was suspending all advertising spending on Google, including search ads and YouTube. Wal-Mart said: "The content with which we are being associated is appalling and completely against our company values."
An executive at one of the affected companies complained that Google "had assured us over the past few days that our brands were safe from this type of content. Despite their assurances, it's clear they couldn't give assurance."Read Replies (0)
By EditorDavid from Slashdot's sassing-SAS department
This week SAS wrote that open source technology "has its own, often unexpected costs," recommending organizations maintain a balance of 60% proprietary software to 40% open software. An anonymous reader quotes InfoWorld:
How they arrived at this bizarre conclusion is hard to fathom, except that SAS sells more than $1 billion worth of proprietary software every year and presumably would like to continue, despite a clear trend toward open-source-powered analytics... In a Burtch Works survey of over 1,100 quant pros, 61.3% prefer open source R or Python to SAS, and only 38.6% opting for SAS, with that percentage growing for open source options every year.
Worse for SAS, a variety of open source data infrastructure and analytics tools threaten to encroach on its bastions in data management, business intelligence, and analytics... Nearly all innovation in data infrastructure is happening in open source, not proprietary software. That's a tide SAS can try to fight with white papers, but it would do better to join by embracing open source in its product suite.
"In the paper, SAS correctly argues that open source versus proprietary software is not an either/or decision..." writes InfoWorld, but they note that the report also "put the percentage of open source adopters at a mere 25%, which is pathetically wrong." The article suggests a hope that the report "is the product of a rogue field marketing team, and not the company's official position." Adobe's vice president of mobile commented on Twitter, "I just wonder who in their marketing dept thought this was a good idea."Read Replies (0)
By EditorDavid from Slashdot's I'll-be-seeing-you department
America's largest ISP just rolled out a new service that allows small and medium-sized business owners "to oversee their organization" with continuous video surveillance footage that's stored in the cloud -- allowing them to "improve efficiency." An anonymous reader quotes the Philadelphia Inquirer:
Inventory is disappearing. Workplace productivity is off. He said/she said office politics are driving people crazy. Who you gonna call...? Comcast Business hopes it will be the one, with the "SmartOffice" surveillance offering formally launched this week in Philadelphia and across "70 percent of our national [internet] service footprint," said Christian Nascimento, executive director of premise services for the Comcast division. Putting a "Smart Cities" (rather than "Big Brother is watching you") spin on "the growing trend for...connected devices across the private and public sectors," the SmartOffice solution "can provide video surveillance to organizations that want to monitor their locations more closely," Nascimento said...
The surveillance cameras are equipped with zoom lenses, night-vision, motion detection, and wide-angle lenses, while an app allows remote access to the footage from smartphones and tablets (though the footage can also be downloaded, or stored online for up to a month). Last year Comcast was heavily involved in an effort to provide Detroit's police department with real-time video feeds from over 120 local businesses, which the mayor said wouldn't have been successful "Without the complete video technology system Comcast provides."Read Replies (0)
By EditorDavid from Slashdot's beta-Ubuntu department
BrianFagioli writes: The final beta of Ubuntu 17.04 'Zesty Zapus' became available for download Thursday. While it is never a good idea to run pre-release software on production machines, Canonical is claiming that it should be largely bug free at this point. In other words, if you understand the risks, it should be a fairly safe. Home users aside, this is a good opportunity for administrators to conduct testing prior to the official release next month. "The Ubuntu team is pleased to announce the final beta release of the Ubuntu 17.04 Desktop, Server, and Cloud products. Codenamed 'Zesty Zapus', 17.04 continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution," says Adam Conrad, Canonical. "The team has been hard at work through this cycle, introducing new features and fixing bugs."Read Replies (0)
By EditorDavid from Slashdot's future-is-cloud-y department
It was the first widely-adopted open source distributed computing platform. But some geeks running it are telling Datanami that Hadoop "is great if you're a data scientist who knows how to code in MapReduce or Pig...but as you go higher up the stack, the abstraction layers have mostly failed to deliver on the promise of enabling business analysts to get at the data." Slashdot reader atcclears shares their report:
"I can't find a happy Hadoop customer. It's sort of as simple as that," says Bob Muglia, CEO of Snowflake Computing, which develops and runs a cloud-based relational data warehouse offering. "It's very clear to me, technologically, that it's not the technology base the world will be built on going forward"... [T]hanks to better mousetraps like S3 (for storage) and Spark (for processing), Hadoop will be relegated to niche and legacy statuses going forward, Muglia says. "The number of customers who have actually successfully tamed Hadoop is probably less than 20 and it might be less than 10..."
One of the companies that supposedly tamed Hadoop is Facebook...but according to Bobby Johnson, who helped run Facebook's Hadoop cluster before co-founding behavioral analytics company Interana, the fact that Hadoop is still around is a "historical glitch. That may be a little strong," Johnson says. "But there's a bunch of things that people have been trying to do with it for a long time that it's just not well suited for." Hadoop's strengths lie in serving as a cheap storage repository and for processing ETL batch workloads, Johnson says. But it's ill-suited for running interactive, user-facing applications... "After years of banging our heads against it at Facebook, it was never great at it," he says. "It's really hard to dig into and actually get real answers from... You really have to understand how this thing works to get what you want."
