Sorry, you need to enable JavaScript to visit this website.

Slashdot

Slashdot
News for nerds, stuff that matters
Updated: 17 min 52 sec ago

Krebs Is Back Online Thanks To Google's Project Shield

Sun, 25/09/2016 - 4:39pm
"After the massive 600gbps DDOS attack on KrebsOnSecurity.com that forced Akamai to withdraw their (pro-bono) DDOS protection, krebsonsecurity.com is now back online, hosted by Google," reports Slashdot reader Gumbercules!!. "I am happy to report that the site is back up -- this time under Project Shield, a free program run by Google to help protect journalists from online censorship," Brian Krebs wrote today, adding "The economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists...anyone with an axe to grind and the willingness to learn a bit about the technology can become an instant, self-appointed global censor." [T]he Internet can't route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. I call this rather unwelcome and hostile development the "The Democratization of Censorship...." [E]vents of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach... Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company's paying customers, they explained that the choice to let my site go was a business decision, pure and simple... In an interview with The Boston Globe, Akamai executives said the attack -- if sustained -- likely would have cost the company millions of dollars. One site told Krebs that Akamai-style protection would cost him $150,000 a year. "Ask yourself how many independent journalists could possibly afford that kind of protection money?" He suspects the attack was a botnet of enslaved IoT devices -- mainly cameras, DVRs, and routers -- but says the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks... the biggest offenders will continue to fly under the radar of public attention unless and until more pressure is applied by hardware and software makers, as well as ISPs that are doing the right thing... What appears to be missing is any sense of urgency to address the DDoS threat on a coordinated, global scale."

Read more of this story at Slashdot.

California Launches Mandatory Data Collection For Police Use-of-Force

Sun, 25/09/2016 - 3:34pm
An anonymous Slashdot reader quotes the AP: All 800 police departments in California must begin using a new online tool launched Thursday to report and help track every time officers use force that causes serious injuries... The tool, named URSUS for the bear on California's flag, includes fields for the race of those injured and the officers involved, how their interaction began and why force was deemed necessary. "It's sort of like TurboTax for use-of-force incidents," said Justin Erlich, a special assistant attorney general overseeing the data collection and analysis. Departments must report the data under a new state law passed last November. Though some departments already tracked such data on their own, many did not... "As a country, we must engage in an honest, transparent, and data-driven conversation about police use of force," California Attorney General Kamala Harris said in a news release. It's an open source tool developed by Bayes Impact, and California plans to share the code with other interested law enforcement agencies across the country. Only three other states currently require their police departments to track data about use-of-force incidents, "but their systems aren't digital, and in Colorado's case, only capture shootings."

Read more of this story at Slashdot.

The Ig Nobel Awards Celebrate Their 26th First Annual Awards Ceremony

Sun, 25/09/2016 - 2:34pm
Thursday Harvard's Sanders Theatre hosted the 26th edition of the humorous research awards "that make people laugh, then think...intended to celebrate the unusual, honor the imaginative -- and spur people's interest in science, medicine, and technology." One of this year's winners actually lived as a goat, wearing prosthetic extensions on his arms and legs so he could travel the countryside with other goats. Long-time Slashdot reader tomhath writes: The Journal of Improbable announced these winners: REPRODUCTION PRIZE [EGYPT] -- The late Ahmed Shafik, for studying the effects of wearing polyester, cotton, or wool trousers on the sex life of rats, and for conducting similar tests with human males. ECONOMICS PRIZE [NEW ZEALAND, UK] -- Mark Avis, Sarah Forbes, and Shelagh Ferguson, for assessing the perceived personalities of rocks, from a sales and marketing perspective... PEACE PRIZE [CANADA, USA] -- Gordon Pennycook, James Allan Cheyne, Nathaniel Barr, Derek Koehler, and Jonathan Fugelsang for their scholarly study called 'On the Reception and Detection of Pseudo-Profound Bullshit'... PERCEPTION PRIZE [JAPAN] -- Atsuki Higashiyama and Kohei Adachi, for investigating whether things look different when you bend over and view them between your legs. The Improable Research site lists the rest of this year's 10 winners, as well as every winner for the previous 25 years.

Read more of this story at Slashdot.

