posted 8 days ago on slashdot
An anonymous reader quotes The Guardian: The human rights group Cage is preparing to mount a legal challenge to UK anti-terrorism legislation over a refusal to hand over mobile and laptop passwords to border control officials at air terminals, ports and international rail stations... The move comes after its international director, Muhammad Rabbani, a UK citizen, was arrested at Heathrow airport in November for refusing to hand over passwords. Rabbani, 35, has been detained at least 20 times over the past decade when entering the UK, under schedule 7 of terrorism legislation that provides broad search powers, but this was the first time he had been arrested... On previous occasions, when asked for his passwords, he said he had refused and eventually his devices were returned to him and he was allowed to go. But there was a new twist this time: when he refused to reveal his passwords, he was arrested under schedule 7 provisions of the terrorism act and held overnight at Heathrow Polar Park police station before being released on bail. He expects to be charged on Wednesday. Rabbani "argues that the real objective...is not stopping terrorists entering the UK, but as a tool to build up a huge data bank on thousands of UK citizens." And his position drew support from Jim Killock, executive director of the UK-based Open Rights Group. "Investigations should take place when there is actual suspicion, and the police should be able to justify their actions on that basis, rather than using wide-ranging powers designed for border searches."

Read More...
posted 8 days ago on slashdot
An anonymous reader quotes NBC: In the race to the self-driving future, Lyft has agreed to work with Waymo, the self-driving car company owned by Google's parent company, to bring autonomous vehicles to the masses, both companies told NBC News on Sunday night. The announcement comes as Waymo has accused Lyft's biggest competitor, Uber, of stealing trade secrets from the company to advance its own self-driving operation... Both companies issued gushy statements about their new partners. Lyft said Waymo "holds today's best self-driving technology, and collaborating with them will accelerate our shared vision of improving lives with the world's best transportation." And Waymo applauded Lyft's "vision and commitment to improving the way cities move", saying it would help their technology "reach more people, in more places."

Read More...
posted 8 days ago on slashdot
An anonymous reader writes:Thursday the FCC stopped accepting comments as part of long-standing rules "to provide FCC decision-makers with a period of repose during which they can reflect on the upcoming items" before their May 18th meeting. Techdirt wondered if this time to reflect would mean less lobbying from FCC Chairman Ajit Pai, but on Friday Pai recorded a Jimmy Kimmel-style video mocking mean tweets, with responses Gizmodo called "appalling" and implying "that anyone who opposes his cash grab for corporations is a moron." Meanwhile, Wednesday The Consumerist reported the FCC's sole Democrat "is deploying some scorched-earth Microsoft Word table-making to use FCC Chair Ajit Pai's own words against him." (In 2014 Pai wrote "A dispute this fundamental is not for us five, unelected individuals to decide... We should also engage computer scientists, technologists, and other technical experts to tell us how they see the Internet's infrastructure and consumers' online experience evolving.") But Pai seemed to be mostly sticking to friendlier audiences, appearing with conservative podcasters from the Taxpayer Protection Alliance, the AEI think tank and The Daily Beast. The Verge reports the flood of fake comments opposing Net Neutrality may have used names and addresses from a breach of 1.4 billion personal information records from marketing company River City Media. Reached on Facebook Messenger, one woman whose named was used "said she hadn't submitted any comments, didn't live at that address anymore and didn't even know what net neutrality is, let alone oppose it." Techdirt adds "If you do still feel the need to comment, the EFF is doing what the FCC itself should do and has set up its own page at DearFCC.org to hold any comments."

Read More...
posted 8 days ago on slashdot
An anonymous reader shares Engadget's report about Microsoft's response to the massive WanaDecrypt0r ransomware attack: Company president Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There's an "emerging pattern" of these stockpiles leaking out, he says, and they cause "widespread damage" when that happens. He goes so far as to liken it to a physical weapons leak -- it's as if the US military had "some of its Tomahawk missiles stolen"... Microsoft had already floated the concept of a "Digital Geneva Convention" that required governments to report security holes, but the idea has gained a new sense of urgency in light of the recent ransomware chaos... While Microsoft makes its own efforts by rushing out patches and sharing concerns with other companies, it also chastises customers who could have closed the WannaCry hole two months earlier but didn't. BrianFagioli shared a BetaNews article arguing Microsoft "should absolutely not shoulder any of the responsibility. After all, the vulnerability that led to the disaster was patched back in March." But troublemaker_23 notes that ITwire still faults Microsoft for not planning ahead, since in February 150 million people were still using Windows XP.

