Google News Will Purge Sites Masking Their Country of Origin ( 151

An anonymous reader quotes Bloomberg: Google moved to strip from its news search results publications that mask their country of origin or intentionally mislead readers, a further step to curb the spread of fake news that has plagued internet companies this year. To appear in Google News results, websites must meet broad criteria set out by the company, including accurately representing their owners or primary purposes. In an update to its guidelines released Friday, the search giant added language stipulating that publications not "engage in coordinated activity to mislead users."

Additionally the new rules read: "This includes, but isn't limited to, sites that misrepresent or conceal their country of origin or are directed at users in another country under false premises." A popular tactic for misinformation campaigns is to pose as a credible U.S. news outlet. Russian Internet Research Agency, a Kremlin-backed organization, used that technique to reach an audience of nearly 500,000 people, spread primarily through Twitter accounts, Bloomberg reported earlier.


Why Hackers Reuse Malware ( 27

Orome1 shares a report from Help Net Security: Software developers love to reuse code wherever possible, and hackers are no exception. While we often think of different malware strains as separate entities, the reality is that most new malware recycles large chunks of source code from existing malware with some changes and additions (possibly taken from other publicly released vulnerabilities and tools). This approach makes sense. Why reinvent the wheel when another author already created a working solution? While code reuse in malware can make signature-based detection methods more effective in certain cases, more often than not it frees up time for attackers to do additional work on detection avoidance and attack efficacy -- which can create a more dangerous final product.

There are multiple reasons why hackers reuse code when developing their own malware. First, it saves time. By copying code wherever possible, malware authors have more time to focus on other areas, like detection avoidance and attribution masking. In some cases, there may be only one way to successfully accomplish a task, such as exploiting a vulnerability. In these instances, code reuse is a no-brainer. Hacker also tend to reuse effective tactics such as social engineering, malicious macros and spear phishing whenever possible simply because they have a high rate of success.


Ask Slashdot: Is Password Masking On Its Way Out? 234

New submitter thegreatbob writes: Perhaps you've noticed in the last 5 years or so, progressively more entities have been providing the ability to reveal the contents of a password field. While this ability is, in many cases (especially on devices with lousy keyboards), legitimately useful, it does seem to be a reasonable source of concern. Fast forward to today; I was setting up a new router (cheapest dual-band router money can, from Tenda) and I was almost horrified to discover that it does not mask any of its passwords by default. So I ask Slashdot: is password masking really on its way out, and does password masking do anything beyond preventing the casual shoulder-surfer?

Australian Authorities Hacked Computers in the US ( 75

Motherboard is reporting that Australian authorities hacked Tor users in the United States as part of a child pornography investigation. The revelation comes through recently-filed US court documents. The incident underscores a trend where law enforcement around the world are increasingly pursuing targets overseas using hacking tools, raising legal questions around agencies' reach. From the report: In one case, Australian authorities remotely hacked a computer in Michigan to obtain the suspect's IP address. "The Love Zone" was a prolific dark web child abuse site, where users were instructed to upload material at least once a month to maintain access to the forum. By July 2014, the site had over 29,000 members, according to US court documents, constituting what the US Department of Justice described as a "technologically sophisticated conspiracy." In 2014, Queensland Police Service's Task Force Argos, a small, specialised unit focused on combating child exploitation crimes, identified the site's Australian administrator in part because of a localized greeting he signed messages with. The unit quietly took over his account, and for months ran the site in an undercover capacity, posing as its owner. Task Force Argos' logo includes a scorpion, and the tagline "Leave No Stone Unturned." Because The Love Zone was based on the dark web, users typically connected via the Tor network, masking their IP addresses even from the law enforcement agents who were secretly in control of the site. Task Force Argos could see what the users were viewing, and what pages they were visiting, but not where they were really connecting from.

US Army Developing Encrypted Radar Waveform ( 122

An anonymous reader writes: The U.S. army is working on an innovative technology for masking radar emissions in contested territory and environments with heavily congested radio bands. Effective radar system performance is critical in military operations, yet remains a challenge in locations under attack or in areas of high traffic density. Army researchers have now developed a noise-encrypted radar waveform called Advanced Pulse Compression Noise (APCN), which can be tuned in real-time to allow users to adjust radar performance depending on their surroundings. Research scientist, Mark Govoni explained: 'Having the ability to transmit a radar waveform that's continually changing, one that never repeats itself, and looks like noise, is extremely difficult to intercept....and remains anonymous to radar detectors.'

