pankkake - Slashdot User

Comment Re:I was with them until.... (Score 1) 140

by jasonwc on Sunday September 20, 2020 @06:38PM (#60525612) Attached to: US Judge Blocks Attempt to Ban WeChat

It's not just chat software either. The Internet in China is very different than the Internet in the rest of the world. For me, it's virtually worthless without a VPN. When I was last in China, the two largest VPN services that advertise service in China (ExpressVPN and NordVPN) didn't work for an entire week because it was a politically sensitive period. Thankfully, an OpenVPN server I hosted worked fine. Almost all of the most popular sites in the US are blocked including all of Google/Alphabet's sites, Facebook, Wikipedia etc. Here's a list: https://en.wikipedia.org/wiki/...

Comment Re:I was with them until.... (Score 3, Informative) 140

by jasonwc on Sunday September 20, 2020 @06:35PM (#60525606) Attached to: US Judge Blocks Attempt to Ban WeChat

That's likely because you aren't in mainland China. Many of the commonly used chat applications in the US are banned in mainland China. For example, WhatsApp, Facebook Messenger, and Telegram are banned. Signal is not banned but it has very little usage among the population in mainland China, which is likely why it hasn't been banned. iMessage can be used but Apple controls the key management, which means the government can likely compel them to hand over keys for Chinese devices. Moreover, iPhones are much more prevalent in the US than in China. WeChat has a billion users - virtually everyone in China uses it - it's a chat, payment, and social media platform, and can even be used to pay your subway or cab fare in Shanghai. Moreover, for individuals with limited or no English proficiency, the options may be even further limited. The point is that chat software is only useful if the people you want to speak to are also using it. For communicating with people in China, there's no more prevalent app than WeChat. That doesn't mean it's not used for surveillance or propaganda. It's the only app I know of where your messages are censored in real time. Send a message about a controversial topic and it may never be delivered. You also may be interrogated the next time you enter China. It's a horrible app. Nonetheless, for many Chinese-Americans, it's essential for communicating with their family in Mainland China. Thankfully, a US-purchased device can use the US app store in China. US-purchased device + VPN to Tokyo = access to any software you wish to use.

Submission + - US Attorney General says US, allies should invest in Nokia & Ericsson (reuters.com)

Submitted by mikeebbbd on Thursday February 06, 2020 @01:04PM

mikeebbbd writes: According to Reuters, US Attorney General William Barr, in a speech on February 6, 2020, said that the US and its allies should invest in Nokia and Ericsson to counter the Huawei threat.

One wonders: where and by what subsidiary/affiliate are those companies' equipment produced? "Nokia" retail cell phones, for instance, are produced in China (like early all cell phones) by HMD.

Submission + - SPAM: Is a vegan diet killing your IQ? 11

Submitted by omfglearntoplay on Wednesday January 29, 2020 @06:42PM

omfglearntoplay writes: The vegan diet is low in â" or, in some cases, entirely devoid of â" several important brain nutrients. Could these shortcomings be affecting vegans' abilities to think?

To see how crucial B12 is for the brain, take what happens when we donâ(TM)t get enough of it. In children, the consequences of B12 deficiency can be life-altering. âoeThere are some tragic cases of children whose brains failed to develop because of their parents being ill-informed vegans,â says Benton. In one example, the child was unable to sit or smile. In another, they slipped into a coma.

Later in life, the amount of B12 in a personâ(TM)s blood has been directly correlated with their IQ. In the elderly, one study found that the brains of those with lower B12 were six times more likely to be shrinking.

Even so, low B12 is widespread in vegans. One British study found that half of the vegans in their sample were deficient. In some parts of India, the problem is endemic â" possibly as a consequence of the popularity of meat-free diets.

For example, one 2007 study found that giving young women iron supplements led to significant intellectual gains.
Link to Original Source

Submission + - Chrome Web Store Flooded With Fraudulent Transactions (zdnet.com)

Submitted by Anonymous Coward on Wednesday January 29, 2020 @09:24AM

An anonymous reader writes: The Google security team has indefinitely suspended the publishing or updating of any commercial Chrome extensions on the official Chrome Web Store following a spike in the number of paid extensions engaging in fraudulent transactions. Google said the wave of fraudulent transactions began earlier this month. Google engineers described the fraudulent transactions as happening "at scale."

"This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse," said Simeon Vincent, Developer Advocate for Chrome Extensions at Google.