Read More...
posted 9 days ago on slashdot
An anonymous reader writes: "The Wana Decrypt0r ransomware -- also known as WCry, WannaCry, WannaCrypt, and WanaCrypt0r -- infected a honeypot server made to look like a vulnerable Windows computer six times in the span of 90 minutes, according to an experiment carried out by a French security researcher that goes online by the name of Benkow," reports BleepingComputer. "During one of those infections, Wana Decrypt0r infected the honeypot in a mere three minutes after it was reset, showing the aggressive nature of the ransomware's scanning module, which helps it spread to new victims... Three minutes is about the same amount of time IoT malware will infect a vulnerable home router left connected to the Internet without patches." The article also highlights the fact that the group behind this threat is possibly made of inexperienced coders, who just stumbled upon a way to weaponize an NSA exploit. Their three previous WanaDecrypt0r campaigns were mundane, and one researcher called their code "utter [expletive]." This is because WanaDecrypt0r is actually made of two main modules, the ransomware itself, and the SMB worm (based on the NSA exploit). While the SMB worm is top-shelf code, the ransomware itself is quite unsophisticated, making a lot of operational errors, including using only 3 Bitcoin wallets to handle payments, instead of one per infected user, as most top-shelf ransomware does. This makes it difficult to tell which victims paid and who didn't, as anyone could claim "x" transaction is theirs, even if they didn't pay.

Read More...
posted 9 days ago on slashdot
An anonymous reader quotes Deadline: Netflix, Amazon and Hulu will be paying a lot more in writers' residuals under the new WGA film and TV contract. New details, outlined by WGA West, reveal that high-budget shows they run will generate anywhere between $3,448-$34,637 more residuals per episode over the life of the three-year contract than they did under the old contract, depending on the platform and the length of the show. Essentially, it's the same deal the Director's Guild of America got in their negotiations last December. The WGA contract, which has been unanimously approved by the WGA West board and the WGA East council, now goes to the guilds' members for final ratification. Voting begins Friday and concludes May 24. For every half-hour of a high-budget show, Netflix will be paying $19,058 more in residuals than it did under the old contract.

Read More...
posted 9 days ago on slashdot
The EFF is issuing a warning about the "tiny homunculus computer" in most of Intel's chipsets -- the largely-undocumented "Management Engine" which houses more than just the AMT module. An anonymous reader quotes their report: While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one....vulnerabilities in any of the other modules could be as bad, if not worse, for security. Some of the other modules include hardware-based authentication code and a system for location tracking and remote wiping of laptops for anti-theft purposes... It should be up to hardware owners to decide if this code will be installed in their computers or not. Perhaps most alarmingly, there is also reportedly a DRM module that is actively working against the user's interests, and should never be installed in a Management Engine by default... While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems. TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."

Read More...
posted 9 days ago on slashdot
Slashdot reader Dan Drollette shares an article by the executive director and publisher of the Bulletin of the Atomic Scientists:On Friday, an elite group of the world's nuclear experts and advisers launched a Nuclear Crisis Group, to help manage the growing risk of nuclear conflict. The group includes leading diplomats with decades of experience, and retired military officers who were once responsible for launching nuclear weapons if given the order to do so. China, India, Pakistan, Russia, and the United States, all countries that have nuclear weapons, are represented. The group intends to create a "shadow security council," or an expert group capable of providing advice to world leaders on nuclear matters... Building on grass-roots support, the Nuclear Crisis Group could serve as a brake on nuclear escalation and be an early step in reversing the downward nuclear security spiral. Not only will they be able to offer expertise to inexperienced leaders who are dabbling in nuclear security, but they will be able to develop and endorse proposals that could make the world safer such as expanding the decision time that leaders have to respond to a nuclear threat, further protecting nuclear systems against cyber attacks and unintended escalations, reenergizing the appetite for arms control negotiations, and questioning global nuclear upgrade programs.

Read More...
posted 9 days ago on slashdot
schwit1 shares an article from ScienceAlert: Quantum communication is a strange beast, but one of the weirdest proposed forms of it is called counterfactual communication -- a type of quantum communication where no particles travel between two recipients. Theoretical physicists have long proposed that such a form of communication would be possible, but now, for the first time, researchers have been able to experimentally achieve it -- transferring a black and white bitmap image from one location to another without sending any physical particles... It works based on the fact that, in the quantum world, all light particles can be fully described by wave functions, rather than as particles. So by embedding messages in light the researchers were able to transmit this message without ever directly sending a particle. It's different than quantum entanglement (which Einstein described as "spooky action at a distance.") The article describes it as "a pretty cool demonstration of just how bizarre and unexplored the quantum world is."

