Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Comment Verizon says Nope! We won't do it. (Score 1) 193

ref: http://www.theverge.com/circui...

"In October, Samsung announced a voluntary recall of the Samsung Galaxy Note 7 when it was discovered that all available devices could overheat and pose a safety risk to customers. Since that time, a vast majority of Verizon customers who purchased the Note 7 have replaced their phones with other models.

        Today, Samsung announced an update to the Galaxy Note 7 that would stop the smartphone from charging, rendering it useless unless attached to a power charger. Verizon will not be taking part in this update because of the added risk this could pose to Galaxy Note 7 users that do not have another device to switch to. We will not push a software upgrade that will eliminate the ability for the Note 7 to work as a mobile device in the heart of the holiday travel season. We do not want to make it impossible to contact family, first responders or medical professionals in an emergency situation.

        Verizon and Samsung have communicated the need for customers with a Note 7 to immediately stop using their devices and return or exchange it where they purchased it. Verizon customers with the Note 7 have several options, including an additional $100 from Samsung when purchasing one of their other devices.
"

Submission + - Verizon Refuses To Brick the Samsung Note 7 (theverge.com)

Submitted by caferace
caferace writes: According to this article at The Verge, Verizon has refused to push out the Samsung "No-Charge" update.

"...Today, Samsung announced an update to the Galaxy Note 7 that would stop the smartphone from charging, rendering it useless unless attached to a power charger. Verizon will not be taking part in this update because of the added risk this could pose to Galaxy Note 7 users that do not have another device to switch to. We will not push a software upgrade that will eliminate the ability for the Note 7 to work as a mobile device in the heart of the holiday travel season. We do not want to make it impossible to contact family, first responders or medical professionals in an emergency situation.."
AT&T

'Robocall Strike Force' Proposal Could Stop Caller ID Spoofing (onthewire.io) 97

Posted by EditorDavid from the do-not-call-from dept.
This summer the FCC convened a "Robocall Task Force" to help consumers fight unwanted automated telemarketers, and Wednesday the coalition finally delivered a report recommending a "Do Not Originate" list so carriers could spot spoofed numbers which should be blocked. A trial of the "DNO" list that's been running for the last few weeks on some IRS numbers has resulted in a 90 percent drop in the volume of IRS scam calls, officials from AT&T, which leads the strike force, said during the FCC meeting Wednesday. The carriers on the strike force, which include Sprint, Verizon, and many others, plan to continue testing the DNO list in the coming months, with the intent to fully implement it some time next year...

The strike force members also are working on a system to classify calls into categories, such as political or charity, as a way to give consumers more information before they answer calls from unknown numbers. And, the group said it has developed a working solution for authentication between VoIP applications and traditional landline networks as another way to defeat spoofing from callers in foreign countries.
Early next year they're planning larger tests -- and the strike force has also created a new site describing how to block and report robocalls.
Canada

Police Used Cell Tower Logs To Text 7,500 Possible Crime Witnesses (www.cbc.ca) 153

Posted by EditorDavid from the unlimited-roaming dept.
"Investigators are calling it a 'digital canvass' -- the high-tech equivalent of knocking on thousands of doors for information," reports the CBC, describing how an Ontario police department sent text messages to 7,500 potential witnesses of a homicide using phone numbers from a nearby cell tower's logs. Police obtained the numbers through a court order, and sent two texts -- one in English, and another one in French -- asking recipients to "voluntarily answer a few simple questions..." Slashdot reader itamblyn writes: On one hand, this seems like the natural progression from the traditional approach of canvassing local residents by putting up flyers and knocking on doors. On the other hand, I think one can reasonably ask -- Are we OK with this approach...? Do we want this to happen whenever there is a major crime?
The article adds that the police force "will keep the numbers on file until the killing is solved, officers said at a news conference on Wednesday... Investigators will also consider calling the numbers of people who don't respond voluntarily, but they would be required to obtain another court order to do so."
Communications

