Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - US Attorney General says US, allies should invest in Nokia & Ericsson (reuters.com)

mikeebbbd writes: According to Reuters, US Attorney General William Barr, in a speech on February 6, 2020, said that the US and its allies should invest in Nokia and Ericsson to counter the Huawei threat.

One wonders: where and by what subsidiary/affiliate are those companies' equipment produced? "Nokia" retail cell phones, for instance, are produced in China (like early all cell phones) by HMD.

Submission + - SPAM: Is a vegan diet killing your IQ? 11

omfglearntoplay writes: The vegan diet is low in â" or, in some cases, entirely devoid of â" several important brain nutrients. Could these shortcomings be affecting vegans' abilities to think?

To see how crucial B12 is for the brain, take what happens when we donâ(TM)t get enough of it. In children, the consequences of B12 deficiency can be life-altering. âoeThere are some tragic cases of children whose brains failed to develop because of their parents being ill-informed vegans,â says Benton. In one example, the child was unable to sit or smile. In another, they slipped into a coma.

Later in life, the amount of B12 in a personâ(TM)s blood has been directly correlated with their IQ. In the elderly, one study found that the brains of those with lower B12 were six times more likely to be shrinking.

Even so, low B12 is widespread in vegans. One British study found that half of the vegans in their sample were deficient. In some parts of India, the problem is endemic â" possibly as a consequence of the popularity of meat-free diets.

For example, one 2007 study found that giving young women iron supplements led to significant intellectual gains.

Link to Original Source

Submission + - Chrome Web Store Flooded With Fraudulent Transactions (zdnet.com)

An anonymous reader writes: The Google security team has indefinitely suspended the publishing or updating of any commercial Chrome extensions on the official Chrome Web Store following a spike in the number of paid extensions engaging in fraudulent transactions. Google said the wave of fraudulent transactions began earlier this month. Google engineers described the fraudulent transactions as happening "at scale."

"This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse," said Simeon Vincent, Developer Advocate for Chrome Extensions at Google.

The ban on publishing or updating impacts all paid extensions. This includes Chrome extensions that require paying a fee before installing, extensions that work based on monthly subscriptions, or Chrome extensions that use one-time in-app purchases to get access to various features. Existing commercial extensions are still available for download via the official Chrome Web Store, however, extension developers can't push new updates.

Submission + - Intel Is Patching Its 'Zombieload' CPU Security Flaw For the Third Time (engadget.com)

An anonymous reader writes: For the third time in less than a year, Intel has disclosed a new set of vulnerabilities related to the speculative functionality of its processors. On Monday, the company said it will issue a software update "in the coming weeks" that will fix two more microarchitectural data sampling (MDS) or Zombieload flaws. This latest update comes after the company released two separate patches in May and November of last year.

Compared to the MDS flaws Intel addressed in those two previous patches, these latest ones have a couple of limitations. To start, one of the vulnerabilities, L1DES, doesn't work on Intel's more recent chips. Moreover, a hacker can't execute the attack using a web browser. Intel also says it's "not aware" of anyone taking advantage of the flaws outside of the lab.

Submission + - New Plundervolt Attack Impacts Intel Desktop, Server, and Mobile CPUs (zdnet.com)

An anonymous reader writes: Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs. The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor's voltage and frequency — the same interface that allows gamers to overclock their CPUs. Academics say they discovered that by tinkering with the amount of voltage and frequency a CPU receives, they can alter bits inside SGX to cause errors that can be exploited at a later point after the data has left the security of the SGX enclave.

They say Plundervolt can be used to recover encryption keys or introduce bugs in previously secure software. Intel desktop, server, and mobile CPUs are impacted. A full list of vulnerable CPUs is available here. Intel has also released microcode (CPU firmware) and BIOS updates today that address the Plundervolt attack by allowing users to disable the energy management interface at the source of the attack, if not needed.

