posted about 1 hour ago on slashdot
An anonymous reader shares a report: A smaller, more pared down version of Windows 10 was spotted in the latest Redstone 5 preview build. Microsoft is calling it Windows 10 Lean and it's 2GB smaller in size than standard editions of Windows 10 once installed. Missing from this version are the Registry Editor, Internet Explorer, wallpaper, Microsoft Management Console and drivers for CD and DVD drives, and Windows Central notes that the lighter Windows 10 might be designed to ensure tablets and laptops with little internal storage can install Windows 10 feature updates. Additionally, the Redstone 5 preview also features phone-related APIs that support functions like dialing, blocking withheld numbers, video calling, Bluetooth headset support and speakerphone mode, stoking those persistent Andromeda rumors.

Read More...
posted about 2 hours ago on slashdot
An anonymous reader writes: Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building. The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more than 42,000 properties in 166 countries, amounting to millions of hotel rooms -- as well as garages and storage units. These electronic lock systems are commonplace in hotels, used by staff to provide granular controls over where a person can go in a hotel -- such as their room -- and even restricting the floor that the elevator stops at. And these keys can be wiped and reused when guests check-out. It turns out these key cards aren't as secure as first thought. F-Secure's Tomi Tuominen and Timo Hirvonen, who carried out the work, said they could create a master key 'basically out of thin air.' Any key card will do. Even old and expired, or discarded keys retain enough residual data to be used in the attack. Using a handheld device running custom software, the researchers can steal data off of a key card -- either using wireless radio-frequency identification (RFID) or the magnetic stripe. That device then manipulates the stolen key data, which identifies the hotel, to produce an access token with the highest level of privileges, effectively serving as a master key to every room in the building.

Read More...
posted about 2 hours ago on slashdot
Google on Wednesday pushed out the biggest revamp of Gmail in years. The company is bringing to the flagship Gmail service many (but not all) of the features it trialed in Inbox for Gmail, and adding a few new ones, too. From a report: While the overhaul does usher in a new look to the Gmail web app, bringing it into the material design fold, this update is more about throwing new features into the mix than moving things around and causing confusion. G Suite -- Google's paid productivity service for businesses, which also includes Gmail -- appears to be the core focus of this update, however these features will also be made available to standard Gmail users. [...] Google is adamant that no person within the company will ever read your emails, but that doesn't mean your email content is protected from third-party infiltration. To address this, Gmail will soon offer users a dedicated "confidential mode" -- on the web and in its mobile apps -- that is designed to protect against two kinds of attacks. [...] In addition to privacy and security updates, Gmail on mobile and the web is getting a bunch of new features to help solve the perennial problem of email overload. One of those tools is "nudging," which leans on Google's AI smarts and automated processing, similar to how its spam filter works, to remind users to follow up on a message they've received.

Read More...
posted about 4 hours ago on slashdot
An anonymous reader quotes a report from The Washington Post: California man Eric Lundgren, an electronic waste entrepreneur who produced tens of thousands of Windows restore disks intended to extend the lifespan of aging computers, lost a federal appeals court case in Miami after it ruled "he had infringed Microsoft's products to the tune of $700,000," the Washington Post reported on Tuesday. Per the Post, the appeals court ruled Lundgren's original sentence of 15 months in prison and a $50,000 fine would stay, despite the software being freely available online and only compatible with valid Windows licenses: "The appeals court upheld a federal district judge's ruling that the disks made by Eric Lundgren to restore Microsoft operating systems had a value of $25 apiece, even though they could be downloaded free and could be used only on computers with a valid Microsoft license. The U.S. Court of Appeals for the 11th Circuit initially granted Lundgren an emergency stay of his prison sentence, shortly before he was to surrender, but then affirmed his original 15-month sentence and $50,000 fine without hearing oral argument in a ruling issued April 11." All told, the court valued 28,000 restore disks he produced at $700,000, despite testimony from software expert Glenn Weadock that they were worth essentially zero.

