posted 6 days ago on slashdot
itwbennett writes: On Tuesday, Steve Ragan's GoDaddy account was compromised. He knew it was coming, but considering the layered account protections used by the world's largest domain registrar, he didn't think the attacker would be successful. He was wrong. Within days, the attacker gained control over Steve's account just by speaking to customer support and submitting a Photoshopped ID.

Read More...
posted 6 days ago on slashdot
jones_supa writes: Hardware that sports the "Designed for Windows 8" logo requires machines to support UEFI Secure Boot. When the feature is enabled, the core software components used to boot the machine are verified for correct cryptographic signatures, or the system refuses to boot. This is a desirable security feature, because it protects from malware sneaking into the boot process. However, it has an issue for alternative operating systems, because it's likely they won't have a signature that Secure Boot will authorize. No worries, because Microsoft also mandated that every system must have a UEFI configuration setting to turn the protection off, allowing booting other operating systems. This situation may now change. At its WinHEC hardware conference in Shenzhen, China, Microsoft said the setting to allow Secure Boot to be turned off will become optional when Windows 10 arrives. Hardware can be "Designed for Windows 10," and offer no way to opt out of the Secure Boot lock down. The choice to provide the setting (or not) will be up to the original equipment manufacturer.

Read More...
posted 6 days ago on slashdot
An anonymous reader writes: A post at the Planetary Society's blog summarizes a report from NASA's Office of Inspector General which says the agency will struggle to get launch facilities up and running in time for the Space Launch System's November 2018 launch deadline. "Ground systems are a critical piece of the SLS-Orion infrastructure. All three elements are tightly integrated, with ground systems requiring significant input from the rocket and capsule designs." To be more specific, NASA has found 462 separate inter-dependencies, less than two-thirds of which have been resolved so far. "The Mobile Launcher must be moved into the Vehicle Assembly Building for testing prior to the delivery of SLS and Orion. When it comes time to stack the rocket and capsule for the first flight, there may be a 'learning curve,' said the OIG, where engineers work through unforeseen glitches." They're also worried about having to develop all the software to run these systems before the hardware is in place to test.

Read More...
posted 6 days ago on slashdot
Tom Henderson, Principal Researcher at ExtremeLabs Inc., is not a cloud fan. He is a staunch privacy advocate, and this is the root of his distrust of companies that store your data in their memories instead of yours. You can get an idea of his (dis)like of vague cloud privacy protections and foggy vendor service agreements from the fact that his Network World columnn is called Thumping the Clouds. We called Tom specifically to ask him about a column entry titled The downside to mass data storage in the cloud. Today's video covers only part of what Tom had to say about cloud privacy and information security, but it's still an earful and a half. His last few lines are priceless. Watch and listen, or at least read the transcript, and you'll see what we mean.

Read More...
posted 6 days ago on slashdot
StartsWithABang writes: Sure, it's easy today to look at the Sun and know it's a ball of (mostly) hydrogen, generating energy by combining those protons in a chain into helium through the process of nuclear fusion. But before we even knew that nuclear fusion was possible, we needed to figure out what the Sun was made out of, a more difficult task than you'd imagine. The credit was given to Henry Norris Russell (of Hertzsprung-Russell diagram fame), but he completely stole the work from a woman you never heard of: his student, Cecilia Payne, after discouraging her from publishing her work on the subject four years prior.

Read More...
posted 6 days ago on slashdot
An anonymous reader writes: A law approved in France Thursday now requires all new rooftops in commercial zones to be covered in plants or solar panels. "Green roofs have an isolating effect, helping reduce the amount of energy needed to heat a building in winter and cool it in summer. They also retain rainwater, thus helping reduce problems with runoff, while favoring biodiversity and giving birds a place to nest in the urban jungle, ecologists say." The law was actually watered down from its original version — businesses only have to cover part of their roof. In other solar power news, reader SpzToid notes that despite earlier worries, the European power grid handled the solar eclipse just fine

Read More...
posted 6 days ago on slashdot
An anonymous reader writes: A Canadian court has issued its ruling on the costs (PDF) in the Voltage — TekSavvy case, a case involving the demand for the names and address of thousands of TekSavvy subscribers by Voltage on copyright infringement grounds. Last year, the court opened the door to TekSavvy disclosing the names and addresses, but also established new safeguards against copyright trolling in Canada. The court awarded only a fraction of the costs sought by TekSavvy, which sends a warning signal to ISPs that getting involved in these cases can lead to significant costs that won't be recouped. That is a bad message for privacy. So is the likely outcome for future cases (should they arise) with subscribers left with fewer notices and information from their ISP given the costs involved and the court's decision to not compensate for those costs.

