By msmash from Slashdot's growing-tension department
Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, triggering a top-to-bottom review of cyber vulnerabilities, WSJ reported Friday, citing officials and experts. From the report: A series of incidents in the past 18 months has pointed out the service's weaknesses, highlighting what some officials have described as some of the most debilitating cyber campaigns linked to Beijing. Cyberattacks affect all branches of the armed forces but contractors for the Navy and the Air Force are viewed as choice targets for hackers seeking advanced military technology, officials said. Navy contractors have suffered especially troubling breaches over the past year, one U.S. official said. The data allegedly stolen from Navy contractors and subcontractors often is highly sensitive, classified information about advanced military technology, according to U.S. officials and security researchers. The victims have included large contractors as well as small ones, some of which are seen as lacking the resources to invest in securing their networks. One major breach of a Navy contractor, reported in June, involved the theft of secret plans to build a supersonic anti-ship missile planned for use by American submarines, according to officials.Read Replies (0)
By msmash from Slashdot's for-what-it-is-worth department
An anonymous reader writes: Plenty of high-tech electronic components, like solar panels, rechargeable batteries, and complex circuits require specific rare metals. These can include magnetic neodymium, electronic indium, and silver, along with lesser-known metals like praseodymium, dysprosium, and terbium. These metals are mined in large quantities in countries around the world, and they make their way into the supply chains of all sorts of electronics and renewables companies.
A group of researchers from the Dutch Ministry of Infrastructure determined how many of these important metals will be required by 2050 in order to make enough solar panels and wind turbines to effectively combat climate change. With plenty of countries, states, cities, and companies pledging to go 100 percent renewable by 2050, the number of both solar panels and wind turbines is expected to skyrocket. According to the analysis, turbines and solar panels might be skyrocketing a bit too much. Demand for some metals like neodymium and indium could grow by more than a dozen times by 2050, and there simply might not be enough supply to power the green revolution.Read Replies (0)
By msmash from Slashdot's oops department
A corporate-issued laptop lifted from a Lenovo employee in Singapore contained a cornucopia of unencrypted payroll data on staff based in the Asia Pacific region, news outlet The Register reports. From the report: Details of the massive screw-up reached us from Lenovo staffers, who are simply bewildered at the monumental mistake. Lenovo has sent letters of shame to its employees confessing the security snafu. "We are writing to notify you that Lenovo has learned that one of our Singapore employees recently had the work laptop stolen on 10 September 2018," the letter from Lenovo HR and IT Security, dated 21 November, stated.
"Unfortunately, this laptop contained payroll information, including employee name, monthly salary amounts and bank account numbers for Asia Pacific employees and was not encrypted." Lenovo employs more than 54,000 staff worldwide, the bulk of whom are in China.Read Replies (0)
By BeauHD from Slashdot's rocky-relationships department
An anonymous reader quotes a report from The Guardian: Journalists working as factcheckers for Facebook have pushed to end a controversial media partnership with the social network, saying the company has ignored their concerns and failed to use their expertise to combat misinformation. Current and former Facebook factcheckers told the Guardian that the tech platform's collaboration with outside reporters has produced minimal results and that they've lost trust in Facebook, which has repeatedly refused to release meaningful data about the impacts of their work. Some said Facebook's hiring of a PR firm that used an antisemitic narrative to discredit critics -- fueling the same kind of propaganda factcheckers regularly debunk -- should be a deal-breaker.
Facebook now has more than 40 media partners across the globe, including the Associated Press, PolitiFact and the Weekly Standard, and has said false news on the platform is "trending downward." While some newsroom leaders said the relationship was positive, other partners said the results were unclear and that they had grown increasingly resentful of Facebook. Facebook has said that third-party factchecking is one part of its strategy to fight misinformation, and has claimed that a "false" rating leads an article to be ranked lower in news feed, reducing future views by 80% on average. The company has refused, however, to publicly release any data to support these claims. Facebook said in a statement that it had "heard feedback from our partners that they'd like more data on the impact of their efforts," adding that it has started sending "quarterly reports" with "customized statistics" to partners and would be"looking for more statistics to share externally in early 2019." Facebook declined to share the reports with the Guardian.Read Replies (0)
By BeauHD from Slashdot's blast-from-the-past department
"The Register has an article on the possibility that a supernova or a series of them could explain a mass die-off of marine animals around 2.6 million years ago," writes Slashdot reader KindMind. From the report: A gigantic supernova explosion may have triggered mass extinctions for creatures living in Earth's prehistoric oceans some 2.6 million years ago, according to new research published in Astrobiology. Marine animals like the megalodon [...] suddenly disappeared during the late Pliocene. Around the same time, scientists [...] noticed a peak in the iron-60 isotope in ancient seabeds. "As far back as the mid-1990s, people said, "Hey, look for iron-60. It's a telltale because there's no other way for it to get to Earth but from a supernova.' Because iron-60 is radioactive, if it was formed with the Earth it would be long gone by now. So, it had to have been rained down on us" explained Adrian Melott, lead author of the paper and a physics and astronomy professor at the University of Kansas.
