Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Polls on the front page of Slashdot? Is the world coming to an end?! Nope; read more about it. ×

+ - SourceForge MITM Projects-> 2

Submitted by lister king of smeg
lister king of smeg writes: What happened?

SourceForge, once a trustworthy source code hosting site, started to place misleading ads (like fake download buttons) a few years ago. They are also bundling third-party adware/malware directly with their Windows installer.

Some project managers decided to leave SourceForge – partly because of this, partly just because there are better options today. SF staff hijacked some of these abandoned accounts, partly to bundle the crapware with their installers. It has become just another sleazy garbage site with downloads of fake antivirus programs and such.

How can I help?

If you agree that SourceForge is in fact distributing malicious software under the guise of open source projects, report them to google. Ideally this will help remove them from search results, prevent others from suffering their malware and provide them with incentive to change their behavior.

As this story has been submitted several times in the past several days, by various submitter and is going around various other tech forums( https://news.ycombinator.com/i... , https://soylentnews.org/articl... , https://www.reddit.com/r/progr... ,) this submitter wonders has our shared "glorious Dice Corporate overloads" been shooting this story down?
Link to Original Source

+ - SourceForge assumes ownership of GIMP For Win, wraps installer in adware->

Submitted by Anonymous Coward
An anonymous reader writes: It appears that SourceForge is assuming control of all projects that appear "abandoned." In a blog update on their site, they responded saying in part "There has recently been some report that the GIMP-Win project on SourceForge has been hijacked; this project was actually abandoned over 18 months ago, and SourceForge has stepped-in to keep this project current. "

SourceForge is now offering "to establish a program to enable users and developers to help us remove misleading and confusing ads."

Link to Original Source

+ - Ways to travel faster than light without violating relativity

Submitted by StartsWithABang
StartsWithABang writes: It’s one of the cardinal laws of physics and the underlying principle of Einstein’s relativity itself: the fact that there’s a universal speed limit to the motion of anything through space and time, the speed of light, or c. Light itself will always move at this speed (as well as certain other phenomena, like the force of gravity), while anything with mass — like all known particles of matter and antimatter — will always move slower than that. But if you want something to travel faster-than-light, you aren’t, as you might think, relegated to the realm of science fiction. There are real, physical phenomena that do exactly this, and yet are perfectly consistent with relativity.

Comment: Netcraft confirmed! (Score 2, Funny) 244

by sinij (#49787933) Attached to: In a 5-star rating scheme, the new Mad Max film ...
It is now official. Netcraft has confirmed: /. is dead

One more crippling bombshell hit the already beleaguered /. community when polls start showing as articles. /. market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that /. has lost more market share, this news serves to reinforce what we've known all along. /. is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent comprehensive test.

+ - Insurer denies healthcare breach claim citing lack of minimum required practices->

Submitted by chicksdaddy
chicksdaddy writes: In what may become a trend, an insurance company is denying a claim from a California healthcare provider following the leak of data on more than 32,000 patients. The insurer, Columbia Casualty, charges that Cottage Health System did an inadequate job of protecting patient data.

In a complaint filed in U.S. District Court in California, Columbia alleges that the breach occurred because Cottage and a third party vendor, INSYNC Computer Solution, Inc. failed to follow “minimum required practices,” as spelled out in the policy. Among other things, Cottage “stored medical records on a system that was fully accessible to the internet but failed to install encryption or take other security measures to protect patient information from becoming available to anyone who ‘surfed’ the Internet,” the complaint alleges.

Disputes like this may become more common, as insurers anxious to get into a cyber insurance market that's growing by about 40% annually use liberally written exclusions to hedge against 'known unknowns' like lax IT practices, pre-existing conditions (like compromises) and so on. (http://www.itworld.com/article/2839393/cyber-insurance-only-fools-rush-in.html)

Link to Original Source

+ - Code Injection: A New Low for ISPs

Submitted by snydeq
snydeq writes: Beyond underhanded, Comcast and other carriers are inserting their own ads and notifications into their customers’ data streams, writes The Deep End's Paul Venezia. 'Comcast and other ISPs “experimenting” with data caps inject JavaScript code into their customers’ data streams in order to display overlays on Web pages that inform them of data cap thresholds. They’ll even display notices that your cable modem may be eligible for replacement. And you can't opt out,' Venezia writes. 'Think about it for a second: Your cable provider is monitoring your traffic and injecting its own code wherever it likes. This is not only obtrusive, but can cause significant problems with normal Web application function. It’s abhorrent on its face, but that hasn’t stopped companies from developing and deploying code to do it.'

+ - Can Bad Scientific Practice Be Fixed? 3

Submitted by HughPickens.com
HughPickens.com writes: Richard Horton writes in that a recent symposium on the reproducibility and reliability of biomedical research discussed one of the most sensitive issues in science today: the idea that something has gone fundamentally wrong with science (PDF), one of our greatest human creations. The case against science is straightforward: much of the scientific literature, perhaps half, may simply be untrue. Afflicted by studies with small sample sizes, tiny effects, invalid exploratory analyses, and flagrant conflicts of interest, together with an obsession for pursuing fashionable trends of dubious importance, science has taken a turn towards darkness. According to Horton, editor-in-chief of The Lancet, a United Kingdom-based medical journal, the apparent endemicity of bad research behaviour is alarming. In their quest for telling a compelling story, scientists too often sculpt data to fit their preferred theory of the world or retrofit hypotheses to fit their data.

Can bad scientific practices be fixed? Part of the problem is that no-one is incentivized to be right. Instead, scientists are incentivized to be productive and innovative. Tony Weidberg says that the particle physics community now invests great effort into intensive checking and rechecking of data prior to publication following several high-profile errors,. By filtering results through independent working groups, physicists are encouraged to criticize. Good criticism is rewarded. The goal is a reliable result, and the incentives for scientists are aligned around this goal. "The good news is that science is beginning to take some of its worst failings very seriously," says Horton. "The bad news is that nobody is ready to take the first step to clean up the system."

Comment: InfoSec implications of AI (Score 1) 417

by sinij (#49765849) Attached to: What AI Experts Think About the Existential Risk of AI
I am Information Security practitioner and not an expert in this field, because nobody is. My experiences is that nobody knows what they are doing, most information systems are not secure in mistaken belief that nobody would bother breaking them, others are just secure enough to deter low-knowledge attacks. Almost everyone practices what is known proportional value deterrent, but treat high-value systems as truly isolated when so many side-channels exist.

If malicious AI ever shows up, we are screwed. We have zero hope of securing any information system from it. The only hope is that it won't end us because there is a good chance that a lot of hardware that AI might need will go dark.

I do not fear computers. I fear the lack of them. -- Isaac Asimov

Working...