Read More...
posted 9 days ago on slashdot
An anonymous reader writes: Will millions be unemployed after a job-destroying robot apocalypse? That's "starkly at odds with the evidence," argues a Wall Street Journal columnist, who says the real problem is robots aren't destroying enough jobs. "Too many sectors, such as health care or personal services, are so resistant to automation that they are holding back the entire country's standard of living." Noting that "churn relative to total employment" is the lowest it's ever been, he writes that "The pessimism would be more plausible if the evidence weren't moving in exactly the opposite direction... "In April, nonfarm private employment rose for the 86th straight month, the longest such streak on record. Monthly job creation has averaged 185,000 this year, more than double what the U.S. can sustain given its demographics. This has driven unemployment down to 4.4%, a 10-year low and below most estimates of 'full employment.' Growing labor shortages have boosted the typical worker's annual wage gain to more than 3% now from 2% in 2012, according to the Federal Reserve Bank of Atlanta. Instead of worrying about robots destroying jobs, business leaders need to figure out how to use them more, especially in low-productivity sectors... The alternative is a tightening labor market that forces companies to pay ever higher wages that must be passed on as inflation, which usually ends with recession. "That is a more imminent threat than an army of androids."

Read More...
posted 9 days ago on slashdot
An anonymous reader writes: Saturday night saw the announcement of an experimental Perl 5 to Java compiler. "This is the first release," posted developer FlÃvio S. Glock -- after 100 weeks of development. "Note that you don't need to compile a Java file. Perlito5 now compiles the Perl code to JVM bytecode in memory and executes it." He describes the compiler as "a work-in-progress" that "provides an impressive coverage of Perl features, but it will not run most existing Perl programs due to platform differences."

Read More...
posted 9 days ago on slashdot
An anonymous reader quotes InfoWorld: CockroachDB, an open source, fault-tolerant SQL database with horizontal scaling and strong consistency across nodes -- and a name few people will likely forget -- is now officially available. Cockroach Labs, the company behind its development, touts CockroachDB as a "cloud native" database solution -- a system engineered to run as a distributed resource. Version 1.0 is available in both basic and for-pay editions, and both boast features that will appeal to enterprises. The company is rolling the dice with its handling of the enterprise edition by also making those components open source and trusting that enterprises will pay for what they use in production.

Read More...
posted 9 days ago on slashdot
"If you're an employee under the heel of a giant corporation you should probably be terrified by the vision of the future of connected gadgets that Microsoft just revealed at its Build developer conference here in Seattle," warns Gizmodo. Slashdot reader dryriver writes: Gizmodo reports on a Microsoft Workplace Monitoring demo where CCTV cameras watch a workplace -- like a construction site -- on 24/7 basis, and AI algorithms constantly oversee and evaluate what is happening in that workplace. The system can track where employees are, where physical equipment and tools are at what time, who does what at what time in this workplace and apparently use Cloud-based AI of some sort to evaluate what is happening in the workplace being monitored. Spotting employees misbehaving, breaking workplace rules or putting themselves and expensive equipment at risk may be the intended "value proposition" this system brings to the workplace. Another aspect may be reducing insurance premiums employers pay by creating a strict, highly monitored work environment. But the system is also very Big Brother -- an AI is monitoring people and equipment in a workplace in realtime at all times, and all the data ends up being processed in the Microsoft Cloud. Gizmodo gave their article the title, "Microsoft's Latest Workplace Tech Demos Creep Me Out."

Read More...
posted 9 days ago on slashdot
Theresa May's party "is expected to win a majority at the June 8 election," reports Reuters -- and she's promising they'll pass new social media laws. An anonymous reader quotes Politico: They want to introduce a new measure that could fine or punish internet firms which fail to adequately flag and take down content harmful to minors or "direct users unintentionally to hate speech, pornography or other sources of harm," according to a press release. "The internet has brought a wealth of opportunity but also significant new risks which have evolved faster than society's response to them," May said. "We want social media companies to do more to help redress the balance and will take action to make sure they do"... The Conservative digital platform also promises to better protect Brits' personal information, compelling social media companies to trash user records from before the age of 18. The party plans to encourage the development of digital by default government and business services, as well.

