Sorry, you need to enable JavaScript to visit this website.


Syndicate content Slashdot
News for nerds, stuff that matters
Updated: 2 min 23 sec ago

Using a Bomb Robot to Kill a Suspect Is an Unprecedented Shift in Policing

Fri, 08/07/2016 - 6:05pm
A police standoff with a suspect in the killing of five police officers in Dallas came to an abrupt end on Friday morning in an unusual way. The police said that negotiations broke down, an exchange of gunfire happened, but then they had no option but to use "bomb robot and place a device on its extension for it to detonate where the suspect was." Motherboard explains the unprecedented shift in policing. From an article: Peter W. Singer, an expert in military technology and robot warfare at the New America Foundation, tweeted that this is the first known incident of a domestic police force using a robot to kill a suspect. Singer tweeted that in the wars in Iraq and Afghanistan, soldiers have strapped claymore mines to the $8,000 MARCbot using duct tape to turn them into jury-rigged killing devices. Singer says all indications are that the Dallas Police Department did something similar in this case -- it improvised to turn a surveillance robot into a killing machine. Improvised device or not, the concerns here mirror a debate that's been going on for a few years now: Should law enforcement have access to armed drones, or, for that matter, weaponized robots? In 2013 Kentucky Senator Rand Paul staged a 13-hour filibuster that was focused entirely on concerns about the use of armed drones on US soil. Last year, North Dakota became the first state to legalize nonlethal, weaponized drones for its police officers. [...] The ability for police to remotely kill suspects raises due process concerns. If a shooter is holed up and alone, can they be qualified as an imminent threat to life? Are there clear protocols about when a robot can be used to engage a suspect versus when a human needs to engage him or her? When can the use of lethal force be administered remotely?

Read more of this story at Slashdot.

Oracle Says It Is 'Committed' To Java EE 8 -- Amid Claims It Quietly Axed Future Development

Fri, 08/07/2016 - 5:25pm
Media reports, citing anonymous Oracle engineers, noted earlier this week that development of Java EE (Enterprise Edition) projects at Oracle had been "practically ceased" since last fall. This led many to wonder about the future of Java. Well, it's all cosy, says Oracle. The software firm assures that it is "committed" to Java. The Register reports: The Redwood City titan said it will present fresh plans for the future of Java EE 8 at its JavaOne conference in San Francisco in September. Version eight is due to be released in the first half of 2017. However, over the past six months, it appeared Oracle had pretty much ceased development of the enterprise edition -- a crucial component in hundreds of thousands of business applications -- and instead quietly focused its engineers on other products and projects. Oracle spokesman Mike Moeller tonight sought to allay those fears, and said a plan for the future of Java EE is brewing. "Oracle is committed to Java and has a very well defined proposal for the next version of the Java EE specification -- Java EE 8 -- that will support developers as they seek to build new applications that are designed using micro-services on large-scale distributed computing and container-based environments on the Cloud," said Moeller.

Read more of this story at Slashdot.

Researchers Add Software Bugs To Reduce the Number of Software Bugs

Fri, 08/07/2016 - 4:45pm
Reader alphadogg writes: Researchers are adding bugs to experimental software code in order to ultimately wind up with programs that have fewer vulnerabilities. The idea is to insert a known quantity of vulnerabilities into code, then see how many of them are discovered by bug-finding tools. By analyzing the reasons bugs escape detection, developers can create more effective bug-finders, according to researchers at New York University in collaboration with others from MIT's Lincoln Laboratory and Northeastern University. They created large-scale automated vulnerability addition (LAVA), which is a low-cost technique that adds the vulnerabilities."The only way to evaluate a bug finder is to control the number of bugs in a program, which is exactly what we do with LAVA," says Brendan Dolan-Gavitt, a computer science and engineering professor at NYU's Tandon School of Engineering.

Read more of this story at Slashdot.

Free Upgrade To Windows 10 Mobile Will Continue Past July 29

Fri, 08/07/2016 - 4:05pm
Microsoft watcher Paul Thurrott writes: After I asked about whether the free upgrade for Windows 10 Mobile would end on July 29 as it is for Windows 10 for PCs, Microsoft's Dona Sarkar clarified the firm's evolving strategy: The Windows 10 Mobile upgrade will now continue to be free past the end of the month. "So, the free upgrade to Windows 10 ends for Windows phones on July 29, too. Right?" I tweeted yesterday morning, seeking clarification for a reader who had asked me this question. After all, Microsoft had said nothing about the expiration of the free Mobile upgrade since last year. "Clarification from this morning," Ms. Sakar tweeted later in the day. "The free upgrade offer for PC ends on July 29 but as always there are no implications or cost on phone." Hm. Not sure about the "as always" bit, as Microsoft's plans for the free Windows 10 Mobile upgrade have changed repeatedly since the firm announced this upgrade in January 2015. And over time, many of these changes enraged users who had believed earlier promises. You may recall that the original plan was to upgrade all Windows Phone 8.1 handsets to Windows 10 Mobile ... for the first year only. But over time, that changed. It was going to be all handsets with at least 1 GB of RAM. And then it was going to be some subset of handsets sold over the previous two years, but not the Lumia Icon for some reason.

Read more of this story at Slashdot.