Read More...
posted about 7 hours ago on slashdot
An anonymous reader writes: According to a study published in Nature Astronomy, scientists have determined that the atmosphere of Uranus smells like rotten eggs. The smell of Uranus was determined by the use of an Near-Infrared Integral Field Spectrometer (NIFS), an instrument that allows scientists to determine what an atmosphere is composed of based upon the reflections of sunlight that bounce off of it. Specifically, the clouds in Uranus' upper atmosphere consist of hydrogen sulfide, the molecule that makes rotten eggs so stinky. "If an unfortunate human were ever to descend through Uranus' clouds, they would be met with very unpleasant and odiferous conditions," study lead author Patrick Irwin, of Oxford University in England, said in a statement. But that wayward pioneer would have bigger problems, he added: "Suffocation and exposure in the negative 200 degrees Celsius [minus 328 degrees Fahrenheit] atmosphere, made of mostly hydrogen, helium, and methane, would take its toll long before the smell."

Read More...
posted about 10 hours ago on slashdot
Press2ToContinue shares a report from Gizmodo: What you're looking at is the surface of the comet 67p/Churyumov-Gerasimenko, which is orbited by the European Space Agency's Rosetta probe. The photo comes from Rosetta's OSIRIS, or Optical, Spectroscopic, and Infrared Remote Imaging System. The raw data was collected on June 1, 2016, and posted publicly on March 22 of this year. Twitter user landru79 processed the gif from this data release and shared it yesterday. In the foreground is the comet's surface (still several kilometers away from the probe), and three kinds of specks. The stars in the background belong to the constellation Canis Major, according to ESA senior advisor Mark McCaughrean. Some of the foreground stuff could be streaks from high-energy particles striking the cameraâ"it's a charge-coupled device (CCD), so even invisible particles can leave streaks in the results. And some could be dust from the comet itself.

Read More...
posted about 13 hours ago on slashdot
An anonymous reader quotes a report from Reuters: The U.S. Environmental Protection Agency proposed a rule on Tuesday that would limit the kinds of scientific research it can use in crafting regulations, an apparent concession to big business that has long requested such restrictions. Under the new proposals, the EPA will no longer be able to rely on scientific research that is underpinned by confidential medical and industry data. The measure was billed by EPA Administrator Scott Pruitt as a way to boost transparency for the benefit of the industries his agency regulates. But scientists and former EPA officials worry it will hamstring the agency's ability to protect public health by putting key data off limits. The EPA has for decades relied on scientific research that is rooted in confidential medical and industry data as a basis for its air, water and chemicals rules. While it publishes enormous amounts of research and data to the public, the confidential material is held back. Business interests have argued the practice is tantamount to writing laws behind closed doors and unfairly prevents them from vetting the research underpinning the EPA's often costly regulatory requirements. They argue that if the data cannot be published, the rules should not be adopted. But ex-EPA officials say the practice is vital.

Read More...
posted about 15 hours ago on slashdot
The Economist reports of a new working paper by the Organization for Economic Co-operation and Development (OECD) that assesses the automatability of each task within a given job, based on a survey of skills in 2015. "Overall, the study finds that 14% of jobs across 32 countries are highly vulnerable, defined as having at least a 70% chance of automation," reports Economist. "A further 32% were slightly less imperiled, with a probability between 50% and 70%. At current employment rates, that puts 210 million jobs at risk across the 32 countries in the study." From the report: The pain will not be shared evenly. The study finds large variation across countries: jobs in Slovakia are twice as vulnerable as those in Norway. In general, workers in rich countries appear less at risk than those in middle-income ones. But wide gaps exist even between countries of similar wealth. Differences in organizational structure and industry mix both play a role, but the former matters more. In South Korea, for example, 30% of jobs are in manufacturing, compared with 22% in Canada. Nonetheless, on average, Korean jobs are harder to automate than Canadian ones are. This may be because Korean employers have found better ways to combine, in the same job, and without reducing productivity, both routine tasks and social and creative ones, which computers or robots cannot do. A gloomier explanation would be "survivor bias": the jobs that remain in Korea appear harder to automate only because Korean firms have already handed most of the easily automatable jobs to machines.