Read More...
posted 9 days ago on slashdot
An anonymous reader quotes Krebs On Security: As thousands of organizations work to contain and clean up the mess from this week's devastating Wana ransomware attack, the fraudsters responsible for releasing the digital contagion are no doubt counting their earnings and congratulating themselves on a job well done. But according to a review of the Bitcoin addresses hard-coded into Wana, it appears the perpetrators of what's being called the worst ransomware outbreak ever have made little more than USD $26,000 so far from the scam... It's worth noting that the ransom note Wana popped up on victim screens (see screenshot above) included a "Contact Us" feature that may have been used by some victims to communicate directly with the fraudsters... I find it depressing to think of the massive financial damage likely wrought by this ransom campaign in exchange for such a comparatively small reward.

Read More...
posted 9 days ago on slashdot
This question was inspired by a recent article in Harvard Business Review: It's become abundantly clear that passwords are an untenable way to secure our data online. And asking your customers to keep track of complicated log-in information is a terrible user experience... The threat to security when relying on passwords is one reason businesses are increasingly migrating to biometric systems. Identity verification through biometrics can ensure greater security for personal information, while also providing customers with a more seamless experience in the digital environment of smartphones, tablets, sensors, and other devices... the idea is to verify someone's identity with a high degree of assurance by tying it to multiple mechanisms at once, known as biometric modalities [which] when used in concert, can provide a significantly safer environment for the customer, and are much easier to use... [I]f an app simultaneously requires a thumbprint, a retina scan, and a vocal recognition signature, it would be close to impossible for a bad actor to replicate that in the seconds needed to open the app. This got me curious -- are Slashdot's readers already seeing biometric verification systems in their own lives? Share your experiences in the comments, as well as your informed opinion. Do you think businesses should be switching to biometric passwords?

Read More...
posted 9 days ago on slashdot
Amanda Palmer says abandoning the commercial music industry for a subscription model made it possible to take more chances, like a new album with psychedelia artist Edward Ka-Spel. An anonymous reader quotes Digital Trends: I spent my whole life in this music industry trying to figure out how to sell what I'm making. But I don't "sell" anymore -- I just have this magical net of supporters who are supporting me whether I choose to make a record with Edward or make a record with my dad, which I did last year... [S]ometimes, you absolutely want to do ridiculous, noncommercial stuff. The Patreon patrons have been a godsend in that sense. I've had to continually re-educate myself that this isn't about selling music. It's about making music. I got so used to those two being inseparable that it took a lot of psychological work to divorce the processes. She says her supporters "haven't just promised; they've put down their credit card." And Neil Gaiman, her husband, also strongly endorses the freedom to experiment. "If, as an artist, you ever listen to your fans' demands, and their demands are always insisting you make the last thing they liked again, you would go nowhere."

Read More...
posted 9 days ago on slashdot
An anonymous reader quotes the Bay Area Newsgroup: Wells Fargo may have opened as many as 3.5 million bogus bank accounts without its customers' permission, attorneys for customers suing the bank have alleged in a court filing, suggesting the bank may have created far more fake accounts than previously indicated. The plaintiffs' new estimate of bogus bank accounts is about 1.4 million, or 67%, higher than the original estimate -- disclosed last year as part of a settlement with regulators -- that up to 2.1 million accounts were opened without customers' permission... The attorneys covered a period from 2002 to 2017, rather than the previously scrutinized five-year stretch from 2011 to some time in 2016 in which the bank acknowledged setting up unauthorized accounts. Wells Fargo terminated 5,300 employees for creating fake accounts, and their CEO now acknowledges that "we had an incentive program and a high-pressure sales culture within our community bank that drove behavior that many times was inappropriate and inconsistent with our values." In a possibly-related story, Wells Fargo plans to shut 450 branches over the next two years.

Read More...
posted 10 days ago on slashdot
Remember that "kill switch" which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. "I can confirm we've had versions without the kill switch domain connect since yesterday," Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday... Another researcher confirmed they have seen samples of the malware without the killswitch.

Read More...
posted 10 days ago on slashdot
Big Hairy Ian shared this story from the BBC: Undercover counter-extremism officers used hackers in India to access the emails of journalists and environmental activists, it has been claimed... The Independent Police Complaints Commission said it had received an anonymous letter, which alleged covert officers from the Metropolitan Police's National Domestic Extremism and Disorder Intelligence Unit contacted Indian police officers for help to enlist hackers. The letter alleges the hackers accessed the email accounts of hundreds of people, including members of political and environmental pressure groups and journalists. "The letter said the monitoring included the 'email accounts of radical journalists who reported on activist protests (as well as sympathetic photographers) including at least two employed by the Guardian newspaper,'" the Guardian reports, adding that the letter provided the names of 10 campaigners -- and the passwords for their accounts.

