Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Submission + - Hackers Exploit Adobe Flash Vulnerability in Yahoo Ads

vivaoporto writes: According to the report in the New York Times Bits blog, for seven days, hackers used Yahoo’s ad network to send malicious bits of code to computers that visit Yahoo’s collection of heavily trafficked websites.

The attack, which started on July 28, was the latest in a string that have exploited Internet advertising networks, which are designed to reach millions of people online. It also highlighted growing anxiety over a much-used graphics program called Adobe Flash, which has a history of security issues that have irked developers at Silicon Valley companies.

“Right now, the bad guys are really enjoying this,” said Jérôme Segura, a security researcher at Malwarebytes, the security company that uncovered the attack. “Flash for them was a godsend.”

While Yahoo acknowledged the attack, the company said that it was not nearly as big as Malwarebytes had portrayed it to be.

“We take all potential security threats seriously,” a Yahoo spokeswoman said in statement. “With that said, the scale of the attack was grossly misrepresented in initial media reports, and we continue to investigate the issue.”

“In terms of how many people were served a malicious ad, only Yahoo would really know,” Mr. Segura said. But he added: “This is one of the largest attacks we’ve seen in recent months.”

Neither company could say exactly how many people were affected. After news of the attack was revealed, Adobe asked users to update Flash so their computers would no longer be vulnerable.

Submission + - Nokia's HERE maps sold for $3 billion to Audi, BMW and Mercedes

vivaoporto writes: Nokia announced an agreement to sell its HERE digital mapping and location services business to a consortium of leading automotive companies, comprising AUDI AG, BMW Group and Daimler AG (Mercedes brand owner).

The transaction values HERE at an enterprise value of EUR 2.8 billion with a normalized level of working capital and is expected to close in the first quarter of 2016, subject to customary closing conditions and regulatory approvals. Upon closing, Nokia estimates that it will receive net proceeds of slightly above EUR 2.5 billion, as the purchaser would be compensated for certain defined liabilities of HERE currently expected to be slightly below EUR 300 million as part of the transaction. Nokia expects to book a gain on the sale and a related release of cumulative foreign exchange translation differences totaling approximately EUR 1 billion as a result of the transaction.

Once the mapping unit is sold, Nokia will consist of two businesses: Nokia Networks and Nokia Technologies. The first will continue to provide broadband services and infrastructure while the second will work on “advanced technology development and licensing.”

Submission + - Black Boys Were Cut Out of a 2008 NSF Initiative to Get Them in the CS Pipeline

theodp writes: Members of the Congressional Black Caucus, reports Politico, are flying to Silicon Valley next week to press the nation’s biggest tech companies to hire more African-American workers — a sign that the industry’s well-documented diversity problems are starting to generate new political heat in Washington. So perhaps they should know that back in 2008, the National Science Foundation's Broadening Participation in Computing program kicked off its million-dollar New Image For Computing (NIC) initiative, which was supposed to tackle tech's racial diversity problems. "The WGBH Educational Foundation together with the Association of Computing Machinery (ACM) and dozens of partners, proposes a major new initiative to reshape the image of computing among college-bound high school students, with a special focus on Latina girls and African-American boys," read the abstract. But that didn't last long. An interim report bearing the names of the NIC Leadership — including representatives of the NSF, ACM, Microsoft, Intel, NCWIT, Sun, and major U.S. universities — explained that getting black boys in the computer science pipeline was no longer Job #1. "Although the NIC initiative was originally designed to create messages that target college-bound high school students, especially African American males and Hispanic girls," explained the report, "our research shows little racial/ethnic differentiation in young people’s attitudes toward computer science. It does show, however, a significant gender gap. Because of this, the NIC initiative is shifting its focus and will initially concentrate on girls as a special target audience." According to a follow-up Wired story, the NSF money originally earmarked for African-American boys instead helped bring the world Dot Diva, a girls-only website that also received funding from Google, which was launched at a 2010 Microsoft-hosted event (video). And four years later, it was deja-vu-all-over-again, as Google used some of the $90 million it's earmarked for getting girls in the CS pipeline to bring the world Made With Code, a girls-only website, which was launched at a glitzy 2014 Google event (video).