The team believes that a supernova located 150 light years away set of a chain of supernovae bursts and covered the Earth in a shroud of deadly cosmic ray radiation. This was amplified, Melott said, because the Solar System is right on the edge of an area of the interstellar medium called the Local Bubble. The Local Bubble extends about 300 light years across and contains the two main clouds of dust and gas: Local Interstellar Cloud and the G-Cloud. As the supernovae ejected cosmic rays, these beams of energetic particles would have repeatedly bounced off the clouds to create a "cosmic-ray bath" that could have lasted 10,000 to 100,000 years. Some of that radiation such as cosmic ray muons would have leaked onto Earth, and over time it could have led to genetic mutations and cancers [that would have caused animals like the megalodon to die off prematurely].Read Replies (0)
Japan Plans For 100ft Tsunami
Posted by News Fetcher on December 13 '18 at 06:51 PM
By BeauHD from Slashdot's preventative-measures department
schwit1 shares a report from The Times: It will shake houses and tall buildings, and unleash a 100ft tsunami on one of the most densely populated and industrialized coastlines in the world. It could kill and injure close to a million people. It will almost certainly come in the next few decades. Now, the Japanese government is making plans to evacuate millions of people in anticipation of what could be one of the worst natural disasters in history (Warning: source may be paywalled; alternative source). It is known as the Nankai Trough megaquake. The Japanese government has previously estimated that there is a 70 to 80 percent chance that such an event will take place in the next 30 years and that the earthquake, and subsequent tsunami, could kill 323,000 people and injure 623,000. Unfortunately, the report doesn't outline how the government plans to get people out of harm's way. The city with the most people in the danger zone is Nagoya, Japan's fourth largest city and home to 2.3 million people. "The home of the nation's industry Hamamatsu is also at risk and home to over 800,000 people," reports The Irish Sun.Read Replies (0)
By BeauHD from Slashdot's consumer-focused department
Microsoft is working on a new "Microsoft 365 Consumer" bundle that "will be the consumer-focused complement to Microsoft's existing Microsoft 365 subscription bundle for business users," reports ZDNet. From the report: A couple of recent Microsoft job postings mention the consumer subscription bundle, which Microsoft has yet to announce publicly. One job posting for a Product Manager for the "M365 Consumer Subscription" notes: "The Subscription Product Marketing team is a new team being created to build and scale the Microsoft 365 Consumer Subscription." The job description says the product manager for this service will help "identify, build, position and market a great new Microsoft 365 Consumer Subscription."
The job post notes that the team behind Microsoft 365 Consumer oversees the Windows platform, the Microsoft Surface device portfolio, Office 365 consumer plans, Skype, Cortana, Bing search, as well as the Microsoft Education team. If I were betting on what Microsoft 365 Consumer might include, I'd think some variant of Windows 10, Office 365 Home, Skype, Cortana, Bing, Outlook Mobile, Microsoft To-Do and maybe MSN apps and services could figure into the picture. Maybe this subscription will be tied to Surface devices only? Maybe a monthly leasing fee for Surfaces will be part of the bundle itself?Read Replies (0)
By BeauHD from Slashdot's add-it-to-the-list department
After securing a win in court earlier this week to ban Apple's older phones, Qualcomm is trying to get the newer iPhones banned too. "According to the Financial Times, Qualcomm has now asked Chinese courts to issue an injunction that bans Apple from selling the iPhone XS, XS Max, and XR within the country due to the same case of possible patent infringement," reports The Verge. From the report: The new filing will escalate the companies' legal conflict in China, where Apple has so far ignored a court-ordered sales ban. Apple claims the ban only applied to phones running iOS 11 and earlier. Since its phones have now been updated to iOS 12, Apple believes they can remain on sale, and so it has continued to sell them. According to the Financial Times, the Chinese court's order doesn't specifically mention any version of Apple's operating system. That doesn't necessarily mean Apple is wrong, but it does mean that there's more to be hashed out.Read Replies (0)
By BeauHD from Slashdot's security-breaches department
An anonymous reader quotes a report from Ars Technica: A recent phishing campaign targeting U.S. government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.
Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets' accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password. "In other words, they check victims' usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too," Certfa Lab researchers wrote. "We've seen [it] tried to bypass 2fa for Google Authenticator, but we are not sure they've managed to do such a thing or not," the Certfa representative wrote. "For sure, we know hackers have bypassed 2fa via SMS."Read Replies (0)
By BeauHD from Slashdot's surprisingly-progressive-for-Louisiana department
Louisiana is rolling out a new digital driver's license app, called LA Wallet, that will let retailers digitally verify the age of their customers, if required. "According to IEEE Spectrum, Louisiana's Office of Alcohol and Tobacco Control is expected to announce that bars, restaurants, grocery stores and other retails are allowed to accept LA Wallet as proof of age, according to the app's developer, Envoc." From the report: The Baton Rouge-based company launched LA Wallet in June, after two years of collaboration with state officials. But so far only law enforcement officers making routine traffic stops are required to accept the digital driver's license. Next week's announcement would greatly broaden the scope of the app's use. About 71,000 people have downloaded LA Wallet so far, says Calvin Fabre, founder and president of Envoc. The app costs $5.99 in the Google Play and Apple App stores. Users buy it, create an account with some basic information from their physical driver's license, and create a password. That's it. No biometric security -- like iris scans or facial recognition -- required. The app links back to Louisiana's Office of Motor Vehicles database, which completes the digital license with the user's photo and additional information. Any changes to the license, like a suspension or renewal, are updated immediately in the app with a wireless network connection.
< article continued at Slashdot's surprisingly-progressive-for-Louisiana department
>Read Replies (0)
By BeauHD from Slashdot's important-decisions department
In a blog post today, Google detailed how its facial recognition technology will and won't be used. Citing a number of risks associated with the technology, the company vowed to refrain from selling facial recognition products until it can come up with policies that prevent abuse. Engadget reports: "Like many technologies with multiple uses, facial recognition merits careful consideration to ensure its use is aligned with our principles and values, and avoids abuse and harmful outcomes," Google said. "We continue to work with many organizations to identify and address these challenges, and unlike some other companies, Google Cloud has chosen not to offer general-purpose facial recognition APIs before working through important technology and policy questions." "This is a strong first step," the ACLU's Nicole Ozer said in a statement about Google's announcement. "Google today demonstrated that, unlike other companies doubling down on efforts to put dangerous face surveillance technology into the hands of law enforcement and ICE, it has a moral compass and is willing to take action to protect its customers and communities. Google also made clear that all companies must stop ignoring the grave harms these surveillance technologies pose to immigrants and people of color, and to our freedom to live our lives, visit a church, or participate in a protest without being tracked by the government."Read Replies (0)
By msmash from Slashdot's about-time department
Microsoft said in 2015 that it would build OpenSSH, a set of utilities that allow clients and servers to connect securely, into Windows, while also making contributions to its development. Neowin: Since then, the company has delivered on that promise in recent releases of Windows 10, being introduced as a feature-on-demand in version 1803. However, Windows Server hadn't received the feature until now, at least not in an officially supported way -- Windows Server version 1709 included it as a pre-release feature. But that's finally changed, as Microsoft this week revealed that Windows Server 2019, which was made available (again) in November, includes OpenSSH as a supported feature.Read Replies (0)
By msmash from Slashdot's new-lows department
When the Trump administration laid out a plan this year that would eventually allow cars to emit more pollution, automakers, the obvious winners from the proposal, balked. The changes, they said, went too far even for them. But it turns out that there was a hidden beneficiary of the plan that was pushing for the changes all along: the nation's oil industry. From an investigation by The New York Times: In Congress, on Facebook and in statehouses nationwide, Marathon Petroleum, the country's largest refiner, worked with powerful oil-industry groups and a conservative policy network financed by the billionaire industrialist Charles G. Koch to run a stealth campaign to roll back car emissions standards, a New York Times investigation has found. The campaign's main argument for significantly easing fuel efficiency standards -- that the United States is so awash in oil it no longer needs to worry about energy conservation -- clashed with decades of federal energy and environmental policy.
"With oil scarcity no longer a concern," Americans should be given a "choice in vehicles that best fit their needs," read a draft of a letter that Marathon helped to circulate to members of Congress over the summer. Official correspondence later sent to regulators by more than a dozen lawmakers included phrases or sentences from the industry talking points, and the Trump administration's proposed rules incorporate similar logic. The industry had reason to urge the rollback of higher fuel efficiency standards proposed by former President Barack Obama. A quarter of the world's oil is used to power cars, and less-thirsty vehicles mean lower gasoline sales.Read Replies (0)