Read More...
posted 6 days ago on slashdot
An anonymous reader writes: Current standards of network timekeeping are inadequate to some of the critical systems that are being envisaged for the Internet of Things, according to a report (PDF) by the National Institute of Standards and Technology (NIST). The report says, "A new economy built on the massive growth of endpoints on the internet will require precise and verifiable timing in ways that current systems do not support. Applications, computers, and communications systems have been developed with modules and layers that optimize data processing but degrade accurate timing." NIST's Chad Boutin likens current network accuracy to an attempt to synchronize watches via the postal system, and suggests that remote medicine and self-driving cars will need far higher standards in order not to put lives at risk. He says, "modern computer programs only have probabilities on execution times, rather than the strong certainties that safety-critical systems require."

Read More...
posted 6 days ago on slashdot
mi writes: We've always suspected that Google might tweak its search algorithms to gain an advantage over its rivals — and, according to an FTC investigation inadvertently shared with the Wall Street Journal, it did. Quoting: "In a lengthy investigation, staffers in the FTC's bureau of competition found evidence that Google boosted its own services for shopping, travel and local businesses by altering its ranking criteria and "scraping" content from other sites. It also deliberately demoted rivals. For example, the FTC staff noted that Google presented results from its flight-search tool ahead of other travel sites, even though Google offered fewer flight options. Google's shopping results were ranked above rival comparison-shopping engines, even though users didn't click on them at the same rate, the staff found. Many of the ways Google boosted its own results have not been previously disclosed.

Read More...
posted 6 days ago on slashdot
darthcamaro writes: Every year, browser vendors patch their browsers ahead of the annual HP Pwn2own browser hacking competition in a bid to prevent exploitation. The sad truth is that it's never enough. This year, security researchers were able to exploit fully patched versions of Mozilla Firefox, Google Chrome, Microsoft Internet Explorer 11 and Apple Safari in record time. For their efforts, HP awarded researchers $557,500. Is it reasonable to expect browser makers to hold their own in an arms race against exploits? "Every year, we run the competition, the browsers get stronger, but attackers react to changes in defenses by taking different, and sometimes unexpected, approaches," Brian Gorenc manager of vulnerability research for HP Security Research said.

Read More...
posted 6 days ago on slashdot
schwit1 writes: New analysis of lunar geology combined with gravity data from GRAIL suggests the Moon could harbor lava tubes several miles wide. "David Blair, a graduate student in Purdue's Department of Earth, Atmospheric and Planetary Sciences, led the study that examined whether empty lava tubes more than 1 kilometer wide could remain structurally stable on the moon. 'We found that if lunar lava tubes existed with a strong arched shape like those on Earth, they would be stable at sizes up to 5,000 meters, or several miles wide, on the moon,' Blair said. 'This wouldn't be possible on Earth, but gravity is much lower on the moon and lunar rock doesn't have to withstand the same weathering and erosion. In theory, huge lava tubes – big enough to easily house a city – could be structurally sound on the moon.'" You can read their paper here (PDF). If this is so, then the possibility of huge colonies on the Moon increases significantly, as it will be much easier to build these colonies inside such lava tubes.

Read More...
posted 6 days ago on slashdot
An anonymous reader writes: Metal Gear creator Hideo Kojima is set to leave the video game publisher Konami, ending 29 years of service. Konami had announced a restructuring earlier this year, and observant fans recently noticed the removal of references to Kojima Productions from the company's web site. A source speaking to Gamespot states that both developments are the result of a "power struggle" between the studio and its parent. Konami has now confirmed to the English-speaking press that Kojima will work on The Phantom Pain until it is completed, but they are searching for new staff to take over the Metal Gear series. Kojima's only other announced project was Silent Hills, a horror game created in collaboration with Guillermo del Toro.