How ITT Tech Screwed Students and Made Millions

Sun, 25/09/2016 - 1:34pm
An anonymous Slashdot reader shares "a grim story about a company that screwed poor people, military veterans, and taxpayers to turn a profit." Gizmodo reports: By the time ITT Technical Institute closed its doors earlier this month, the for-profit college had been selling tenuous diplomas at exorbitant prices for more than 20 years...burying low-income and first-generation students in insurmountable debt, and evading regulators since the early 1990s... ITT collected $178 million over two years just in federal education funding for veterans -- even while the company projected 33% of its students would ultimately default on their loans -- and last year 70% of the school's total revenue came directly from federal financial aid programs. Gizmodo spoke to one student who "will now spend the rest of his life paying back loans for a degree that is practically useless," after compounding interest turned his $70,000 loan into $200,000 in debt. "Like all of the former students interviewed by Gizmodo, he was placed in a job that did not require professional training" -- specifically, a game-testing position that didn't even require a high school diploma, while ITT "placed" another student in a $5.95-an-hour telemarketing job. Her assessment of ITT? "It was totally worthless."

Read more of this story at Slashdot.

Kentucky's Shotgun 'Drone Slayer' Gets Sued Again

Sun, 25/09/2016 - 11:34am
"Technology has surpassed the law..." argues a Kentucky man who fired a shotgun at a drone last year. An anonymous Slashdot reader reports: The drone's owner has now filed for damages in Federal Court over the loss of his $1,800 drone, arguing that the shotgun blast was unjustified because his drone wasn't actually trespassing or invading anyone's privacy. The defendant -- who has dubbed himself 'the Drone Slayer' -- said the aerial vehicle was over his garden and his daughter, and the verdict could ultimately set a new precedent in U.S. law: who owns the air? "Operators need to know where they can fly," argued the drone pilot's lawyer, "and owners must know when they can reasonably expect privacy and be free of prying eyes." He estimates a drone is shot from he skies about once a month, and "What happens typically is that law enforcement doesn't know what to do and civil suits are uncommon as most people don't want to get involved due to the costs." The Drone Slayer was originally charged with felony counts of wanton endangerment and criminal mischief. But all of those charges were dismissed in October when a district judge ruled he "had a right to shoot at the aircraft."

Read more of this story at Slashdot.

Street Fighter V Update Installed Hidden Rootkits on PCs

Sun, 25/09/2016 - 7:34am
Capcom's latest update for Street Fighter V was installing a secret rootkit on PCs. An anonymous Slashdot reader quotes The Register: This means malicious software on the system can poke a dodgy driver installed by Street Fighter V to completely take over the Windows machine. Capcom claims it uses the driver to stop players from hacking...to cheat. Unfortunately, the code is so badly designed, it opens up a full-blown local backdoor... it switches off a crucial security defense in the operating system, then runs whatever instructions are given to it by the application, and then switches the protection back on Friday Capcom tweeted "We are in the process of rolling back the security measures added to the PC version of Street Fighter V." This prompted one user to reply, "literal rootkits are the opposite of security measures."

Read more of this story at Slashdot.

Tuesday Was Microsoft's Last Non-Cumulative Patch

Sun, 25/09/2016 - 3:34am
There was something unique about this week's Patch Tuesday. An anonymous Slashdot reader quotes HelpNetSecurity: It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches will be bundled together and users will no longer be able to pick and choose which updates to install. Furthermore, these new 'monthly update packs' will be combined, so for instance, the November update will include all the patches from October as well. Last month a Slashdot reader asked for suggestions on how to handle the new 'cumulative' updates -- although the most common response was "I run Linux."

Read more of this story at Slashdot.

97% of the Top Companies Have Leaked Credentials Online

Sun, 25/09/2016 - 1:34am
Apparently lots of people have been use both their work email address and work password on third-party sites -- suggesting a huge vulnerability. Trailrunner7 quotes On The Wire: The last few years have seen a number of large-scale breaches at popular sites and companies, including LinkedIn, Adobe, MySpace, and Ashley Madison, and many of the credentials stolen during those incidents have ended up online in various places... [R]esearch from Digital Shadows found that the most significant breach for the global 1,000 companies it looked at was the LinkedIn incident... Digital Shadows found more than 1.6 million credentials online for the 1,000 companies it studied. Adobe's breach was next on the list, with more than 1.3 million credentials. "For Ashley Madison alone, there were more than 200,000 leaked credentials from the top 1,000 global companies," the researchers report, noting they also found many leaked credentials from breaches at other dating and gaming sites, as well as Myspace. Their conclusion? "The vast majority of organizations have credentials exposed online..."

Read more of this story at Slashdot.

