Security

One Year After WannaCry, EternalBlue Exploit Is Bigger Than Ever (bleepingcomputer.com) 62

An anonymous reader quotes a report from Bleeping Computer: Exactly one year after the biggest cyber-security incident in history, the exploit at the heart of the WannaCry attack is now more popular than ever, according to telemetry data gathered by Slovak antivirus vendor ESET. Named EternalBlue, the exploit was supposedly developed by the cyber division of the U.S. National Security Agency. EternalBlue was part of a large cache of tools that a hacker group known as The Shadow Brokers stole from NSA servers in 2016 and then leaked online from August 2016 to April 2017. Many suspect the NSA might have notified Microsoft of what the Shadow Brokers stole, because in March 2017, a month before EternalBlue was released, Microsoft released MS17-010, a security bulletin containing patches for the many SMB-targeting exploits included in the Shadow Broker leak.

Even if EternalBlue is not being used anymore to help ransomware become a virulent nightmare on a global level (only on a network level), most regular users don't know that it's still one of today's biggest threats. This threat doesn't only come from malware authors continuing to weaponize it for a diverse set of operations. Malware authors wouldn't ever bother with an inefficient exploit. ExploitBlue continues to be a threat because of the vulnerable machines still available online. According to Nate Warfield of the Microsoft Security Response Center, there are still plenty of vulnerable Windows systems exposing their SMB service available online.

Education

H-1B Visa Alternative 'OPT' Grew 400 Percent In Eight Years, Report Finds 185

theodp writes: Almost 1.5 million foreign students have been allowed to stay and work in the U.S. after graduation as part of the Optional Practical Training (OPT) program, which is now larger than the controversial H-1B program (Warning: source may be paywalled; alternative source). According to new Pew Research analysis of U.S. Immigration and Customs Enforcement data obtained through a Freedom of Information Act request, the number of students authorized to work under OPT has grown 400% since the federal government in 2008 increased the amount of time graduates with science, technology, engineering and math (STEM) degrees could remain in the United States and work. More than half of those working under OPT from 2004 to 2016 were in STEM fields, Pew found, and as a result, were eligible for the so-called STEM extension.

The OPT program added a 17-month STEM extension in 2008, shortly after Microsoft co-founder Bill Gates suggested it in testimony to Congress after complaining that the cap for the H-1B program had caused a serious disruption in the flow of talented STEM graduates to U.S. companies. In 2016, another 12-month extension was added after a Federal judge threatened to torpedo the STEM extension program, saying it "appears to have been adopted directly from the unanimous suggestions by Microsoft and similar industry groups." In its Top Ten Tech Issues for 2018, Microsoft expressed "concern that in 2018 the White House will announce a rollback of the extended period of Optional Practical Training for STEM graduates." Pew also took note of allegations that "visa mills" have sprung up in response to demand driven by the OPT program.
Transportation

Tesla's Engineering Chief Takes Leave of Absence (wsj.com) 57

Tesla's senior vice president of engineering, Doug Field, is taking a leave of absence from the company (Warning: source may be paywalled; alternative source) at a crucial moment when the electric-car maker is struggling to boost production of the Model 3 sedan. While Tesla declined to say when he would come back, one person familiar with the matter described the absence as a "six-week sabbatical." The Wall Street Journal reports: Mr. Field has been a key leader at Silicon Valley auto maker since joining in 2013 from Apple. He oversees the engineering of Tesla's vehicles, and last year he was also given oversight of production to better align the two efforts. That changed this spring when Chief Executive Elon Musk acknowledge he retook control of production. The Silicon Valley auto maker is at a critical juncture as it tries to produce enough Model 3 cars to generate cash to fund the business and instill confidence in investors the company can create its first mass-market vehicle.

Tesla has a history of key executives departing on so-called sabbaticals. Jerome Guillen, Tesla's current vice president of truck and programs, for example, took a sabbatical in 2015 from his role as vice president of worldwide sales and service only to return in the new role. He had led development of the Model S sedan. The hiring of Mr. Field from Apple, where he was vice president of Mac hardware engineering, was touted as a win for Mr. Musk who had big ambitions for the electric-car company. Mr. Field had also worked at Ford and Segway, giving him unique experience in both the tech and autos industry.