Read More...
posted 6 days ago on slashdot
siddesu sends this report from The Intercept: German Vice Chancellor Sigmar Gabriel said this week in Homburg that the U.S. government threatened to cease sharing intelligence with Germany if Berlin offered asylum to NSA whistleblower Edward Snowden or otherwise arranged for him to travel to that country. 'They told us they would stop notifying us of plots and other intelligence matters,' Gabriel said.

Read More...
posted 6 days ago on slashdot
siddesu sends this report from The Intercept: German Vice Chancellor Sigmar Gabriel said this week in Homburg that the U.S. government threatened to cease sharing intelligence with Germany if Berlin offered asylum to NSA whistleblower Edward Snowden or otherwise arranged for him to travel to that country. 'They told us they would stop notifying us of plots and other intelligence matters,' Gabriel said.

Read More...
posted 6 days ago on slashdot
itwbennett writes: More than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them. Most of the routers have a 'directory traversal' flaw in a firmware component called webproc.cgi that allows hackers to extract sensitive configuration data, including administrative credentials. The flaw isn't new and has been reported by multiple researchers since 2011 in various router models.

Read More...
posted 6 days ago on slashdot
An anonymous reader writes: We've previously discussed a system called CRISPR-cas9, which is dramatically reducing the cost and effort required to do gene editing. In fact, the barrier to entry is now so low that a group of biologists is calling for a moratorium on using the method to modify the human genome. Writing in the journal Science (abstract), the scientists warn that we've reached the point where the ethical questions surrounding DNA alteration can be put off no longer. David Baltimore, one of the group's members, said, "You could exert control over human heredity with this technique, and that is why we are raising the issue. ... I personally think we are just not smart enough — and won't be for a very long time — to feel comfortable about the consequences of changing heredity, even in a single individual." Another group of scientists called for a similar halt to human germline modification, and the International Society for Stem Cell Research says it agrees.

Read More...
posted 6 days ago on slashdot
sarahnaomi sends word of new biometric technologies coming to U.S. entry points. "The facial recognition pilot program launched last week by U.S. Customs and Border Protection, which civil liberties advocates say could lead to new potentially privacy-invading programs, is just the first of three biometric experiments that the feds are getting ready to launch. The three experiments involve new controversial technologies like iris and face scanner kiosks, which CBP plans to deploy at the Mexican border, and facial recognition software, according to a leaked document obtained by Motherboard. All three pilots are part of a broader Customs and Border Protection program to modernize screenings at American entry and exit ports, including at the highly politicized Mexican border, with the aid of new biometric technologies. The program is known as Apex Air Entry and Exit Re-Engineering Project, according to the leaked slides. These pilot programs have the goal of "identifying and implementing" biometric technologies that can be used at American borders to improve the immigration system as well as US national security, according to the slides."

Read More...
posted 6 days ago on slashdot
schwit1 writes Amazon.com announced the launch Thursday of its one-hour delivery service, Prime Now, in select zip codes in Baltimore and Miami. It initially launched in Manhattan in December. The one-hour service, available to Amazon Prime subscribers through the Prime Now mobile app, costs $7.99. Two-hour delivery is free. From the article: "Amazon Prime's success has blown away the company's projections and 'petrified' local and national retailers, said Howard Davidowitz, chairman of Davidowitz & Associates, a national retail consulting and investment banking firm headquartered in New York City. 'If you're a retailer and you're not scared of Amazon ... you should be,' he said. 'They are the change agent. They are leading the change in retail.'"

Read More...
posted 7 days ago on slashdot
itwbennett writes Target has agreed to pay $10 million in a proposed settlement to a class-action lawsuit stemming from its massive 2013 data breach, which affected as many as 110 million people. Individual victims could receive up to $10,000. The proposed settlement also includes measures to better protect the customer data that Target collects, according to documents filed with the U.S. District Court, District of Minnesota.

Read More...
posted 7 days ago on slashdot
First time accepted submitter Orange Roughy writes New Zealand customs are seeking powers to obtain passwords and encryption keys for travelers. Supposedly they will only act to obtain credentials if it was acting on 'some intelligence or observation of abnormal behaviour.' People who refuse to hand over credentials could face up to three months jail time. From the story: "Customs boss Carolyn Tremain has told MPs the department would only request travellers hand over passwords to their electronic devices if it had a reason to be suspicious about what was on them. The department unleashed a furore last week when it said in a discussion paper that it should be given unrestricted power to force people to divulge passwords to their smartphones and computers at the border. That would be without Customs officials having to show they had any grounds for suspicion."