Cisco Blamed A Router Bug On 'Cosmic Radiation'

Sat, 24/09/2016 - 11:34pm
Network World's news editor contacted Slashdot with this report: A Cisco bug report addressing "partial data traffic loss" on the company's ASR 9000 Series routers contended that a "possible trigger is cosmic radiation causing SEU [single-event upset] soft errors." Not everyone is buying: "It IS possible for bits to be flipped in memory by stray background radiation. However it's mostly impossible to detect the reason as to WHERE or WHEN this happens," writes a Redditor identifying himself as a former [technical assistance center] engineer... "While we can't speak to this particular case," Cisco wrote in a follow-up, "Cisco has conducted extensive research, dating back to 2001, on the effects cosmic radiation can have on our service provider networking hardware, system architectures and software designs. Despite being rare, as electronics operate at faster speeds and the density of silicon chips increases, it becomes more likely that a stray bit of energy could cause problems that affect the performance of a router or switch." Friday a commenter claiming to be Xander Thuijs, Cisco's principal engineer on the ASR 9000 router, posted below the article, "apologies for the detail provided and the 'concept' of cosmic radiation. This is not the type of explanation I would like to see presented to the respected users of our products. We have made some updates to the DDTS [defect-tracking report] in question with a more substantial data and explanation. The issue is something that we can likely address with an FPD update on the 2x100 or 1x100G Typhoon-based linecard."

Read more of this story at Slashdot.

US Panel Extends Nuclear Power Tax Credit

Sat, 24/09/2016 - 10:34pm
Slashdot reader mdsolar quotes The Hill: The House Ways and Means Committee voted Wednesday to remove a key deadline for a nuclear power plant tax credit... The credit was first enacted in 2005 to spur construction of new nuclear plants, but it has gone completely unused because no new plants have come online since then... It would likely benefit two reactors under construction at Southern Co.'s Vogtle Electric Generating Plant in Georgia and another two at Virgil C. Summer Nuclear Generating Station in South Carolina. Both projects are at risk of missing the 2020 deadline... "When Congress passed the 2005 act, it could not have contemplated the effort it would take to get a nuclear plant designed and licensed," said representative Tom Rice (R-S.C.). Although one Democrat criticized the extension by arguing that nuclear power "does better in a socialist economy than in a capitalist one, because nuclear energy prefers to have the public do the cleanup, do the insurance, cover all of the losses and it only wants the profits."

Read more of this story at Slashdot.

Malware Evades Detection By Counting Word Documents

Sat, 24/09/2016 - 9:34pm
"Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher's test environment," reports Threatpost, The Kaspersky Lab security news service. Slashdot reader writes: Once a computer is compromised, the malware will count the number of Word documents stored on the local drive; if it's more than two, the malware executes. Otherwise, it figures it's landed in a virtual environment or is executing in a sandbox and stays dormant. A typical test environment consists of a fresh Windows computer image loaded into a VM. The OS image usually lacks documents and other telltale signs of real world use [according to SentinelOne researcher Caleb Fenton]. If no Microsoft Word documents are found, the VBA macro's code execution terminates, shielding the malware from automated analysis and detection. Alternately, if more than two Word documents are found on the targeted system, the macro will download and install the malware payload.

Read more of this story at Slashdot.

Poor Scientific Research Is Disproportionately Rewarded

Sat, 24/09/2016 - 8:34pm
A new study calculates a low probability that real effects are actually being detected in psychology, neuroscience and medicine research paper -- and then explains why. Slashdot reader ananyo writes: The average statistical power of papers culled from 44 reviews published between 1960 and 2011 was about 24%. The authors built an evolutionary computer model to suggest why and show that poor methods that get "results" will inevitably prosper. They also show that replication efforts cannot stop the degradation of the scientific record as long as science continues to reward the volume of a researcher's publications -- rather than their quality. The article notes that in a 2015 sample of 100 psychological studies, only 36% of the results could actually be reproduced. Yet the researchers conclude that in the Darwin-esque hunt for funding, "top-performing laboratories will always be those who are able to cut corners." And the article's larger argument is until universities stop rewarding bad science, even subsequent attempts to invalidate those bogus results will be "incapable of correcting the situation no matter how rigorously it is pursued."

Read more of this story at Slashdot.

A New Programming Language Expands on Google's Go

Sat, 24/09/2016 - 7:34pm
"One sure sign your language is successful: When people build other languages that transpile into it." An anonymous Slashdot reader quotes a report from InfoWorld: The Have project uses Go's toolchain, but sports a different syntax and makes key additions to the language... Previously, a language named Oden worked with Go's toolchain to add features that Go didn't support. Now Polish developer Marcin Wrochniak has introduced Have, a language that transpiles to and expands on Go. In the blog post that introduces the project to Go developers, Wrochniak describes Have as a hobby project, with the goal of becoming a "companion" to Go that addresses some of its common "landmines"... Go uses curly braces in the manner of C/C++, while Have uses block indents, like Python... The way that variable declaration, structs, and interfaces work have all been modified in Have to be more consistent with each other and to avoid internal inconsistencies that Wrochniak feels are a common source of bugs.