Read More...
posted 10 days ago on slashdot
After Sunday's election in France, Macron's victory "is likely to be a boon for the French digital economy and its startup scene," writes a foreign policy think tank blog, "but the country's frosty relationship with U.S. tech companies is likely to remain over the next five years." Yet even before he was elected as France's new president, Emmanuel Macron was already warning the U.S. that withdrawing from the international Paris Climate change agreement could cost America its brightest innovators. Thelasko writes: French President elect Emmanuel Macron has a message to U.S. scientists and engineers working on climate change. "Please, come to France. You are welcome. It's your nation. We like innovation. We want innovative people. We want people working on climate change, energy renewables and new technologies. France is your nation." Newsweek reports this week that without America's involvement, the Paris Climate agreement "will have no way of meeting its goals of reducing global net carbon emissions" -- but that Macron could persuade the U.S. to honor its agreement. ("It reportedly took just one phone call conversation between Canadian Prime Minister Justin Trudeau and the president for Trump to reconsider withdrawing entirely for NAFTA, another international agreement signed into law prior to his tenure in the Oval Office.") And in the meantime, Macron has also promised not to cut France's energy-research budget, and will even reinforce it "to accelerate our initiative."

Read More...
posted 10 days ago on slashdot
An anonymous reader quotes ZDNet: With this week's monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft's browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January's stable release of Chrome 56, and Firefox's February cut-off... Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3... Once Tuesday's updates are installed, Microsoft's browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site's certificate.

Read More...
posted 10 days ago on slashdot
Thelasko quotes a report from Ars Technica: Ahead of Google I/O, Google has just dropped a bombshell of a blog post that promises, for real this time, that it is finally doing something about Android's update problems. "Project Treble" is a plan to modularize the Android OS, separating the OS framework code from "vendor specific" hardware code. In theory, this change would allow for a new Android update to be flashed on a device without any involvement from the silicon vendor. Google calls it "the biggest change to the low-level system architecture of Android to date," and it's already live on the Google Pixel's Android O Developer Preview. This is not a magic bullet that will solve all of Android's update problems, however. After an update is released, Google lists three steps to creating an Android update: 1. Silicon manufacturers (Qualcomm, Samsung Exynos, etc) "modify the new release for their specific hardware" and do things like make sure drivers and power management will still work. 2. OEMs (Samsung, LG, HTC) step in and "modify the new release again as needed for their devices." This means making sure all the hardware works, rebranding Android with a custom skin, adding OEM apps, and modifying core parts of the Android OS to add special features like (before 7.0) multi-window support. 3. Carriers add more apps, more branding, and "test and certify the new release."

Read More...
posted 10 days ago on slashdot
An anonymous reader quotes the AP: Teams of technicians worked "round the clock" Saturday to restore hospital computer systems in Britain and check bank or transport services in other nations after a global cyberattack hit dozens of countries and crippled the U.K.'s health system. The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. [Windows XP, Windows 8, and Windows Server 2003] An anonymous reader writes: The patches are available for download from here. Microsoft also advises companies and users to disable the Windows Server Message Block version 1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3... Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010 [which] included fixes for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016. Below the fold are more stories about the WanaDecrypt0r ransomware.

Read More...
posted 10 days ago on slashdot
Tekla Perry writes: HBO's fictional Silicon Valley character Richard Hendricks sets out to reinvent the Internet into something decentralized. ["What if we used all those phones to build a massive network...we could build a completely decentralized version of our current Internet with no firewalls, no tolls, no government regulation, no spying. Information would be totally free in every sense of the word."] That sound a lot like what Brewster Kahle, Tim Berners-Lee, and Vint Cerf have been calling the decentralized web. Kahle tells IEEE Spectrum about how closely HBO's vision matches his own, and why he's happy to have this light shined on the movement. In 2015 Kahle pointed out the current web isn't private. "People, corporations, countries can spy on what you are reading. And they do." But in a decentralized web, "the bits will be distributed -- across the net -- so no one can track the readers of a site from a single point or connection." He tells IEEE Spectrum that though the idea is hard to execute, a lot of people are already working on it. "I recently talked to a couple of engineers working for Mozilla, and brought up the idea of decentralizing the web. They said, 'Oh, we have a group working on that, are you thinking about that as well?'"

Read More...