The ban on publishing or updating impacts all paid extensions. This includes Chrome extensions that require paying a fee before installing, extensions that work based on monthly subscriptions, or Chrome extensions that use one-time in-app purchases to get access to various features. Existing commercial extensions are still available for download via the official Chrome Web Store, however, extension developers can't push new updates.

Submission + - OpenBSD Mail Server Allows Remotely Executing Shell Commands As Root 1

Submitted by Anonymous Coward on Tuesday January 28, 2020 @09:53PM

An anonymous reader writes: A remotely exploitable vulnerability for OpenSMTPD originally appearing in the Morris Worm of 1988 has been found. The vulnerability was introduced to OpenBSD's mailserver in May 2018.

Submission + - Intel Is Patching Its 'Zombieload' CPU Security Flaw For the Third Time (engadget.com)

Submitted by Anonymous Coward on Monday January 27, 2020 @05:22PM

An anonymous reader writes: For the third time in less than a year, Intel has disclosed a new set of vulnerabilities related to the speculative functionality of its processors. On Monday, the company said it will issue a software update "in the coming weeks" that will fix two more microarchitectural data sampling (MDS) or Zombieload flaws. This latest update comes after the company released two separate patches in May and November of last year.

Compared to the MDS flaws Intel addressed in those two previous patches, these latest ones have a couple of limitations. To start, one of the vulnerabilities, L1DES, doesn't work on Intel's more recent chips. Moreover, a hacker can't execute the attack using a web browser. Intel also says it's "not aware" of anyone taking advantage of the flaws outside of the lab.

Submission + - New Plundervolt Attack Impacts Intel Desktop, Server, and Mobile CPUs (zdnet.com)

Submitted by Anonymous Coward on Tuesday December 10, 2019 @02:10PM

An anonymous reader writes: Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs. The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor's voltage and frequency — the same interface that allows gamers to overclock their CPUs. Academics say they discovered that by tinkering with the amount of voltage and frequency a CPU receives, they can alter bits inside SGX to cause errors that can be exploited at a later point after the data has left the security of the SGX enclave.

They say Plundervolt can be used to recover encryption keys or introduce bugs in previously secure software. Intel desktop, server, and mobile CPUs are impacted. A full list of vulnerable CPUs is available here. Intel has also released microcode (CPU firmware) and BIOS updates today that address the Plundervolt attack by allowing users to disable the energy management interface at the source of the attack, if not needed.

Submission + - 20 Low-End VPS Providers Shutting Down in a 'Deadpooling' Scam (zdnet.com)

Submitted by Anonymous Coward on Sunday December 08, 2019 @09:53AM

An anonymous reader writes: At least 20 web hosting providers have hastily notified customers today, Saturday, December 7, that they plan to shut down on Monday, giving their clients two days to download data from their accounts before servers are shut down and wiped clean. No refunds are being provided. As several users have pointed out, the VPS providers don't list physical addresses, don't list proper business registration information, and have no references to their ownership.

A source in the web hosting industry who wanted to remain anonymous told ZDNet that what happened this weekend is referred to as "deadpooling" — namely, the practice of setting up a small web hosting company, providing ultra-cheap VPS servers for a few dollars a month, and then shutting down a few months later, without refunding customers. "This is a systemic issue within the low-end market, we call it deadpooling," the source told us. "It doesn't happen often at this scale, however."

The 20 companies are: ArkaHosting, Bigfoot Servers, DCNHost, HostBRZ, HostedSimply, Hosting73, KudoHosting, LQHosting, MegaZoneHosting, n3Servers, ServerStrong, SnowVPS, SparkVPS, StrongHosting, SuperbVPS, SupremeVPS, TCNHosting, UMaxHosting, WelcomeHosting, X4Servers

Submission + - VPN Breaking Zero Day Effective Against Many *nix Systems Discovered

Submitted by Anonymous Coward on Thursday December 05, 2019 @01:55PM

An anonymous reader writes: A vulnerability that affects many VPN implementations across a variety of *nix systems had been documented. Linux, Android, OSX/iOS, and OpenBSD are all affected while the vulnerability affects even hardened VPN implementations like WireGuard and IKEv2/IPSec. Mitigating the vulnerability appears especially difficult on IPv6 and mobile data connections.

Submission + - Volkswagen headquarters raided again over diesel scandal (reuters.com)

Submitted by McGruber on Wednesday December 04, 2019 @08:51PM

McGruber writes: Reuters is reporting that German public prosecutors have again raided the Wolfsburg headquarters of Volkswagen in the latest investigation into the carmaker’s diesel emissions scandal.