Read More...
posted about 16 hours ago on slashdot
Microsoft is rolling out a new Xbox One update that brings 1440p support for the Xbox One S and X, as well as support for AMD's FreeSync technology to allow compatible displays to sync refresh rates with Microsoft's consoles. A subsequent update in May will bring 120Hz-display refresh-rate support to the Xbox One. The Verge reports: FreeSync, like Nvidia's G-Sync, helps remove tearing or stuttering usually associated with gaming on monitors, as the feature syncs refresh rates to ensure games run smoothly. Alongside this stutter-free tech, Microsoft is also supporting automatic switching to a TV's game mode. Auto Low-Latency Mode, as Microsoft calls it, will be supported on new TVs, and will automatically switch a TV into game mode to take advantage of the latency reductions. The Xbox One will also support disabling game mode when you switch to another app like Netflix. Microsoft is also making some audio tweaks with the April update for the Xbox One. New system sounds take advantage of spatial sound to fully support surround sound systems when you navigate around. Gamers who listen to music while playing can also now balance game audio against background music right inside the Xbox Guide. Other features in this update include sharing game clips direct to Twitter, dark to light mode transitions based on sunrise / sunset, and improvements to Microsoft Edge to let you download or upload pictures, music, and videos.

Read More...
posted about 16 hours ago on slashdot
WhatsApp is raising its minimum age from 13 to 16 in Europe to help it comply with new data privacy rules coming into force next month. The app will ask European users to confirm they are at least 16 years old when they are prompted to agree to new terms of service and a privacy policy provided by a new WhatsApp Ireland entity in the next few weeks. Reuters reports: Facebook, which has a separate data policy, is taking a different approach to teens aged between 13 and 15 in order to comply with the European General Data Protection Regulation (GDPR) law. It is asking them to nominate a parent or guardian to give permission for them to share information on the platform, otherwise they will not see a fully personalized version of the social media platform. But WhatsApp, which had more than 1.5 billion users in January according to Facebook, said in a blog post it was not asking for any new rights to collect personal information in the agreement it has created for the European Union. WhatsApp's minimum age of use will remain 13 years in the rest of the world, in line with its parent.

Read More...
posted about 17 hours ago on slashdot
An anonymous reader quotes a report from Bloomberg: Electric buses were seen as a joke at an industry conference in Belgium seven years ago when the Chinese manufacturer BYD showed an early model. Suddenly, buses with battery-powered motors are a serious matter with the potential to revolutionize city transport -- and add to the forces reshaping the energy industry. With China leading the way, making the traditional smog-belching diesel behemoth run on electricity is starting to eat away at fossil fuel demand. The numbers are staggering. China had about 99 percent of the 385,000 electric buses on the roads worldwide in 2017, accounting for 17 percent of the country's entire fleet. Every five weeks, Chinese cities add 9,500 of the zero-emissions transporters -- the equivalent of London's entire working fleet, according Bloomberg New Energy Finance. All this is starting to make an observable reduction in fuel demand. And because they consume 30 times more fuel than average sized cars, their impact on energy use so far has become much greater than the than the passenger sedans produced companies from Tesla to Toyota. For every 1,000 battery-powered buses on the road, about 500 barrels a day of diesel fuel will be displaced from the market, according to BNEF calculations. This year, the volume of fuel buses take off the market may rise 37 percent to 279,000 barrels a day, about as much oil as Greece consumes, according to BNEF.