Government

North Korea Announces Plans To Dismantle Nuclear Test Site (npr.org) 216

The Associated Press is reporting North Korea has announced plans to dismantle its nuclear test site between May 23 and 25. The dismantling will occur before President Trump is scheduled to meet with Kim Jong-un in Singapore on June 12. NPR reports: Reuters reports that Punggye-ri nuclear test site has been the location of all of North Korea's six known nuclear tests. At the site, there's a system of tunnels under the mountain Mount Mantap. Journalists from the United States, South Korea, China, Russia and Britain will be invited to watch a special ceremony in which all of the tunnels at the testing ground will be destroyed and observation and research facilities and guard units will be taken down. The North Korean government will provide journalists with a charter flight from Beijing to Wosnan, North Korea. From there, a train will take them to the test site in the northeast part of the country.

The AP also reports that at a ruling party meeting last month, North Korea announced the plan to close the nuclear testing ground, along with a commitment to suspend all tests of nuclear devices and ICBMs. At that same meeting, however, North Korea said it has been performing a kind of nuclear test classified as "subcritical." The "subcritical" experiments give scientists an opportunity to test weapons without causing an actual nuclear chain reaction and explosion.

Security

Hacker Shuts Down Copenhagen's Public City Bikes System (bleepingcomputer.com) 72

An anonymous reader writes: "An unidentified hacker has breached Bycyklen -- Copenhagen's city bikes network -- and deleted the organization's entire database, disabling the public's access to bicycles over the weekend," reports Bleeping Computer. "The hack took place on the night between Friday, May 4, and Saturday, May 5, the organization said on its website. Bycyklen described the hack as "rather primitive," alluding it may have been carried out "by a person with a great deal of knowledge of its IT infrastructure." Almost 2,000 bikes were affected, and the company's employees have been working for days, searching for bikes docked across the city and installing a manual update to restore functionality. The company is holding a "treasure hunt," asking users to hunt down and identify non-functional bikes.
Businesses

Boston Dynamics' SpotMini Robot Dog Will Go On Sale Next Year (cnet.com) 61

Almost two years ago, Boston Dynamics unveiled their SpotMini robot to the world. It's a four-legged machine that can open doors and power through disturbances. CNET reports that the SpotMini will go on sale next year "for companies that want a mechanical quadruped to get to places a wheeled device can't reach." From the report: Boston Dynamics has 10 SpotMini prototypes now and will work with manufacturing partners to build 100 this year, company co-founder and President Marc Raibert said at a TechCrunch robotics conference Friday. "That's a prelude to getting into a higher rate of production" in anticipation of sales next year, he said.

Raibert didn't reveal price plans, but said the SpotMini robots could be useful for security patrols or for helping construction companies keep tabs on what's happening at building sites. SpotMini can be customized with attachments and extra software for particular jobs, he said. Eventually, though, the company hopes to sell it for use in people's homes.

Cellphones

US Appeals Court Rules Border Agents Need Suspicion To Search Cellphones (reason.com) 116

On Thursday, a federal appeals court ruled that U.S. border agents need some sort of reason to believe a traveler has committed a crime before searching their cellphone. Slashdot reader Wrath0fb0b shares an analysis via Reason, written by Fourth Amendment scholar Orin Kerr: Traditionally, searches at the border don't require any suspicion on the theory that the government has a strong sovereign interest in regulating what enters and exits the country. But there is caselaw indicating that some border searches are so invasive that they do require some kind of suspicion. In the new case, Kolsuz (PDF), the Fourth Circuit agrees with the Ninth Circuit that at least some suspicion is required for a forensic search of a cell phone seized at the border. This is important for three reasons. First, the Fourth Circuit requires suspicion for forensic searches of cell phones seized at the border. Second, it clarifies significantly the forensic/manual distinction, which has always been pretty uncertain to me. Third, it leaves open that some suspicion may be required for manual searches, too.