Facebook Messenger To Get End-To-End Encryption

Fri, 08/07/2016 - 3:25pm
Reader wiredmikey writes: Facebook announced Friday it would roll out optional "end to end encryption" for its Messenger application, following a trend aimed at stronger security and protection against snooping. The new feature will be known as "secret conversations" which can be read only by the sender and recipient. Facebook shared technical details about its implementation of the security in a technical white paper (PDF). Facebook earlier this year began implementing this end-to-end encryption on its WhatsApp messaging service.ZDNet's Zack Whittaker, however, warns about a catch in Facebook's effort. He writes: But already the company has faced some criticism for not encrypting messages by default, instead making the service opt-in, like Apple's iMessage, or even Facebook's other chat app, WhatsApp, which recently switched on default end-to-end encryption earlier this year. Cryptographer and Johns Hopkins professor Matthew Green, who reviewed an early version of the system, said in a tweet that though you "have to turn on encryption per thread," he added that providing encryption to almost a billion people makes it hard to "put that genie back in the bottle."

Read more of this story at Slashdot.

Privacy Shield Data Pact Gets European Approval

Fri, 08/07/2016 - 2:45pm
A commercial data transfer pact provisionally agreed by the EU executive and the United States in February received the green light from EU governments on Friday, the European Commission said, paving the way for it to come into effect next week. This will end months of legal limbo for companies such as Facebook, Google, and MasterCard after the EU's top court struck down the previous data transfer framework, Safe Harbour, on concerns about intrusive U.S surveillance. BBC reports: Member states of the European Commission have given "strong support" to the Privacy Shield said the EC's Justice Commissioner Vera Jourova in a statement. Ms Jourova said the approval paved the way for the formal adoption of the agreement early next week. "The EU-US Privacy Shield will ensure a high level of protection for individuals and legal certainty for business," said Commissioner Jourova. "It is fundamentally different from the old Safe Harbour." The adoption of the Privacy Shield ends months of uncertainty for many tech companies such as Google and Facebook after the European court found the Safe Harbour agreement wanting. The agreement covers everything from personal information about employees to the detailed records of what people do online, which is often used to aid targeted advertising. The Safe Harbour pact let US companies skirt tough European rules that govern how this data can be treated, by letting them generate their own reports about the steps they took to stop it being misused.Ars Technica's report further explains the matter.

Read more of this story at Slashdot.

Antivirus Software Is 'Increasingly Useless' and May Make Your Computer Less Safe

Fri, 08/07/2016 - 2:05pm
Emily Chung, writing for CBC: Is your antivirus protecting your computer or making it more hackable? Internet security experts are warning that anti-malware technology is becoming less and less effective at protecting your data and devices, and there's evidence that security software can sometimes even make your computer more vulnerable to security breaches. This week, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) issued a warning about popular antivirus software made by Symantec, some of it under the Norton brand, after security researchers with Google's Project Zero found critical vulnerabilities. "These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible," wrote Google researcher Tavis Ormandy in a blog post. Symantec said it had verified and addressed the issues in updates that users are advised to install. It's not the only instance of security software potentially making your computer less safe. Concordia University professor Mohammad Mannan and his PhD student Xavier de Carne de Carnavalet recently presented research on antivirus and parental control software packages, including popular brands like AVG, Kaspersky and BitDefender, that bypass some security features built into internet browsers to verify whether sites are safe or not in order to be able to scan encrypted connections for potential threats. In theory, they should make up for it with their own content verification systems. But Mannan's research, presented at the Network and Distributed System Security Symposium in California earlier this year, found they didn't do a very good job. "We were surprised at how bad they were," he said in an interview. "Some of them, they did not even make it secure in any sense."

Read more of this story at Slashdot.

Putin Gives Federal Security Agents Two Weeks To Produce 'Encryption Keys' For The Internet

Fri, 08/07/2016 - 1:00pm
An anonymous reader writes: The President of the Russian Federation, Vladimir Putin, has ordered the Federal Security Service (FSB) to produce "encryption keys" to decrypt all data on the internet, and the FSB has two weeks to do it, Meduza reports. The head of the FSB, Alexander Bortnikov, is responsible for accomplishing such a task. "The new 'anti-terrorist' laws require all 'organizers of information distribution' that add 'additional coding' to transmitted electronic messages to provide the FSB with any information necessary to decrypt those messages," reports Meduza. "It's still unclear what information exactly online resources are expected to turn over, given that all data on the internet is encoded, one way or another, and in many instances encryption keys for encrypted information simply don't exist." Some of the details of the executive order include requiring telecom providers and "organizers of information distribution" to store copies of the content of all information they transmit for six months and store the metadata for three years so the Kremlin can access it whenever they want. In order for that to happen, ISPs would need to build new data centers capable of holding all that information and buy imported equipment, all without state subsidies, where they risk going bankrupt. To actually operate the data centers, the Russian government would need to upgrade Russia's outdated electrical grid and cables, which could cost between $30 and $77 billion. What about the "encryption keys?" In addition to storing all the transmitted information, "organizers of information distribution" have to turn over "any information necessary to decrypt those messages." Therefore, "additional coding" will need to be added to all electronic messages to act as instructions for the FSB to "decode" them. Many services and websites don't have "keys" or are fundamentally unsharable, like banks and financial institutions. Nearly all electronic information needs to be "encoded" in some way. Bortnikov has two weeks and the clock starts now. Good luck!

Read more of this story at Slashdot.