NIST Prepares To Ban SMS-Based Two-Factor Authentication (softpedia.com) 150

Posted by BeauHD from the security-risks dept.
An anonymous reader writes: "The U.S. National Institute for Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban of SMS-based Two-Factor Authentication (2FA)," reports Softpedia. The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone number, and because in the case of VoIP connections, SMS messages may be intercepted and not delivered to the phone. The guideline recommends the usage of tokens and software cryptographic authenticators instead. Even biometrics authentication is considered safe, under one condition: "Biometrics SHALL be used with another authentication factor (something you know or something you have)," the guideline's draft reads. The NIST DAG draft reads in part: "If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB using SMS is deprecated, and will no longer be allowed in future releases of this guidance."
Piracy

Fake Gaming Torrents Download Unwanted Apps Instead of Popular Games (helpnetsecurity.com) 92

Posted by msmash from the security-woes dept.
Reader Orome1 writes: If you're looking for torrents to download pirated copies of popular games, be extra careful not to be tricked into downloading malicious and unwanted software instead. According to Symantec researchers, who have been trawling popular torrent websites, there's an active distribution campaign going on that delivers potentially unwanted apps posing as torrents for games like Assassin's Creed Syndicate, The Witcher 3, World of Warcraft: Legion, The Walking Dead: Michonne, and several others. At first glance, the torrent does not seem suspicious -- its size is as small as expected from a torrent file. After saying "Yes" to the UAC security dialogue that asks if they are sure they want to allow the program to make changes to the computer, users end up with a file downloaded from a Google Drive -- a file that is considerably larger than a torrent file (around 3.5 MB) and is obviously an executable.
Security

Fiverr Suffers Six-Hour DDoS Attack After Removing DDoS-For-Hire Listings (softpedia.com) 44

Posted by msmash from the pissing-off-the-wrong-guys dept.
Two days after Fiverr, a marketplace for digital services, removed user listings from its website that advertised DDoS-for-hire services, the company's website suffered a six-hour long DDOS attack. Softpedia reports: The incident took place on the morning of May 27 (European timezones), and the service admitted its problems on its Twitter account. At the time of writing, Fiverr has been back up and functioning normally for more than two hours. Fiverr's problems stem from an Incapsula probe that found DDoS-for-hire ads on its marketplace, available for $5. Incapsula reported the suspicious listings to Fiverr, who investigated the issue and removed the ads. Fiverr first removed all listings advertising blatantly illegal DDoS services, but later also removed the ads offering to "test" a website for DDoS "protection" measures.
Security

Genius' Web Annotations Undermined Web Security (theverge.com) 27

Posted by msmash from the fascinating dept.
New reader BradyDale shares an article on the Verge: Until early May, when The Verge confidentially disclosed the results of my independent security tests, the "web annotator" service provided by the tech startup Genius had been routinely undermining a web browser security mechanism. The web annotator is a tool which essentially republishes web pages in order to let Genius users leave comments on specific passages. In the process of republishing, those annotated pages would be stripped of an optional security feature called the Content Security Policy, which was sometimes provided by the original version of the page. This meant that anyone who viewed a page with annotations enabled was potentially vulnerable to security exploits that would have been blocked by the original site. Though no specific victims have been identified, the potential scope of this bug was broad: it was applied to all Genius users, undermined any site with a Content Security Policy, and re-enabled all blocked JavaScript code. Vijith Assar dives deep into how Genius did this :The primary way Genius annotations are accessed on the web is by adding "genius.it" in front of any URL as a prefix. The genius.it server reads the original content behind the scenes, adds the annotations, and delivers the hybrid content. The Genius version of the page includes a few extra scripts and highlighted passages, but until recently it also eliminated the original page's Content Security Policy. The Content Security Policy is an optional set of instructions encoded in the header of the HTTP connection which tells browsers exactly which sites and servers should be considered safe -- any code which isn't from one of those sites can then be ignored.

Slashdot Top Deals

"Take that, you hostile sons-of-bitches!" -- James Coburn, in the finale of _The_President's_Analyst_

Close