But wait, that's not all. In fact, I don't think it's the most important part of the opinion. The most important part of the opinion comes in a different section, where the Fourth Circuit adds what seems to be a new and important limit on the border search exception: a case-by-case nexus requirement to the government interests that justify the border search exception. Maybe I'm misreading this passage, but it strikes me as doing something quite new and significant. It scrutinizes the border search that occurred to see if the government's cause for searching in this particular case satisfied "a 'nexus' requirement" of showing sufficient connection between the search and "the rationale for the border search exception," requiring a link between the "predicate for the search and the rationale for the border exception." In other words, the Fourth Circuit appears to be requiring the government to identify the border-search-related interest justifying that particular search in order to rely on the border search exception.
"The analysis is interesting throughout, and it would be a fairly large limitation on digital searches conducted at the border, both in requiring some articulable suspicion for digital searches and in the requirement to justify the relationship between the search and the border inspection," writes Wrath0fb0b.
Education

Carnegie Mellon Launches Undergraduate Degree In AI (cmu.edu) 76

Earlier this week, Carnegie Mellon University announced plans to offer an undergrad degree in artificial intelligence. The news may be especially attractive for students given how much tech giants have been ramping up their AI efforts in the recent years, and how U.S. News & World Report ranked Carnegie Mellon University as the No. 1 graduate school for AI. An anonymous reader shares the announcement with us: Carnegie Mellon University's School of Computer Science will offer a new undergraduate degree in artificial intelligence beginning this fall, providing students with in-depth knowledge of how to transform large amounts of data into actionable decisions. SCS has created the new AI degree, the first offered by a U.S. university, in response to extraordinary technical breakthroughs in AI and the growing demand by students and employers for training that prepares people for careers in AI.

The bachelor's degree program in computer science teaches students to think broadly about methods that can accomplish a wide variety of tasks across many disciplines, said Reid Simmons, research professor of robotics and computer science and director of the new AI degree program. The bachelor's degree in AI will focus more on how complex inputs -- such as vision, language and huge databases -- are used to make decisions or enhance human capabilities, he added. AI majors will receive the same solid grounding in computer science and math courses as other computer science students. In addition, they will have additional course work in AI-related subjects such as statistics and probability, computational modeling, machine learning, and symbolic computation. Simmons said the program also would include a strong emphasis on ethics and social responsibility. This will include independent study opportunities in using AI for social good, such as improving transportation, health care or education.

The Internet

Russian Fake News Ecosystem Targets Syrian Human Rights Workers (securityledger.com) 259

chicksdaddy shares a report from The Security Ledger: Kremlin linked news sites like RT and Sputnik figure prominently in an online disinformation campaign portraying Syrian humanitarian workers ("White Helmets") as terrorists and crisis actors, according to an analysis (PDF) by researchers at University of Washington and Harvard. An online "echosystem" of propaganda websites including Russia backed news outlets Sputnik and RT is attacking the credibility of humanitarian workers on the ground in rebel occupied Syria, according to a new analysis by researchers at The University of Washington and Harvard University. Online rumors circulated through so called "alternative" media sites have attacked the Syrian Civil Defense (aka "White Helmets") as "crisis actors" and Western agents working on behalf of the U.S. and NATO. Statistical analysis of the online rumors reveal a tight network of websites sharing nearly identical content via Twitter and other social media platforms, wrote Kate Starbird. Starbird is an Assistant Professor of Human Centered Design & Engineering at University of Washington and a leading expert on so-called "crisis informatics."

In activity reminiscent of the disinformation campaigns that roiled the U.S. Presidential election in 2016, articles by what Starbird describes as "a few prominent journalists and bloggers" writing for self described "alternative" news sites like 21stCenturyWire, GlobalResearch, MintPressNews, and ActivistPost are picked up by other, smaller and more niche websites including both left- and right-leaning partisan news sites, "clickbait sites," and conspiracy theory websites. Government funded media outlets from Syria, Iran, Hezbollah and Russia figure prominently in the Syrian disinformation campaign, Starbird's team found. In particular, "Russian government-funded media outlets (i.e. SputnikNews and RT) play a prominent and multi-faceted role within this ecosystem," she wrote.