Submission + - Amazon Announces New Car Show Featuring the Old Top Gear Presenters->

mknewman writes: Amazon has announced that Jeremy Clarkson, Richard Hammond and James May will be reuniting to create “an all-new car show” that will be exclusively on Amazon Prime.

The new show will be produced by the old-time Top Gear executive producer Andy Wilman and is scheduled to go into production “shortly.” It will apparently appear on screens in 2016. For what it’s worth, Jeremy Clarkson has said that the move makes him “feel like I’ve climbed out of a bi-plane and into a spaceship.”

Link to Original Source

Submission + - OPM hackers suspected in United Airlines breach->

vivaoporto writes: Bloomberg reports that the hackers who stole data on more than 22 million U.S. insurance holders and government employees in recent months breached another big target at around the same time — United Airlines.

United, the world's second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists — including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem Inc.

The airline is still trying to determine exactly which data was removed from the network, said two of the people familiar with the probe. That assessment took months in the OPM case, which was discovered in April and made public in June.

Besides passenger lists and other flight-related data, the hackers may also have taken information related to United’s mergers and acquisitions strategy, one of the people familiar with the investigation said.

Flight manifests usually contain the names and birthdates of passengers, but even if those files were taken, experts say that would be unlikely to trigger disclosure requirements in any of the 47 states with breach-notification laws.

The timing of the United breach also raises questions about whether it's linked to computer faults that stranded thousands of the airline's passengers in two incidents over the past couple of months. Two additional people close to the probe, who like the others asked not to be identified when discussing the investigation, say the carrier has found no connection between the hack and a July 8 systems failure that halted flights for two hours. They didn't rule out a possible, tangential connection to an outage on June 2.

Link to Original Source

Submission + - Could the Slashdot community take control of Slashdot? 10

turp182 writes: This is intended to be an idea generation story for how the community itself could purchase and then control Slashdot. If this happened I believe a lot of former users would at least come and take a look, and some of them would participate again.

This is not about improving the site, only about aquiring the site.

First, here's what we know:
1. DHI (Dice) paid $20 million for Slashdot, SourceForce, and Freecode, purchased from Geeknet back in 2012:
    http://techcrunch.com/2012/09/...
2. Slashdot has an Alexa Global Rank of 1,689, obtaining actual traffic numbers require money to see:
    http://www.alexa.com/siteinfo/...
3. According to Quantcast, Slashdot has over 250,000 unique monthly views:
    https://www.quantcast.com/slas...
4. Per an Arstechnia article, Slashdot Media (Slashdot and Sourceforge) had 2015Q2 revenues of $1.7 million and have expected full year revenues of $15-$16 million (which doesn't make sense given the quarterly number):
    http://arstechnica.com/informa...

Next, things we don't know:
0. Is Slashdot viable without a corporate owner? (the only question that matters)
1. What would DHI (Dice) sell Slashdot for? Would they split it from Sourceforge?
2. What are the hosting and equipment costs?
3. What are the personnel costs (editors, advertising saleforce, etc.)?
4. What other expenses does the site incur (legal for example)?
5. What is Slashdot's portion of the revenue of Slashdot Media?

These questions would need to be answered in order to valuate the site. Getting that info and performing the valuation would require expensive professional services.

What are possible ways we could proceed?

In my opinion, a non-profit organization would be the best route.

Finally, the hard part: Funding. Here are some ideas.

1. Benefactor(s) — It would be very nice to have people with some wealth that could help.
2. Crowdfunding/Kickstarter — I would contribute to such an effort I think a lot of Slashdotters would contribute. I think this would need to be a part of the funding rather than all of it.
3. Grants and Corporate Donations — Slashdot has a wide and varied membership and audience. We regularly see post from people that work at Google, Apple, and Microsoft. And at universities. We are developers (like me), scientists, experts, and also ordinary (also like me). A revived Slashdot could be a corporate cause in the world of tax deductions for companies.
4. ????
5. Profit!

