Verizon

Verizon Accused of Helping Spammers By Routing Millions of Stolen IP Addresses (spamhaus.org) 7

Posted by Soulskill from the turning-a-blind-IP dept.
An anonymous reader writes: Spamhaus, an international non-profit organization that hunts down spammers, is accusing Verizon of indifference and facilitation of cybercrime because it failed for the past six months to take down stolen IP routes hosted on its network from where spam emails originated. Spamhaus detected over 4 million IP addresses, mainly stolen from China and Korea, and routed on Verizon's servers with forged paperwork. Spamhaus says, "For a start, it seems very strange that a large US-based ISP can be so easily convinced by abusers to route huge IP address blocks assigned to entities in the Asian-Pacific area. Such blocks are not something that can go unnoticed in the noise of everyday activity. They are very anomalous, and should call for an immediate accurate verification of the customer. Internal vetting processes at large ISPs should easily catch situations so far from normality."
Internet Explorer

Microsoft Ends Support For Internet Explorer 8-10 and Windows 8 (venturebeat.com) 23

Posted by Soulskill from the done-and-done dept.
An anonymous reader writes: Microsoft today ended support for old versions of Internet Explorer, including IE8, IE9, and IE10, as well as Windows 8. For the browsers, the company has also released a final patch (KB3123303) that includes the latest cumulative security updates and an "End of Life" upgrade notification. In short, the final patch will nag Windows 7 and Windows Server 2008 R2 users to upgrade to Internet Explorer: A new tab will automatically open the download IE page. It doesn’t appear Microsoft has plans to push similar notifications for Vista, Windows Server 2008, or Windows Server 2008 R2 users, but this isn’t too surprising: They can’t upgrade to IE11 or Edge without upgrading their operating system. While support for Windows 8 has ended, Windows 8.1 will have Mainstream Support until January 9, 2018 and Extended Support until January 10, 2023.
Science

The 40,000-Mile Volcano (nytimes.com) 38

Posted by Soulskill from the because-topology dept.
An anonymous reader writes: The NY Times reports on one of the wonders of the underwater world: the extensive web of volcanoes and hydrothermal vents present where tectonic plates meet and grind against one another. "Welcome to one of the planet's most obscure but important features, known rather prosaically as the midocean ridges. Though long enough to circle the moon more than six times, they receive little notice because they lie hidden in pitch darkness." The magma seeping through these cracks generate massive amounts of heat — enough to sustain incredible ecosystems.

But as scientists have gained a deeper understanding of this geological phenomenon, they realize it's more chaotic than they had imagined. "The old idea was that the eruptions of oozing lava and related activity occurred at fairly steady rates. Now, studies hint at the existence of outbursts large enough to influence not only the character of the global sea but the planet's temperature. Experts believe the activity may carry major repercussions because the oceanic ridges account for some 70 percent of the planet's volcanic eruptions. By definition, that makes them enormous sources of heat and exotic minerals as well as such everyday gases as carbon dioxide, which all volcanoes emit."
Networking

SSH Backdoor Found In Fortinet Firewalls (arstechnica.com) 44

Posted by Soulskill from the it's-not-a-bug,-it's-a-feature-we-were-embarrassed-to-mention dept.
An anonymous reader writes: The IT community was shaken a few weeks ago when Juniper Networks firewalls were found to contain "unauthorized code" that seemed to enable a backdoor. Now, Fortinet firewalls have been found to contain an apparent SSH backdoor as well. "According to the exploit code, the undisclosed authentication works on versions 4.3 up to 5.0.7. If correct, the surreptitious access method was active in FortiOS versions current in the 2013 and 2014 time frame and possibly earlier, based on this rough release history. The weakness was eventually patched, but so far, researchers have been unable to locate a security advisory that disclosed the alternative authentication method or the hard-coded password." A spokesperson for Fortinet told El Reg, "This was not a 'backdoor' vulnerability issue but rather a management authentication issue."
Media

BBC Confirms 50% Bitrate Savings For H.265/HEVC Vs H.264/AVC (bbc.co.uk) 48

Posted by Soulskill from the just-a-half-bit-better dept.
An anonymous reader writes: A research team from the BBC has done a series of tests to confirm earlier computations showing a ~50% savings in bit rate for H.265/HEVC compared to video using H.264/AVC at comparable quality. "The subjective tests used a carefully selected set of coded video sequences at four different picture sizes: UHD (3840x2160 and 4096x2048), 1080p (1920x1080), 720p (1280x720) and 480p (832x480), at frame rates of 30Hz, 50Hz, or 60Hz. The video content was chosen to represent diverse spatial and temporal characteristics, and then coded using HEVC and AVC standards at a wide span of bit rates producing a variety of quality levels." Here is the full published analysis. "The tests confirmed the significant compression efficiency improvements achieved in HEVC, verifying the results previously reported using objective quality metrics (PSNR based methods)." The team did not test against VP9, which is shaping up to be an impressive standard as well.
Video Bytes view more
Facebook