Submission + - 20 Low-End VPS Providers Shutting Down in a 'Deadpooling' Scam (zdnet.com)

An anonymous reader writes: At least 20 web hosting providers have hastily notified customers today, Saturday, December 7, that they plan to shut down on Monday, giving their clients two days to download data from their accounts before servers are shut down and wiped clean. No refunds are being provided. As several users have pointed out, the VPS providers don't list physical addresses, don't list proper business registration information, and have no references to their ownership.

A source in the web hosting industry who wanted to remain anonymous told ZDNet that what happened this weekend is referred to as "deadpooling" — namely, the practice of setting up a small web hosting company, providing ultra-cheap VPS servers for a few dollars a month, and then shutting down a few months later, without refunding customers. "This is a systemic issue within the low-end market, we call it deadpooling," the source told us. "It doesn't happen often at this scale, however."

The 20 companies are: ArkaHosting, Bigfoot Servers, DCNHost, HostBRZ, HostedSimply, Hosting73, KudoHosting, LQHosting, MegaZoneHosting, n3Servers, ServerStrong, SnowVPS, SparkVPS, StrongHosting, SuperbVPS, SupremeVPS, TCNHosting, UMaxHosting, WelcomeHosting, X4Servers

Submission + - VPN Breaking Zero Day Effective Against Many *nix Systems Discovered

An anonymous reader writes: A vulnerability that affects many VPN implementations across a variety of *nix systems had been documented. Linux, Android, OSX/iOS, and OpenBSD are all affected while the vulnerability affects even hardened VPN implementations like WireGuard and IKEv2/IPSec. Mitigating the vulnerability appears especially difficult on IPv6 and mobile data connections.

Submission + - Volkswagen headquarters raided again over diesel scandal (reuters.com)

McGruber writes: Reuters is reporting that German public prosecutors have again raided the Wolfsburg headquarters of Volkswagen in the latest investigation into the carmaker’s diesel emissions scandal.

Volkswagen, which admitted in 2015 to cheating U.S. emissions tests on diesel engines, said it was fully cooperating with the authorities, but viewed the investigation as unfounded. Volkswagen said the raids were linked to an investigation into diesel cars with engine type EA 288, a successor model to the EA 189 which was at the heart of the test cheating scandal. In simulations, vehicles with the EA 288 engine did not indicate a failure of the diesel filter, while still complying with emissions limits, Volkswagen said, adding the engine did not have an illegal defeat device.

Submission + - New Iranian Wiper Discovered In Attacks On Middle Eastern Companies (arstechnica.com)

An anonymous reader writes: IBM X-Force, the company's security unit, has published a report of a new form of "wiper" malware connected to threat groups in Iran and used in a destructive attack against companies in the Middle East. The sample was discovered in a response to an attack on what an IBM spokesperson described as "a new environment in the [Middle East]—not in Saudi Arabia, but another regional rival of Iran." Dubbed ZeroCleare, the malware is "a likely collaboration between Iranian state-sponsored groups," according to a report by IBM X-Force researchers. The attacks were targeted against specific organizations and used brute-force password attacks to gain access to network resources. The initial phase of the attacks was launched from Amsterdam IP addresses owned by a group tied to what IBM refers to as the "ITG13 Group"—also known as "Oilrig" and APT34. Another Iranian threat group may have used the same addresses to access accounts prior to the wiper campaign.

In addition to brute force attacks on network accounts, the attackers exploited a SharePoint vulnerability to drop web shells on a SharePoint server. These included China Chopper, Tunna, and another Active Server Pages-based webshell named "extensions.aspx," which "shared similarities with the ITG13 tool known as TWOFACE/SEASHARPEE," the IBM researchers reported. They also attempted to install TeamViewer remote access software and used a modified version of the Mimikatz credential-stealing tool—obfuscated to hide its intent—to steal more network credentials off the compromised servers. From there, they moved out across the network to spread the ZeroCleare malware.

Submission + - Rivers could generate 2000 nuclear power plants of energy with 'blue' membrane (sciencemag.org)

sciencehabit writes: Green energy advocates may soon be turning blue. A new membrane could unlock the potential of “blue energy,” which uses chemical differences between fresh- and saltwater to generate electricity. If researchers can scale up the postage stamp–size membrane in an affordable fashion, it could provide carbon-free power to millions of people in coastal nations where freshwater rivers meet the sea.