Read More...
posted about 18 hours ago on slashdot
Altaba, the company formerly known as Yahoo, will have to pay a $35 million fine for failing to disclose a 2014 data breach in which hackers stole info on over 500 million accounts. "The U.S. Securities and Exchange Commission announced today that Altaba, which contains Yahoo's remains, agreed to pay the fine to settle charges that it misled investors by not informing them of the hack until September 2016, despite known of it as early as December 2014," reports The Verge. From the report: The SEC goes on to admonish Yahoo for its failure to disclose the breach to investors, saying that the agency wouldn't "second-guess good faith exercises of judgment" but that Yahoo's decisions were "so lacking" that a fine was necessary. Yahoo isn't being fined for having poor security practices, not informing users, or really anything related to the hack happening. The SEC is just mad that investors weren't told about it, because -- as Yahoo even noted in filings to investors -- data breaches can have financial impacts and legal implications. With a breach this large, the SEC believes that was obviously a real risk. "Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors," Jina Choi, director of the SEC's San Francisco Regional Office, said in a statement. The SEC released guidance to public companies on what to disclose about data breaches earlier this year, which could help to avoid similar situations in the future.

Read More...
posted about 18 hours ago on slashdot
hyperclocker shares a report from AnandTech: Samsung has announced the third generation of their high-end consumer NVMe SSDs. The new 970 PRO and 970 EVO M.2 NVMe SSDs use a newer controller and Samsung's latest 64-layer 3D NAND flash memory. The outgoing 960 PRO and 960 EVO were first announced in September 2016 and shipped that fall, so they have had a fairly long run as Samsung's flagship consumer SSDs. Compared to its predecessor, the 970 EVO promises a small improvement in sequential read speed, and a more substantial boost to sequential write speed for all but the smallest 250GB model. Peak random access performance is also substantially improved, but again the 250GB model gets left out, and is actually rated as slower than the 960 EVO 250GB. The warranty on the EVO has been extended from three years to five years, and the write endurance ratings have been increased by 50% to retain almost the same drive writes per day rating. The 970 PRO's performance specs aren't too different from the 970 EVO. Many of the ratings are the same, and the ones that differ are mostly better by just 3-11% for the PRO. There are just two major exceptions to this. First, the PRO doesn't rely on SLC write caching so it can maintain its write speed far longer than the EVO. Second, the rated write endurance of the 970 PRO is twice that of the EVO, going from just over 0.3 Drive Writes Per Day to 0.6 DWPD. Neither of these are an important factor for ordinary consumer use cases, but they help the 970 PRO retain some shine as a premium product.

Read More...
posted about 19 hours ago on slashdot
An anonymous reader quotes a report from TechCrunch: Two weeks ago TechCrunch called on Instagram to build an equivalent to Facebook's "Download Your Information feature so if you wanted to leave for another photo sharing network, you could. The next day it announced this tool would be coming and now TechCrunch has spotted it rolling out to users. Instagram's "Data Download" feature can be accessed here or through the app's privacy settings. It lets users export their photos, videos, archived Stories, profile, info, comments, and non-ephemeral messages, though it can take a few hours to days for your download to be ready. An Instagram spokesperson now confirms to TechCrunch that "the Data Download tool is currently accessible to everyone on the web, but access via iOS and Android is still rolling out." We'll have more details on exactly what's inside once my download is ready.

Read More...
posted about 19 hours ago on slashdot
Human spies could soon be relics of the past. Dawn Meyerriecks, CIA's deputy director for technology development, recently told an audience at an intelligence conference in Florida that CIA was adapting to a new landscape where its primary adversary is a machine, not a foreign agent. From a report: Meyerriecks, speaking to CNN after the conference, said other countries have relied on AI to track enemy agents for years. She went on to explain the difficulties encountered by current CIA spies trying to live under an assumed identity in the era of digital tracking and social media, indicating the modern world is becoming an inhospitable environment to human spies. But the CIA isn't about to give up. America's oldest spy agency is transforming from the kind of outfit that sends people around the globe to gather information, to the type that uses computers to accomplish the same task more efficiently. This transition from humans to computers is something the CIA has spent more than 30 years preparing for.

Read More...
posted about 20 hours ago on slashdot
More than 1 million children were victims of identity fraud in 2017, a new study from Javelin Strategy & Research found, costing a total of $2.6 billion. From a report: With limited financial history or existing account activity, children are the most likely to become victims of new-account fraud, the research showed. These attacks can occur before children even become active internet users, with some two-thirds of victims being under the age of eight. The overall numbers are likely even higher, said Al Pascual, research director at Javelin said, since their study relied on parents and guardians reporting cases of identity theft. In many cases, the parent or another relative may be the one using a child's identity to start a new account.