Read more of this story at Slashdot.

Spam Hits Its Highest Level Since 2010

Sat, 24/09/2016 - 6:34pm
Long-time Slashdot reader coondoggie quotes Network World: Spam is back in a big way -- levels that have not been seen since 2010 in fact. That's according to a blog post from Cisco Talos that stated the main culprit of the increase is largely the handiwork of the Necurs botnet... "Many of the host IPs sending Necurs' spam have been infected for more than two years. "To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions... This greatly complicates the job of security personnel who respond to spam attacks, because while they may believe the offending host was subsequently found and cleaned up, the reality is that the miscreants behind Necurs are just biding their time, and suddenly the spam starts all over again." Before this year, the SpamCop Block List was under 200,000 IP addresses, but surged to over 450,000 addresses by the end of August. Interestingly, Proofpoint reported that between June and July, Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.

Read more of this story at Slashdot.

Senators Accuse Russia Of Disrupting US Election

Sat, 24/09/2016 - 5:34pm
An anonymous Slashdot reader quotes The Washington Post: Two senior Democratic lawmakers with access to classified intelligence on Thursday accused Russia of "making a serious and concerted effort to influence the U.S. election," a charge that appeared aimed at putting pressure on the Obama administration to confront Moscow... "At the least, this effort is intended to sow doubt about the security of our election and may well be intended to influence the outcomes," the statement said. "We believe that orders for the Russian intelligence agencies to conduct such actions could come only from very senior levels of the Russian government..." White House officials have repeatedly insisted that they are awaiting the outcome of a formal FBI investigation, even though U.S. intelligence are said to have concluded with "high confidence" that Russia was responsible for the DNC breach and other attacks. The White House hesitation has become a source of frustration to critics, including senior members of Congress. Meanwhile, U.S. intelligence officials are reportedly investigating whether Donald Trump's foreign policy adviser "opened up private communications with senior Russian officials -- including talks about the possible lifting of economic sanctions if the Republican nominee becomes president."

Read more of this story at Slashdot.

Accenture Patents a Blockchain-Editing Tool

Sat, 24/09/2016 - 4:34pm
A blockchain "produces a permanent ledger of transactions with which no one can tamper," reports TechWeekEurope. "Until now." Slashdot reader Mickeycaskill quotes their report: One of the core principles of Blockchain technology has potentially been undermined by the creation of an editing tool. The company responsible however, Accenture, says edits would only be carried out "under extraordinary circumstances to resolve human errors, accommodate legal and regulatory requirements, and address mischief and other issues, while preserving key cryptographic features..." Accenture's move to create an editing system will no doubt be viewed by some technology observers as a betrayal of what blockchain technology is all about. But the company insisted it is needed, especially in the financial services industry... "The prototype represents a significant breakthrough for enterprise uses of blockchain technology particularly in banking, insurance and capital markets," said Accenture. They're envisioning "permissioned" blockchain systems, "managed by designated administrators under agreed governance rules," while acknowledging that cyptocurrency remains a different environment where "immutable" record-keeping would still be essential.

Read more of this story at Slashdot.

Snapchat's 10-Second-Video Glasses Are Real And Cost $130 Bucks

Sat, 24/09/2016 - 3:34pm
Long-time Slashdot reader bheerssen writes that Snapchat "announced a new product yesterday, Spectacles, which are sunglasses with a camera built into the frame." TechCrunch reports: Snapchat's long-rumored camera glasses are actually real. The startup's first foray into hardware will be a pair of glasses called "Spectacles" and will go on sale this fall for $129.99, according to the WSJ... To start recording you tap a button on the side of the glasses. Video capture will mimic Snapchat's app, meaning you can only capture 10 seconds of video at once. This video will sync wirelessly to your phone, presumably making it available to share as a snap. The cameras will be using a circular 115-degree lens to mimic the human eye's natural field of vision, and in the Journal's article, Snap CEO Evan Spiegel remembers his first test of the product in 2015. "I could see my own memory, through my own eyes -- it was unbelievable... It was the closest I'd ever come to feeling like I was there again." The camera glasses will enter "limited distribution" sometime within the next three months, which TechCrunch believes "could end up being like Google Glass when it first launched -- officially on sale to the public but pretty hard to come by."

Read more of this story at Slashdot.