< article continued at Slashdot's future-is-cloud-y department
>Read Replies (0)
By EditorDavid from Slashdot's worries-for-Windows-users department
"A zero-day attack called Double Agent can take over antivirus software on Windows machines," Network World reported Wednesday. wiredmikey writes:
The attack involves the Microsoft Application Verifier, a runtime verification tool for unmanaged code that helps developers find subtle programming errors in their applications... [The exploit] allows a piece of malware executed by a privileged user to register a malicious DLL for a process associated with an antivirus or other endpoint security product, and hijack its agent.
Patches were released by Malwarebytes, AVG, and Trend Micro, the security researchers told BleepingComputer earlier this week. Kaspersky Lab told ZDNet "that measures to detect and block the malicious scenario have now been added to all its products," while Norton downplayed the exploit, saying the attack "would require physical access to the machine and admin privileges to be successful," with their spokesperson "adding that it has deployed additional detection and blocking protections in the unlikely event users are targeted."
BetaNews reports that the researchers "say that it is very easy for antivirus producers to implement a method of protection against this zero-day, but it is simply not being done. 'Microsoft has provided a new design concept for antivirus vendors called Protected Processes...specially designed for antivirus services...the protected process infrastructure only allows trusted, signed code to load and has built-in defense against code injection attacks.'"Read Replies (0)
By EditorDavid from Slashdot's survey-says? department
More than 64,000 developers from 213 countries participated in this year's annual survey by Stack Overflow -- the largest number ever -- giving a glimpse into the collective psyche of programmers around the world. An anonymous reader quotes their announcement:
A majority of developers -- 56.5% -- said they were underpaid. Developers who work in government and non-profits feel the most underpaid, while those who work in finance feel the most overpaid... While only 13.1% of developers are actively looking for a job, 75.2% of developers are interested in hearing about new job opportunities... When asked what they valued most when considering a new job, 53.3% of respondents said remote options were a top priority. 65% of developers reported working remotely at least one day a month, and 11.1% say they're full-time remote or almost all the time. Also, the highest job satisfaction ratings came from developers who work remotely full-time.
By EditorDavid from Slashdot's investing-in-automation department
Steve Wozniak -- along with Kleiner Perkins Caufield & Byer -- have invested in an automated paper-digitization company named Ripcord, which formally launched on Thursday. An anonymous reader quotes VentureBeat:
Based in Hayward, California, Ripcord has machines that can scan, index, and categorize paper records to make them searchable through companies' existing systems, via the cloud... Upon receipt, Ripcord unboxes the files and passes them to its machines, which scan, upload, and convert the content into searchable PDFs. Ripcord says that the conversion and classification process is around 80 percent automated and covers handling, the removal of fasteners (e.g. staples), and scanning.
"It sounds silly at first, but a really big part of the reason why this has never been done before are staples," explains Business Insider. "Existing scanner systems require humans to pull staples, separate three-ring binders, unclip paper clips, and occasionally even unstrip duct tape before they can go through the system -- otherwise they jam up the works."
"Our robots work their magic," explains Ripcord's web site. They're charging .004 cents per page -- for every month that it's stored in the cloud.Read Replies (0)
By BeauHD from Slashdot's live-comfortably department
An anonymous reader quotes a report from ABC57 News in South Bend, Indiana: Indiana is looking to help offenders who are behind bars. Soon, each inmate in the Hoosier state could have their own tablet. The Indiana Department of Correction says the tablet will help inmates stay connected with their families and improve their education. Offenders will be able to use the tablets to access any classwork, self-help materials or entertainment. Officials expect to use entertainment, like music or movies, to reward good behavior. The proposal was first filed in January. Apple iPad's or kindles won't be used. Instead, a company that makes tablets specifically for prisons or jails will be hired. One San Francisco based-company they may consider, Telmate, has a device that is used in more than 20 states, including some jails in Marshall County. INDOC is hoping a vendor will front the costs of the entertainment apps so taxpayers won't have to. INDOC also says it wants to avoid charging inmate fees because charging fees that they can't afford would defeat the purpose of the system. If the company selected pays, the vendor would be reimbursed and still earn a profit.Read Replies (0)
By BeauHD from Slashdot's new-band-name-ideas department
The increased use of technology capable of photographing and sharing images has prompted the World Meteorological Organization to add 11 new cloud classifications to their International Cloud Atlas. "A far cry from simple white puffs, these 11 new cloud types roll, dip, and menace their way across the skies," reports National Geographic. From the report: These 11 additions are the first updates that the atlas has received in 30 years, and much of the change can be attributed to citizen scientists who can share and discuss clouds by uploading photos to the Atlas's site. 2017 is the first year that the renowned atlas will be published entirely online, but a hardbound version will follow later this year. Asperitas, Latin for roughness, is the cloud type that has citizen scientists most excited and has been a special victory for the UK-based Cloud Appreciation Society. This photo, first spotted in 2006, captured their attention for its inability to be described by existing cloud types. Marked by small divot-like features that create chaotic ripples across the sky, asperitas were championed by enthusiasts who noticed they did not accurately fall under existing categories. Other clouds that formerly went by more colloquial names, such as the wave-like Kelvin-Helmoltz cloud, and fallstreak holes, will now be recognized with the Latin names fluctus and cavum, respectively. You can watch a time-lapse of the newly classified asperitas here.Read Replies (0)