Oh, the last thing: Is this even a relevant conversation?

I can't say. I think timing is the problem, with generating funds and access to financial information (probably won't get this without the funds) being the most critical barriers. Someone will buy the site, we're inside the top 2,000 global sites per info above.

The best solution, I believe, is to find a large corporate "sponsor" willing to help with the initial purchase and to be the recipient of any crowd sourcing funds to help repay them. The key is the site would have to have autonomy as a separate organization. They could have prime advertising space (so we should focus on IBM...) with the goal would be to repay the sponsor in full over time (no interest please?).

The second best is seeking a combination of "legal pledges" from companies/schools/organizations combined with crowdsourcing. This could get access to the necessary financials.

Also problematic, from a time perspective, a group of people would need to be formed to handle organization (managing fundraising/crowdsourcing) and interations with DHI (Dice). All volunteer for sure.

Is this even a relevant conversation? I say it is, I actually love Slashdot; it offers fun, entertaining, and enlightning conversation (I browse above the sewer), and I find the article selection interesting (this gyrates, but I still check a lot).

And to finish, the most critical question: Is Slashdot financially viable as an independent organization?

Submission + - Plan To Run Anti-Google Smear Campaign Revealed in MPAA Emails

vivaoporto writes: Techdirt reports a plan to run anti-Google smear campaign via Today Show and WSJ discovered in MPAA Emails.

Despite the resistance of the Hollywood studios to comply with the subpoenas obtained by Google concerning their relationship with Mississippi Attorney General Jim Hood (whose investigation of the company appeared to actually be run by the MPAA and the studios themselves) one of the few emails that Google have been able to get access to so far was revealed this Thursday in a filling. It's an email between the MPAA and two of Jim Hood's top lawyers in the Mississippi AG's office, discussing the big plan to "hurt" Google.

The lawyers from Hood's office flat out admit that they're expecting the MPAA and the major studios to have its media arms run a coordinated propaganda campaign of bogus anti-Google stories:

Media: We want to make sure that the media is at the NAAG meeting. We propose working with MPAA (Vans), Comcast, and NewsCorp (Bill Guidera) to see about working with a PR firm to create an attack on Google (and others who are resisting AG efforts to address online piracy). This PR firm can be funded through a nonprofit dedicated to IP issues. The "live buys" should be available for the media to see, followed by a segment the next day on the Today Show (David green can help with this). After the Today Show segment, you want to have a large investor of Google (George can help us determine that) come forward and say that Google needs to change its behavior/demand reform. Next, you want NewsCorp to develop and place an editorial in the WSJ emphasizing that Google's stock will lose value in the face of a sustained attack by AGs and noting some of the possible causes of action we have developed.

As Google notes in its legal filing about this email, the "plan" states that if this effort fails, then the next step will be to file the subpoena (technically a CID or "civil investigatory demand") on Google, written by the MPAA but signed by Hood.

As Google points out, this makes it pretty clear that the MPAA, studios and Hood were working hand in hand in all of this and that the subpoena had no legitimate purpose behind it, but rather was the final step in a coordinated media campaign to pressure Google to change the way its search engine works.

Submission + - Twitter censors plagiarized tweets that repeat copyrighted joke->

Mark Wilson writes: Can a joke be copyrighted? Twitter seems to think so. As spotted by Twitter account Plagiarism is Bad a number of tweets that repeat a particular joke are being hidden from view. The tweets have not been deleted as such, but their text has been replaced with a link to Twitter's Copyright and DMCA policy.

The joke in question? "Saw someone spill their high end juice cleanse all over the sidewalk and now I know god is on my side." Perform a search for the text and, while you will find several tweeted instances of it available at the moment, there are many examples of tweets that have been censored.