U.S. Funds Challenges To North Korea's 'Information Shield'

Sat, 24/09/2016 - 2:34pm
The U.S. State Department is pursuing "a detailed plan for making unrestricted, unmonitored, and inexpensive electronic mass communications available to the people of North Korea." Slashdot reader Greg Jones reports: Plenty of government-designed "information" flows out of North Korea. At One Free Korea Joshua Stanton reports that the U.S. State Department just announced a new grant program for information technology solutions to punch through the wall that prevents the free flow of information into North Korea. "Those of us who wrote and negotiated the [North Korea Sanctions and Policy Enhancement Act] were equally concerned with direct engagement of the North Korean people..." Stanton writes on his blog, reporting that there's now grants available to fund multiple projects. "If you have the technical knowledge to make this a reality, or know a place online where people with those talents congregate, please share and repost this solicitation and help spread the word."

Read more of this story at Slashdot.

The Verge's Deputy Editor Chris Ziegler Was Secretly Working For Apple For Two Months

Sat, 24/09/2016 - 1:34pm
An anonymous reader quotes a report from Gizmodo: Late this afternoon, Nilay Patel, the editor-in-chief of The Verge, published a post detailing the circumstances around the departure of Chris Ziegler, a founding member of the site. As it turns out, according to Patel, Ziegler had been pulling double duty as an employee of both The Verge and Apple. "The circumstances of Chris' departure from The Verge raised ethical issues which are worth disclosing in the interests of transparency and respect for our audience," Patel wrote. "We're confident that there wasn't any material impact on our journalism from these issues, but they are still serious enough to merit disclosure." According to Patel, Ziegler, whose most recent post was published in July, began working for Apple in July but didn't disclose his new job; The Verge apparently didn't discover he'd been working there until early September. Patel noted that Ziegler continued to work for The Verge in July, but "was not in contact with us through most of August and into September." What's not clear is how The Verge leadership went six weeks without hearing from their deputy editor or taking serious action (like filing a missing person's report) to try to find him. Patel says they "made every effort to contact him and to offer him help if needed." Patel noted the obvious conflict of interest, and added that Ziegler was fired the same day they verified his employment at Apple. "Chris did not attempt to steer any coverage towards or away from Apple, and any particular decisions he helped make had the same outcomes they would have had absent his involvement," Patel wrote. However, it's still unclear how exactly the team at Vox Media, The Verge's parent company, ascertained there was no editorial consequences from the dual-employment. You can read Patel's full statement here. Vox Media's Fay Sliger followed up with a statement to Gizmodo: "Chris is no longer an employee of The Verge or Vox Media. Chris accepted a position with Apple, stopped communicating with The Verge's leadership, and his employment at The Verge was terminated. Vox Media's editorial director Lockhart Steele conducted an internal review of this conflict of interest, and after a thorough investigation, it was determined that there was no impact on editorial decisions or journalism produced at The Verge or elsewhere in Vox Media. We've shared details about this situation with The Verge's audience and will continue to be transparent should any new information come to light."

Read more of this story at Slashdot.

Our Atmosphere Is Leaking Oxygen and Scientists Don't Know Why

Sat, 24/09/2016 - 10:00am
The Earth's atmosphere has been leaking oxygen and scientists don't know why. Researchers discovered that over the past 800,000 years, atmospheric oxygen levels have dropped by 0.7 percent. How exactly did they discover the leak? By observing ice cores from Greenland and Antarctica, which contain trapped air bubbles representing snapshots of our atmosphere over the past million-odd years. Gizmodo reports: By examining the ratio of oxygen to nitrogen isotopes within these cores, the researchers were able to pull out a trend: oxygen levels have fallen by 0.7 percent over the past 800,000 years, meaning sinks are roughly 2 percent larger than sources. Writing today in Science, the researchers offer a few possible explanations. For one, erosion rates appear to have sped up in recent geologic history, causing more fresh sediment to be exposed and oxidized by the atmosphere, causing more oxygen to be consumed. Long-term climate change could also be responsible. Recent human-induced warming aside, our planet's average temperature had been declining a bit over the past few million years. [Princeton University geologist Daniel Stolper] added that there could be other explanations, too, and figuring out which is correct could prove quite challenging. But learning what controls the knobs in our planet's oxygen cycle is worth the effort. It could help us understand what makes a planet habitable at all -- something scientists are rather keen on, given recent exoplanet discoveries. Stolper's analysis excluded one very unusual part of the record: the last 200 years of industrial human society. "We are consuming O2 at a rate a factor of a thousand times faster than before," Stolper said. "Humankind has completely short-circuited the cycle by burning tons of carbon."

Read more of this story at Slashdot.