Volkswagen, which admitted in 2015 to cheating U.S. emissions tests on diesel engines, said it was fully cooperating with the authorities, but viewed the investigation as unfounded. Volkswagen said the raids were linked to an investigation into diesel cars with engine type EA 288, a successor model to the EA 189 which was at the heart of the test cheating scandal. In simulations, vehicles with the EA 288 engine did not indicate a failure of the diesel filter, while still complying with emissions limits, Volkswagen said, adding the engine did not have an illegal defeat device.

Submission + - New Iranian Wiper Discovered In Attacks On Middle Eastern Companies (arstechnica.com)

Submitted by Anonymous Coward on Wednesday December 04, 2019 @06:41PM

An anonymous reader writes: IBM X-Force, the company's security unit, has published a report of a new form of "wiper" malware connected to threat groups in Iran and used in a destructive attack against companies in the Middle East. The sample was discovered in a response to an attack on what an IBM spokesperson described as "a new environment in the [Middle East]—not in Saudi Arabia, but another regional rival of Iran." Dubbed ZeroCleare, the malware is "a likely collaboration between Iranian state-sponsored groups," according to a report by IBM X-Force researchers. The attacks were targeted against specific organizations and used brute-force password attacks to gain access to network resources. The initial phase of the attacks was launched from Amsterdam IP addresses owned by a group tied to what IBM refers to as the "ITG13 Group"—also known as "Oilrig" and APT34. Another Iranian threat group may have used the same addresses to access accounts prior to the wiper campaign.

In addition to brute force attacks on network accounts, the attackers exploited a SharePoint vulnerability to drop web shells on a SharePoint server. These included China Chopper, Tunna, and another Active Server Pages-based webshell named "extensions.aspx," which "shared similarities with the ITG13 tool known as TWOFACE/SEASHARPEE," the IBM researchers reported. They also attempted to install TeamViewer remote access software and used a modified version of the Mimikatz credential-stealing tool—obfuscated to hide its intent—to steal more network credentials off the compromised servers. From there, they moved out across the network to spread the ZeroCleare malware.

Submission + - Rivers could generate 2000 nuclear power plants of energy with 'blue' membrane (sciencemag.org)

Submitted by sciencehabit on Wednesday December 04, 2019 @05:25PM

sciencehabit writes: Green energy advocates may soon be turning blue. A new membrane could unlock the potential of “blue energy,” which uses chemical differences between fresh- and saltwater to generate electricity. If researchers can scale up the postage stamp–size membrane in an affordable fashion, it could provide carbon-free power to millions of people in coastal nations where freshwater rivers meet the sea.

Blue energy’s promise stems from its scale: Rivers dump some 37,000 cubic kilometers of freshwater into the oceans every year. This intersection between fresh- and saltwater creates the potential to generate lots of electricity—2.6 terawatts, according to one recent estimate, roughly the amount that can be generated by 2000 nuclear power plants. By pumping positive ions to the other side of a semipermeable membrane, researchers can create two pools of water: one with a positive charge, and one with a negative charge. If they then dunk electrodes in the pools and connect them with a wire, electrons will flow from the negatively charged to the positively charged side, generating electricity.

Submission + - SPAM: UIGHUR Act prohibits the export of certain US technologies

Submitted by schwit1 on Wednesday December 04, 2019 @03:40PM

schwit1 writes: The bill would tighten export controls on China-bound US technology that could be used to “suppress individual privacy, freedom of movement and other basic human rights”.

The bill passed by the House on Tuesday is more committal, ordering the US president, within four months of the legislation’s enactment, to submit to Congress a list of Chinese officials deemed responsible for, or complicit in, human rights abuses in Xinjiang.

The UIGHUR Act also demands that, on the same day, those individuals are subject to sanctions under the Global Magnitsky Act, seizing their US-based assets and barring them from entry onto US soil.
Link to Original Source

Submission + - US shows a 'concerning lack of regard for the privacy of people's biometrics' (betanews.com)

Submitted by Mark Wilson on Wednesday December 04, 2019 @09:05AM

Mark Wilson writes: When it comes to the extensive and invasive use of biometric data, the USA is one of the worst offenders in the world, faring only slightly better than China.

According to research conducted by Comparitech, which rated 50 countries according to how, where and why biometrics were taken and how they are stored, the US ranked as the fourth worst country. Topping the list is China, followed by Malaysia and Pakistan.

Slashdot Top Deals