Science

Scientists To Grow 'Mini-Brains' Using Neanderthal DNA (theguardian.com) 71

Scientists will grow small amounts of tissue, known as brain organoids, from human stem cells that have been edited to contain "Neanderthalized" versions of several genes. "The lentil-sized organoids, which are incapable of thoughts or feelings, replicate some of the basic structures of an adult brain," reports The Guardian. "They could demonstrate for the first time if there were meaningful differences between human and Neanderthal brain biology." From the report: The latest work focuses on differences in three genes known to be crucial for brain development. Using the editing technique Crispr, changes have been introduced into human stem cells to make them closer to Neanderthal versions. The stem cells are coaxed using chemical triggers to become neurons, which spontaneously clump together and self-organize into miniature brain-like structures that grow to a few millimeters in diameter. The lack of any sensory input means the internal wiring is haphazard and varies from one blob to the next. The scientists will compare the Neanderthalized organoids and the fully human ones to assess the speed at which the stem cells divide, develop and organize into three-dimensional brain structures and whether the brain cells wire up differently. The work won't reveal which species is "smarter," but could hint at differences in the ability to plan, socialize and use language.
Privacy

The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too (thedailybeast.com) 33

An anonymous reader quotes a report from The Daily Beast: Securus Technologies' programs are used in thousands of prisons and detention centers nationwide to track calls to inmates, but the company's offerings are also capable of tracking and geolocating people's cellphones without any warrant or oversight, The New York Times reports. Securus obtains location information though data from major cellphone providers the same way marketers do. It also advertises the technology to law-enforcement agencies as a tool to find murder suspects, missing people, and those at-large -- but the feature can easily be abused for access to millions of cellphone users.

One Missouri sheriff used the service at least 11 times between 2014 and 2017, and secretly tracked state highway patrol members and a judge, prosecutors said. While the company said it "required customers to upload a legal document" to certify the location lookup, the Federal Communications Commission claims Securus did not "conduct any review of surveillance requests" -- giving law enforcement tracking power without verification of approval or oversight.

Displays

Microsoft To Replace Surface Pro 4 Tablets Affected By Screen Flickering (theverge.com) 41

Microsoft is unable to find a software or firmware fix for Surface Pro 4 tablets affected by screen flickering, so it's launching a replacement program for them. Any Surface Pro 4 units experiencing the problem will be covered for up to three years from the time of original purchase. The Verge reports: The annoying flickering has been well-documented on Microsoft's support forums, with some users taking drastic steps like putting their Surface Pro 4 in a freezer to temporarily fix the issue. Back in February, Microsoft said it was closely monitoring the situation, and the company came to the conclusion that there's no convenient fix. Some customers have already paid for a screen replacement to stop the flickering since the problem typically arises when a machine is out of warranty; Microsoft says they'll be "offered a refund." The company notes that this three-year coverage doesn't extend to other problems your Surface Pro might experience outside the warranty period; it only applies to the screen issue. Replacement devices are refurbished -- not brand new -- Surface Pro 4s.
AI

Google's 'Duplex' System Will Identify Itself When Talking To People, Says Google (businessinsider.com) 77

Google's "Duplex" AI system was the most talked about product at Google I/O because it called into question the ethics of an AI that cannot easily be distinguished from a real person's voice. The service lets its voice-based digital assistant make phone calls and write emails for you, causing many to ask if the system should come with some sort of warning to let the other person on the line know they are talking to a computer. According to Business Insider, "a Google spokesperson confirmed [...] that the creators of Duplex will 'make sure the system is appropriately identified' and that they are 'designing this feature with disclosure built-in.'" From the report: Here's the full statement from Google: "We understand and value the discussion around Google Duplex -- as we've said from the beginning, transparency in the technology is important. We are designing this feature with disclosure built-in, and we'll make sure the system is appropriately identified. What we showed at I/O was an early technology demo, and we look forward to incorporating feedback as we develop this into a product."

Google CEO Sundar Pichai preemptively addressed ethics concerns in a blog post that corresponded with the announcement earlier this week, saying: "It's clear that technology can be a positive force and improve the quality of life for billions of people around the world. But it's equally clear that we can't just be wide-eyed about what we create. There are very real and important questions being raised about the impact of technology and the role it will play in our lives. We know the path ahead needs to be navigated carefully and deliberately -- and we feel a deep sense of responsibility to get this right." In addition, several Google insiders have told Business Insider that the software is still in the works, and the final version may not be as realistic (or as impressive) as the demonstration.

Slashdot Top Deals