Link to Original Source

Submission + - Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet

vivaoporto writes: The Register reports a root-level privilege-escalation exploit that allows one to gain administrator-level privileges on an OS X Yosemite Mac using code so small that fits in a tweet.

The security bug, documented by iOS and OS X guru Stefan Esserwhich, can be exploited by malware and attackers to gain total control of the computer.

This flaw is present in the latest version of Yosemite, OS X 10.10.4, and the beta, version 10.10.5 but is already fixed in the preview beta of El Capitan (OS X 10.11)

Submission + - Giving Doctors Grades Has Backfired

HughPickens.com writes: Beginning in the early 1990s a quality-improvement program began in New York State and has since spread to many other states where report cards were issued to improve cardiac surgery by tracking surgical outcomes, sharing the results with hospitals and the public, and when necessary, placing surgeons or surgical programs on probation. But Sandeep Jauhar writes in the NYT that the report cards have backfired. "They often penalized surgeons, like the senior surgeon at my hospital, who were aggressive about treating very sick patients and thus incurred higher mortality rates," says Jauhar. "When the statistics were publicized, some talented surgeons with higher-than-expected mortality statistics lost their operating privileges, while others, whose risk aversion had earned them lower-than-predicted rates, used the report cards to promote their services in advertisements."

Surveys of cardiac surgeons in The New England Journal of Medicine have confirmed that reports like the Consumer Guide to Coronary Artery Bypass Graft Surgery have limited credibility among cardiovascular specialists, little influence on referral recommendations and may introduce a barrier to care for severely ill patients. According to Jauhar, there is little evidence that the public — as opposed to state agencies and hospitals — pays much attention to surgical report cards anyway. A recent survey found that only 6 percent of patients used such information in making medical decisions. "Surgical report cards are a classic example of how a well-meaning program in medicine can have unintended consequences," concludes Jauhar. "It would appear that doctors, not patients, are the ones focused on doctors’ grades — and their focus is distorted and blurry at best."

Submission + - Comet lander falls silent, scientists fear it has moved

vivaoporto writes: European scientists said that the Philae comet lander has fallen silent on Monday, raising fears that it has moved again on its new home millions of miles from Earth.

Over the last few weeks, Rosetta has been flying along the terminator plane of the comet in order to find the best location to communicate with Philae. However, over the weekend of 10-11 July, the star trackers struggled to lock on to stars at the closer distances. No contact has been made with Philae since 9 July. The data acquired at that time are being investigated by the lander team to try to better understand Philae’s situation.

One possible explanation being discussed at DLR’s Lander Control Center is that the position of Philae may have shifted slightly, perhaps by changing its orientation with respect to the surface in its current location. The lander is likely situated on uneven terrain, and even a slight change in its position – perhaps triggered by gas emission from the comet – could mean that its antenna position has also now changed with respect to its surroundings. This could have a knock-on effect as to the best position Rosetta needs to be in to establish a connection with the lander.

The current status of Philae remains uncertain and is a topic of on-going discussion and analysis. But in the meantime, further commands are being prepared and tested to allow Philae to re-commence operations. The lander team wants to try to activate a command block that is still stored in Philae’s computer and which was already successfully performed after the lander’s unplanned flight across to the surface to its final location.

"Although the mission will now focus its scientific priority on the orbiter, Rosetta will continue attempting – up to and past perihelion – to obtain Philae science packets once a stable link has been acquired," adds Patrick Martin, Rosetta mission manager.

Comment Re:Good thing I used CmdrTaco's info (Score 4, Informative) 446

From The Guardian article (as the krebsonsecurity seems to be slashdotted):

The site, which encourages married users to cheat on their spouses and advertises 37 million members, had its data hacked by a group calling itself the Impact Team. At least two other dating sites, Cougar Life and Established Men, also owned by the same parent group, Avid Life Media, have had their data compromised.

"Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online," the group's statement reads.

The hackers' main point of contention is with the fact that Ashley Madison charges users a fee of 15 pounds to carry out a "full delete" of their information if they decide to leave the site. Although users have the option of permanently hiding their profile free of charge, the company's advertisements claim that the full delete service is the only way to completely remove their information from the servers.