Blue energy’s promise stems from its scale: Rivers dump some 37,000 cubic kilometers of freshwater into the oceans every year. This intersection between fresh- and saltwater creates the potential to generate lots of electricity—2.6 terawatts, according to one recent estimate, roughly the amount that can be generated by 2000 nuclear power plants. By pumping positive ions to the other side of a semipermeable membrane, researchers can create two pools of water: one with a positive charge, and one with a negative charge. If they then dunk electrodes in the pools and connect them with a wire, electrons will flow from the negatively charged to the positively charged side, generating electricity.

Submission + - SPAM: UIGHUR Act prohibits the export of certain US technologies

schwit1 writes: The bill would tighten export controls on China-bound US technology that could be used to “suppress individual privacy, freedom of movement and other basic human rights”.

The bill passed by the House on Tuesday is more committal, ordering the US president, within four months of the legislation’s enactment, to submit to Congress a list of Chinese officials deemed responsible for, or complicit in, human rights abuses in Xinjiang.

The UIGHUR Act also demands that, on the same day, those individuals are subject to sanctions under the Global Magnitsky Act, seizing their US-based assets and barring them from entry onto US soil.

Link to Original Source

Submission + - US shows a 'concerning lack of regard for the privacy of people's biometrics' (betanews.com)

Mark Wilson writes: When it comes to the extensive and invasive use of biometric data, the USA is one of the worst offenders in the world, faring only slightly better than China.

According to research conducted by Comparitech, which rated 50 countries according to how, where and why biometrics were taken and how they are stored, the US ranked as the fourth worst country. Topping the list is China, followed by Malaysia and Pakistan.

Submission + - New Cars' Pedestrian-Safety Features Fail In Deadliest Situations, Study Finds (wsj.com)

An anonymous reader writes: New safety features being rolled out by auto makers to keep drivers from hitting pedestrians don’t work at times in some of the most dangerous situations and frequently fail at night, according to a new study by AAA. Testing performed by the association found that pedestrian-detection technology offered in four different models performed inconsistently and didn’t activate properly after dark, when many roadway deaths occur. The uneven performance highlights the challenges the auto industry faces as it looks to automate more of the car’s driving functions and roll out new crash-avoidance technologies that rely on sensors and software to detect road hazards.

For the AAA study, testers picked four sedan models—the Chevrolet Malibu, Honda Accord, Toyota Camry and Tesla Model 3—and put the cars through scenarios meant to replicate some of the most dangerous situations for pedestrians. One test, for instance, simulates a child darting out from between parked cars, and another involves an adult crossing the road as the vehicle turns right. At 20 miles an hour, the cars struggled with each test, AAA found. The child was struck 89% of the time, and all of the cars hit the pedestrian dummy after making a right turn. The systems were generally ineffective if the car was going 30 mph. The systems were also completely ineffective at night, Mr. Brannon said, the deadliest time for pedestrians. Three-quarters of all pedestrian fatalities occur after dark, according to AAA. When testers drove the cars directly at a dummy crossing the road in the dark, however, the system failed not only to stop or slow the car but also to provide any alert of a pedestrian’s presence before a collision.

Submission + - Stack Exchange Removes Moderator for Preferred Pronouns Policy (theregister.co.uk)

An anonymous reader writes: Stack Exchange appears to have fallen prey to the trend of abusing volunteers with arbitrary requirements in upcoming changes to their Code of Conduct. At issue appears to be a long-time moderators requests for clarification whether or not gender-neutral pronouns were acceptable as a default practice, or if the new changes would mandate researching a users preferred pronouns first before interacting with them.

https://judaism.meta.stackexch...

The moderator was dismissed without warning, prompting a number of high-profile resignations by volunteer moderators, particularly after a non-specific and weak response by the Stack Exchange employee who made the revocation decision.

Slashdot Top Deals

HEAD CRASH!! FILES LOST!! Details at 11.

Working...