Read More...
posted about 21 hours ago on slashdot
Amazon lost control of some of its widely used cloud services for two hours on Tuesday morning when hackers exploited a known Internet-protocol weakness that allowed them to redirect traffic to rogue destinations, according to media reports. ArsTechnica: The attackers appeared to use one server masquerading as cryptocurrency website MyEtherWallet.com to steal digital coins from unwitting end users. They may have targeted other customers of Amazon's Route 53 service as well. The incident, which started around 6am California time, hijacked roughly 1,300 IP addresses, Oracle-owned Internet Intelligence said on Twitter. The malicious redirection was caused by fraudulent routes that were announced by Columbus, Ohio-based eNet, a large Internet service provider that is referred to as autonomous system 10297. Once in place, the eNet announcement caused some of its peers to send traffic over the same unauthorized routes. [...] Tuesday's event may also have ties to Russia, because MyEtherWallet traffic was redirected to a server in that country, security researcher Kevin Beaumont said in a blog post. The redirection came by rerouting domain name system traffic and using a server hosted by Chicago-based Equinix to perform a man-in-the-middle attack. MyEtherWallet officials said the hijacking was used to send end users to a phishing site. Participants in this cryptocurrency forum appear to discuss the scam site. Further reading: Hacker Hijacks DNS Server of MyEtherWallet to Steal $160,000 (BleepingComputer).

Read More...
posted about 21 hours ago on slashdot
The U.S. Supreme Court upheld an administrative review system that has helped Google, Apple and other companies invalidate hundreds of issued patents. From a report: The justices, voting 7-2, said Tuesday a U.S. Patent and Trademark Office review board that critics call a patent "death squad" wasn't unconstitutionally wielding powers that belong to the courts. Silicon Valley companies have used the system as a less-expensive way to ward off demands for royalties, particularly from patent owners derided as "trolls" because they don't use their patents to make products. Drugmakers and independent inventors complain that it unfairly upends what they thought were established property rights. "It came down to this: Is the patent office fixing its own mistakes or is the government taking property?" said Wayne Stacy, a patent lawyer with Baker Botts. "They came down on the side of the patent office fixing its own mistakes." The ruling caused shares to drop in companies whose main source of revenue -- their patents -- are under threat from challenges. VirnetX, which is trying to protect almost $1 billion in damages it won against Apple, dropped as much as 12 percent. The patent office has said its patents are invalid in a case currently before an appeals court.

Read More...
posted about 22 hours ago on slashdot
Cybercriminals have posted sensitive personal information, such as credit card and social security numbers, of dozens of people on Facebook and have advertised entire databases of private information on the social platform, Motherboard reports. Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them. From the report: As of Monday, there were several public posts on Facebook that advertised dozens of people's Social Security Numbers and other personal data. These weren't very hard to find. It was as easy as a simple Google search. Most of the posts appeared to be ads made by criminals who were trying to sell personal information. Some of the ads are several years old, and were posted as "public" on Facebook, meaning anyone can see them, not just the author's friends. Independent security researcher Justin Shafer alerted Motherboard to these posts Monday.

Read More...
posted about 23 hours ago on slashdot
An anonymous reader shares a report: The Senate Tuesday quietly confirmed President Donald Trump's nominee to lead the National Security Agency and U.S. Cyber Command. U.S. Army Cyber Command chief Lt. Gen. Paul Nakasone was unanimously confirmed by voice vote to serve as the "dual-hat" leader of both organizations. The two have shared a leader since the Pentagon established Cyber Command in 2009. He will replace retiring Navy Adm. Mike Rogers after a nearly four-year term. The Senate Intelligence and Armed Services committees both previously approved Nakasone's nomination by voice vote.