India Telecom Regulator Pooh-Poohs Facebook's Orchestrated Lobbying Campaign 19

Posted by Soulskill from the don't-come-'round-with-those-fancy-templates dept.
theodp writes: After India's telecom regulator asked a local company to temporarily stop Facebook's Free Basics service amid questions about whether it violates net neutrality, Facebook launched a controversial lobbying campaign, encouraging FB users to write to the Telecom Regulatory Authority of India (TRAI), which oversees the country's Internet policy, urging the service be preserved. As of Jan. 7, the deadline for accepting comments, the regulator said it had received nearly two million comments from accounts affiliated with the site, including the domain names "@supportfreebasics.in" and "@facebookmail."

But many of these comments, the regulator said in a statement, are "basically template responses and the content are identical in nature." TRAI's we-ain't-buying-it response to the orchestrated flood of millions of comments (from both sides) differs markedly from the U.S. Dept. of Homeland Security, which recently told the Court (PDF) it couldn't possibly comply with a Judge's six-month deadline to address issues with the OPT STEM Extension Program because it was overwhelmed by "the approximately 50,500 comments" (about what the average Slashdot reader reviews in a day!) from individuals urged on by the White House and other organizations. By the way, among the comments received by DHS was one from NAFSA — the lobbying powerhouse that represents 3,500 colleges and universities — calling for DHS to have OPT extensions expanded to include all fields of study (PDF).
Social Networks

Kentucky Bill: Wait an Hour Before Posting Injuries To Social Media (kentucky.com) 163

Posted by Soulskill from the how-about-some-legislation-against-being-a-jerkbag dept.
An anonymous reader writes: A Kentucky state representative is developing an unusual piece of legislation. It would impose a delay on people posting about an event on social media if the event resulted in serious injury. Users caught violating this law would face fines ranging from $20-$100. It wouldn't restrict media, victims, or first responders — just bystanders. Representative John Carney says, "It's purely my intent to get a discussion going out there, asking people to be more respectful about what they put on social media. We've had some incidents, including one in my community, and I'd hate for anyone to learn about the loss of a loved one through social media."

Opponents of the bill point out the difficulty in determining who qualifies as "media" in the age of social networks, not to mention the potential conflict with the First Amendment. Carney recognizes the difficulty, and says he doesn't intend to push the bill immediately, but notes that he's trying to solve a real problem. Tiger Robinson, a local public safety director, said, "There have been times we've been pulling bodies out of cars and these people are standing there, snapping pictures on their phones to post on Facebook. It's just not right."
Medicine

Major Health Organization Stops Forcing Doctors To Adopt New Technology (internalmedicinenews.com) 78

Posted by Soulskill from the who-doesn't-want-to-receive-a-diagnosis-via-tweet? dept.
nbauman writes: The administrator of the Centers for Medicare & Medicaid Services, told an investors' conference that they will be backing off the unpopular requirement that doctors show "meaningful use" of their new computer systems. Andy Slavitt, acting administrator, admitted that "physician burden and frustration levels are real. Programs that are designed to improve often distract. Done poorly, measures are divorced from how physicians practice and add to the cynicism that the people who build these programs just don't get it."

Dr. James L. Madara, CEO of the American Medical Association, agreed that EHRs were having a negative impact on physicians' practices. Many physicians are spending at least two hours each workday using their EHR and may click up to 4,000 times per 8-hour shift, he said. Instead, CMS will reward health care providers for patient outcomes through the merit-based incentive pay systems created by last year's Medicare Access and CHIP Reauthorization Act (MACRA) legislation.CMS is calling on the private sector to create apps and analytic tools that will keep data secure while fostering true and widespread interoperability.
Crime

Preparing Countermeasures For Terror Attacks Using Drones (remotecontrolproject.org) 84

Posted by Soulskill from the let's-build-our-own-drones-with-guns-and-AI! dept.
An anonymous reader writes: You can add terrorist-controlled drones to the list of dangers we need to be prepared for, says the Oxford Research Group. Its new report contains information about over 200 current and upcoming unmanned aerial, ground and marine systems, and evaluates their capabilities for delivering payloads (e.g. explosive devices), imaging capabilities (e.g. for reconnaissance purposes), and their general capabilities. Even though the report notes that commercial drones have a limited flight time, range of movement, and payload capacity, and that their operators still have to be relatively close to a potential target, the researchers are particularly worried about the possibility of drones being used as remotely controlled explosive devices. They say, "The technology of remote-control warfare is impossible to control; the ultimate defence is to address the root drivers of the threat in the first place."
Security