Read More...
posted 7 days ago on slashdot
An anonymous reader writes Luxury Swiss watchmaker Tag Heuer has announced it will be designing a smartwatch in partnership with U.S. tech giants Google and Intel. The watch is to rival similar devices in the consumer wearables market, specifically the much-anticipated Apple Watch. Tag is the first watchmaker to join with Google, however it is thought the deal will also welcome collaborations with other high-quality LVMH brands, such as Hublot and Zenith. The watch will be available toward the end of the year, with price structures and functionality details announced shortly before its release.

Read More...
posted 7 days ago on slashdot
First time accepted submitter abhishekmdb writes Shane Tusch faked his suicide in an attempt to test the authenticity of Facebook suicide prevention tool and got detained for 72 hours. Facebook has rolled out a set of tools to keep a check on its users who are having suicidal tendencies and prevent these users from suicidal attempts. In case some user is having suicidal thoughts and mentions that in the Facebook posts and if a friend of that user reports it to Facebook then a third party will immediately review the post and Facebook would lock the suicidal user's account and the user will be made to read Facebook's suicide prevention materials.

Read More...
posted 7 days ago on slashdot
mpicpp sends word that Amazon drones may soon deliver your packages. "Amazon.com Inc has won U.S. federal regulators' approval to test a delivery drone, as the e-commerce giant pursues a vision of speeding packages to customers through the air amid public concern over the safety and privacy implications. The Federal Aviation Administration said on Thursday it had issued an experimental airworthiness certificate to an Amazon unit and its prototype drone design, allowing it to conduct outdoor test flights on private, rural land in Washington state. The experimental certificate applies to a particular drone design and Amazon must obtain a new certification for test flights if it modifies the drone. In return, the company must supply monthly data to the regulators, and conduct flights at 400 feet (120 meters) or below and in 'visual meteorological conditions,' according to the FAA's certificate. The drone operators must also have a private pilots' license and current medical certification."

Read More...
posted 7 days ago on slashdot
donniebaseball23 writes In an editorial at GamesIndustry.biz, Brendan Sinclair asks an important question about the game ratings board in America. Should Strauss Zelnick, the CEO of Take-Two, which owns the Grand Theft Auto franchise and has been at the heart of the ESRB's biggest controversies of the last decade, really be serving at its chairman? "No matter how removed from the day-to-day running of the ESRB Zelnick might be, his current role invites accusations of impropriety," he writes. "It's the sort of thing any critic of the games industry can point to as a clear conflict of interest, and many reasonable outsiders would probably look at that as a valid complaint. At least when titans of industry in the U.S. become the head of the regulatory agencies that oversee their former companies, they actually have to leave those companies."

Read More...
posted 7 days ago on slashdot
An anonymous reader writes with this story about some of the fine print to Microsoft's offer of Windows 10 upgrades to pirates. "When Microsoft confirmed it will offer free Windows 10 upgrades to pirates worldwide, many were shocked. VentureBeat has been trying to get more details from the company, which disclosed today that after PCs with pirated copies of Windows 7 and Windows 8.1 are upgraded to Windows 10, they will remain in a 'non-genuine' status and Microsoft will not support them. 'With Windows 10, although non-genuine PCs may be able to upgrade to Windows 10, the upgrade will not change the genuine state of the license,' a Microsoft spokesperson told VentureBeat. 'Non-genuine Windows is not published by Microsoft. It is not properly licensed or supported by Microsoft or a trusted partner. If a device was considered non-genuine or mislicensed prior to the upgrade, that device will continue to be considered non-genuine or mislicensed after the upgrade. According to industry experts, use of pirated software, including Non-genuine Windows, results in a higher risk of malware, fraud — identity theft, credit card theft, etc. — public exposure of your personal information, and a higher risk for poor performance or feature malfunctions.' Yet this doesn't provide enough answers. After a pirate upgrades to Windows 10 for free, does this 'non-genuine' version expire and become unusable after a certain period of time? Does no support mean no security updates for pirates?"

Read More...