But the hackers say that that claim is âoea complete lieâ.

"Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed," they allege.

Submission + - Robot passes self-awareness test->

vivaoporto writes: Techradar reports that roboticists at the Rensselaer Polytechnic Institute in New York have built a trio of robots that were put through the classic 'wise men puzzle' test of self-awareness — and one of them passed.

As described in the New Scientist article (paywalled):

"They are told that two of them have been given a 'dumbing pill' that stops them talking. In reality the push of a button has silenced them, but none of them knows which one is still able to speak. That’s what they have to work out.

Unable to solve the problem, the robots all attempt to say 'I don’t know'. But only one of them makes any noise. Hearing its own robotic voice, it understands that it cannot have been silenced. 'Sorry, I know now! I was able to prove that I was not given a dumbing pill,' it says. It then writes a formal mathematical proof and saves it to its memory to prove it has understood."

It might sound a pretty simple task for a human, but it's not for a robot — the bot must listen to and understand the question, then hear their own voice saying "I don't know" and recognise it as distinct from another robot's voice, then connect that with the original question to conclude that they hadn't been silenced.

Logical puzzles requiring an element of self-awareness like this are essential in building robots that can understand their role in society. By passing many tests of this type, it's hoped that robots will be able to build up a group of human-like abilities that become useful when combined.

Selmer Bringsjord (the scientist that set up the experiment) will present the work at the RO-MAN conference in Japan, which runs from 31 August to 4 September 2015.

Link to Original Source

Submission + - OPM hack included fingerprints->

schwit1 writes: The Office of Personnel Management announced last week that the personal data for 21.5 million people had been stolen. But for national security professionals and cybersecurity experts, the more troubling issue is the theft of 1.1 million fingerprints.

Much of their concern rests with the permanent nature of fingerprints and the uncertainty about just how the hackers intend to use them. Unlike a Social Security number, address, or password, fingerprints cannot be changedâ"once they are hacked, they're hacked for good. And government officials have less understanding about what adversaries could do or want to do with fingerprints, a knowledge gap that undergirds just how frightening many view the mass lifting of them from OPM.

"It's probably the biggest counterintelligence threat in my lifetime," said Jim Penrose, former chief of the Operational Discovery Center at the National Security Agency and now an executive vice president at the cybersecurity company Darktrace. "There's no situation we've had like this before, the compromise of our fingerprints. And it doesn't have any easy remedy or fix in the world of intelligence."

Link to Original Source

Comment A more complete summary of the situation (Score 5, Informative) 581

A more complete summary of the situation below, based on a rejected submission of the same story.

Reddit policy to be updated, CEO says site was not created "to be a bastion of free speech"

After a string of dramatic events like the removal of the Fappening and FatPeopleHate subreddits, the dismissal of Victoria Taylor and the subsequent AMAgeddon culminating in the resignation of the former CEO Ellen Pao, the recently returned Reddit CEO and site founder Steve Huffman announces that a comprehensive Content Policy and the tools to enforce it are currently in development motivated in part by the media and internal repercussion of "the more offensive and obscene content" on their platform.

Mentioning without specifying some communities "whose purpose is reprehensible" and disclaiming that they "don't have any obligation to support them" the CEO announces an AMA (Ask me Anything) next Thursday 1pm where they "as a community need to decide together what our values are".

The CEO states that "Neither Alexis nor I created reddit to be a bastion of free speech, but rather as a place where open and honest discussion can happen.".

In a top comment in the announcement a site user refutes this claim point to a Forbes article from 2012 where Ohanians, answering a question of what the founding fathers would think of Reddit, replies: "A bastion of free speech on the World Wide Web? I bet they would like itâ. Alexis himself, in a Google Plus post from 2012 (archived version), says that he is "really, really proud of these quotes".

FORTUNE'S FUN FACTS TO KNOW AND TELL: #44 Zebras are colored with dark stripes on a light background.

Working...