Read More...
posted about 23 hours ago on slashdot
goombah99 writes: Hacking and Hackers get a bum rap. Headline scream "Every Nitendo switch can be hacked." But that's good right? Just like farmers hacking their tractors or someone re-purposing a talking teddy bear. On the other hand, remote hacking a Intel processor backdoor or looting medical data base, that are also described as hacking, are ill-motivated. It seems like we need words with different connotations for hacking. One for things you should definitely do, like program an Arduino or teddy bear. One for things that are pernicious. And finally one for things that are disputably good/bad such as hacking DRM protected appliances you own. What viral sounds terms and their nuances would you suggest? Editor's note: We suggest reading this New Yorker piece "A Short History of 'Hack'", and watching this Defcon talk by veteran journalist Steven Levy on the creativeness and chutzpah of the early hackers.

Read More...
posted 1 day ago on slashdot
An anonymous reader shares a report: A patent filed by the social network describes how personality characteristics, including emotional stability, could be determined from people's messages and status updates. The firm is currently embroiled in a privacy scandal over the use of its data by a political consultancy. Facebook says it has never used the personality test in its products. The patent, first filed in 2012, is in the names of Michael Nowak and Dean Eckles. Mr Nowak has worked for Facebook for 10 years, while Prof Eckles now teaches at the Massachusetts Institute of Technology. The patent has been updated twice, most recently in 2016. The BBC has seen emails from Mr Eckles and other Facebook staff to University of Cambridge psychologists in which they discuss analysis of data to infer personality traits, and talk of using such research to improve the product for users and advertisers.

Read More...
posted 1 day ago on slashdot
An anonymous reader shares a report: In his landmark 1931 book An Essay on Typography, the British typographer Eric Gill discusses everything from the proper place for the tail of an 'R' to terminate to which type of word press might best serve the amateur typographer. He casts the printed word as sacred. But there's one thing -- a silent, steady workhorse found in nearly every book -- that Gill fails to address: the lowly page number. The functional role of the page number is simple: it provides order and sequence to a text. And while it is a supremely utilitarian design element, more thought is put into it than you might imagine. Should it go at the top or the bottom of the page? In the right or left margin? Or in the center? These are all conscious and deliberate choices made by designers.

Read More...
posted 1 day ago on slashdot
Atlanta is setting aside more than $2.6 million on recovery efforts stemming from a ransomware attack, which crippled a sizable part of the city's online services. ZDNet reports: The city was hit by the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. The ransom was set at around $55,000 worth of bitcoin, a digital cryptocurrency that in recent weeks has wildy fluctated in price. But the ransom was never paid, said Atlanta city spokesperson Michael Smith in an email. Between the ransomware attack and the deadline to pay, the payment portal was pulled offline by the ransomware attacker. According to newly published emergency procurement figures, the city is projected to spend as much as 50 times that amount in response to the cyberattack. Between March 22 and April 2, the city budgeted $2,667,328 in incident response, recovery, and crisis management.

Read More...
posted 1 day ago on slashdot
Spotify on Tuesday announced a new redesigned app for free customers, its first major change to the free tier in four years, as it attempts to lure more customers into buying its subscription service. Free listeners will now get on-demand access to 15 playlists; they can play any song they want in those playlists and are no longer stuck in a world of shuffled playback. From a report: The idea: If people get more stuff without paying, they are more likely to end up paying in the long run. The new mobile app gives free users the ability to play more songs on demand, from 15 pre-populated playlists -- some of which are personalized for individual users, like its popular "Discover Weekly" feature. Spotify has always let users listen to on-demand music for free via an ad-supported option -- it's the main thing that set the company apart from other streaming services in the past. But it has limited full, free access to its library of songs to desktop users, and limited what free users could get to on its mobile app. Today's move doesn't remove those limits entirely, but gives users more opportunity to sample. Paid users get full access to Spotify's entire catalog, on-demand, without ads. The new app also offers users the ability to stream songs with lower data usage. The company says users can save up to 75% of mobile data with data saver mode while streaming on 3G.

Read More...