Outside Beijing, a Military-style Bootcamp For "Internet Addiction" 91

Press2ToContinue writes Last year, China recognized internet addiction as an official disorder. Since then, over 6,000 patients have submitted themselves for treatment, after some spent up to 14 hours a day online. And as these amazing pictures show, dealing with it is serious. The Daxing Internet Addiction Treatment Centre (IATC) is a military-style bootcamp nestled in the suburbs of Bejing. The young men that enter its doors are subjected to a strict military regime of exercise, medication and solitary confinement. Any kind of electronic gadgetry is completely banned. Additionally, patients are frequently subjected to psychiatric assessments and brain scans to make sure they stay on the straight and narrow. And the concept is gaining steam; the first Internet Congress on Internet Addiction Disorders was held in Milan in early 2014. Despite its recent official classification, Is internet addiction a real disorder? Or is it a red herring masking depression and escapism? And to make things more indeterminate, Isn't more and more time online the inevitable future?

DoD Declassifies Flu Pandemic Plan Containing Sobering Assumptions 337

An anonymous reader writes "The Department of Defense has just declassified a copy of its 2009 Concept of Operations Plan for an Influenza Pandemic. Among the Plan's scary yet reasonable assumptions are that in the United States, such a pandemic will kill 2 percent of the infected population, or about 2 million people. The plan also assumes that a vaccine won't be available for at least 4 to 6 months after confirmation of sustained human transmission, and that the weekly vaccine manufacturing capability will only produce 1 percent of the total US vaccine required. State and local governments will be overwhelmed, and civilian mortuary operations will require military augmentation. Measures such as limiting public gatherings, closing schools, social distancing, protective sequestration and masking will be required to limit transmission and reduce illness and death. International and interstate transportation will be restricted to contain the spread of the virus. If a pandemic starts outside the US, it will enter the country at multiple locations and spread quickly to other parts of the country. A related document, CONPLAN 3591-09, was released by DoD in 2010."

Student Project Could Kill Digital Ad Targeting 177

An anonymous reader sends this quote from Ad Age: "[Rachel Law's] creation, called 'Vortex,' is a browser extension that's part game, part ad-targeting disrupter that helps people turn their user profiles and the browsing information into alternate fake identities that have nothing to do with reality. People who use the browser tool, which works with Firefox and Chrome, effectively confuse the technologies that categorize web audiences into likely running shoe buyers, in-market auto buyers, or moms interested in cooking and football. ... It's a bit like the ad blocker extensions of yore, except it scrambles information to trick ad targeters, all in service of an addictive game deemed 'Site Miner,' which allows players to fish for cookies visualized as sea creatures. Players can gobble up cookies Pac-Man style, creating a pool of profile information that has nothing to do with their actual web behavior. ... Vortex features a profile switcher that people can use and share to take on a new identity while browsing the web. 'It's a way of masking your identity across networks,' she said."

Casting a Harsh Light On Chinese Solar Panels 149

New submitter Eugriped3z writes with an article in the New York Times that "indicates that manufacturing defect rates for solar panels manufactured in China vary widely, anywhere from 5-22%. Secrecy in the terms of settlements negotiated by attorneys representing multi-million dollar installations perpetuate the problem by masking the identity of unscrupulous or incompetent actors. Meanwhile, Reuters reports that unit labor costs in Mexico are now lower than in China."

Fedora 19 To Stop Masking Passwords 234

First time accepted submitter PAjamian writes "Maintainers of the Anaconda installer in Fedora have taken it upon themselves to show passwords in plaintext on the screen as they are entered into the installer. Following on the now recanted statements of security expert Bruce Schneier, Anaconda maintainers have decided that it is not a security risk to show passwords on your screen in the latest Alpha release of Fedora 19. Members of the Fedora community on the Fedora devel mailing list are showing great concern over this change in established security protocols." Note: the change was first reported in the linked thread by Dan Mashal.

Reading and Calculating With Your Unconscious 85

lee1 writes "Using special techniques that present information to one eye while hiding the information from the conscious mind (by masking it with more distracting imagery presented to the other eye), researchers have shown two new and very unexpected things: we can read and understand short sentences, and we can perform multi-step arithmetic problems, entirely unconsciously. The results of the reading and calculating are available to and influence the conscious mind, but we remain unaware of their existence. While we have known for some time that a great deal of sensory processing occurs below the surface and affects our deliberative behavior, it was widely believed until now that the subconscious was not able to actually do arithmetic or parse sentences."