Trend Micro Flaw Could Have Allowed Attacker To Steal All Passwords (csoonline.com) 49

Posted by Soulskill from the of-barn-doors-and-horses dept.
itwbennett writes: Trend Micro has released an automatic update fixing the problems in its antivirus product that Google security engineer Tavis Ormandy discovered could allow "anyone on the internet [to] steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction." The password manager in Trend's antivirus product is written in JavaScript and opens up multiple HTTP remote procedure call ports to handle API requests, Ormandy wrote. Ormandy says it took him 30 seconds to find one that would accept remote code. He also found an API that allowed him to access passwords stored in the manager. This is just the latest in a string of serious vulnerabilities that have been found in antivirus products in the last seven months.
Intel

Intel's Clear Linux Distribution Offers Fast Out-Of-The-Box Performance (phoronix.com) 100

Posted by timothy from the new-to-me dept.
An anonymous reader writes: In a 10-way Linux distribution battle including OpenSUSE, Debian, Ubuntu, Fedora, and others, one of the fastest out-of-the-box performers was a surprising contender: Intel's Clear Linux Project that's still in its infancy. Clear Linux ships in an optimized form for delivering best performance on x86 hardware with enabling many compiler optimizations by default, highly-tuned software bundles, function multi-versioning for the most performant code functions based upon CPU, AutoFDO for automated feedback-direct optimizations and other performance-driven features. Clear Linux is a rolling-release-inspired distribution that issues new versions a few times a day and is up to version 5700.
Space

The Hardware That Searches For Dark Matter (hackaday.com) 81

Posted by timothy from the secret-underground-layer dept.
szczys writes: Deep in a gold mine in South Dakota the Large Underground Xenon experiment waits in the darkness for a tiny flash of light that signals that dark matter actually exists. So far we theorize that it does exist, and have gone to great lengths to build hardware to detect dark matter. Very cold, very pure liquid Xenon sits waiting for a dark matter particle to strike the nucleus of a Xenon molecule, producing a distinct pattern of photons through scintillation. An array of photomultiplier tubes detect the photons, whose pattern is processed by FPGAs on custom boards connected using HDMI. The experiment has generated a list of properties not possessed by dark matter; running for several years no evidence of the particles interacting with the Xenon have been found. But when the data collection concludes this year, a much larger version of the impressive hardware will be built.
Privacy

ATF Puts Up Surveillance Cameras Around Seattle ... To Catch Illegal Grease Dump (muckrock.com) 165

Posted by timothy from the call-your-block-committee-chairperson dept.
v3rgEz writes: Last summer, Seattleites noticed that utility polls around town were showing some odd growths: A raft of surveillance cameras that, under Seattle's strict surveillance equipment laws, shouldn't have been there without disclosure and monitoring. But Seattle Police said that they weren't theirs, and one enterprising citizen followed up with a series of public records requests, only to discover that they were actually the ATF's cameras — on the watch for grease dumpers. Now the requester is fighting for the full list of federal surveillance watching over Seattle, and answers to how often federal agencies pursue what appear to be purely local crimes.
Biotech

First Children Have Been Diagnosed In 100,000 Genomes Project (bbc.com) 63

Posted by timothy from the steps-into-the-future dept.
Zane C. writes: The 100,000 Genomes project, an organization dedicated to diagnosing and researching rare genetic disorders, has just diagnosed its first 2 patients. After painstakingly analyzing about 3 billion base pairs from the parents of one young girl, and the girl herself, "doctors told them the genetic abnormality — in a gene called KDM5b — had been identified". The new information will not yet change the way the young girl, named Georgia, is treated, but it opens up a path for future treatments. For the other girl, Jessica, the genetic analysis provided enough information to diagnose and begin a new treatment. A mutation had occurred "[causing] a condition called Glut1 deficiency syndrome in which the brain cannot get enough energy to function properly." Jessica's brain specifically had not been able to obtain enough sugar to power her brain cells, and as such, doctors prescribed a high fat diet to give her brain an alternate energy source. She has already begun showing improvement.
Power

Explosion-Proof Lithium-Ion Battery Shuts Down At High Temperatures (thestack.com) 58

Posted by timothy from the graceful-failure dept.
An anonymous reader writes: Scientists have designed a lithium-ion battery that self-regulates according to temperature, to prevent itself from overheating. Reaching extreme temperatures, the battery is able to shut itself down, only restarting once it has cooled. The researchers designed the battery to shut down and restart itself over a repeated heating and cooling cycle, without compromising performance. A polyethylene film is applied to one of the electrodes, which expands and shrinks depending on temperature, to create a conductive/non-conductive material.

Slashdot Top Deals