SMS-Controlled Malware Hijacking Android Phones 94

wiredmikey writes "Security researchers have discovered new Android malware controlled via SMS that can do a number of things on the compromised device including recording calls and surrounding noise. Called TigerBot, the recently discovered malware was found circulating in the wild via non-official Android channels. Based on the code examination, the researchers from NQ Mobile, alongside researchers at North Carolina State University said that TigerBot can record sounds in the immediate area of the device, as well as calls themselves. It also has the ability to alter network settings, report its current GPS coordinates, capture and upload images, kill other processes, and reboot the phone. TigerBot will hide itself on a compromised device by forgoing an icon on the home screen, and by masking itself with a legit application name such as Flash or System. Once installed and active, it will register a receiver with a high priority to listen to the intent with action 'android.provider.Telephony.SMS_RECEIVED.'"

Book Review: The Art of Computer Programming. Volume 4A: Combinatorial Algorithm Screenshot-sm 176

asgard4 writes "Decades in the making, Donald Knuth presents the latest few chapters in his by now classic book series The Art of Computer Programming. The computer science pioneer's latest book on combinatorial algorithms is just the first in an as-of-yet unknown number of parts to follow. While these yet-to-be-released parts will discuss other combinatorial algorithms, such as graph and network algorithms, the focus of this book titled Volume 4A Combinatorial Algorithms Part 1 is solely on combinatorial search and pattern generation algorithms. Much like the other books in the series, this latest piece is undoubtedly an instant classic, not to be missing in any serious computer science library or book collection." Keep reading for the rest of asgard4's review.

PA Laptop Spying Inspires FSF Crowdsourcing Effort 135

holmesfsf writes "Creeped out by the Lower Merion School District's remote monitoring of students? Check out the Free Software Foundation's response to the laptop spying scandal and help build a wiki listing of school districts that provide students with laptops, so that the FSF can campaign against mandatory, proprietary laptops."

Learning JQuery 1.3 Screenshot-sm 153

Michael J. Ross writes "Of all Web technologies, JavaScript may have the most checkered past — first heralded as a powerful object-oriented language for jazzing up Web pages, but later condemned as a source of spammy pop-up windows and horrid animations polluting websites everywhere. Yet during the past several years, Web designers and developers are increasingly using JavaScript unobtrusively, for client-site interactivity — as a supplement to server-side functionality, not a replacement, and built upon standards-compliant (X)HTML and CSS. As a result, the once-derided language is now enjoying a true resurgence in interest and use. This has been bolstered by the proliferation of JavaScript libraries, of which jQuery is clearly the front runner. Web programmers seeking to get up to speed on this exciting resource can turn to Learning jQuery 1.3: Better Interaction Design and Web Development with Simple JavaScript Techniques." Keep reading for the rest of Michael's review.

Switzerland's Data Protection Watchdog Wants Street View Disabled 257

glow-in-the-dark writes "The Swiss office for Data Protection has asked Google to turn off Street View within the country because it doesn't meet the conditions demanded when permission was given to go ahead with the photography. Google answered privacy concerns with the following points (I'm translating them from German; here's an automated translation): 'Google will publish in advance where it is going to record the images, so you can act accordingly.' Do they want you to hide? Where is the real obligation here? 'Google has made masking the images of people and car license plates obligatory.' I think this is where trouble starts, because their permission to go ahead appears to have been dependent on how well they did this. I have browsed one particular town as an experiment and was quite quickly able to find unmasked faces. This means that either the algorithm they use doesn't work, or that it is done manually and they've fallen behind (in which case they should not have put up the images). 'Although a picture of a home is generally not covered under Data Protection, Google has agreed to remove them if asked. Follow the same process as removing a person.' I think it wouldn't be half as bad if the pictures weren't taken with a high enough resolution to see inside a house. In short, Google has not been given the easy ride it had in other countries regarding Street View. I actually suspect there is more to come."

Nielsen Recommends Not Masking Passwords 849

Mark writes "Usability expert and columnist Jakob Nielsen wants to abolish password masking: 'Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures.' I've never been impressed by the argument that 'I can't think why we need this (standard) security measure, so let's drop it.' It usually indicates a lack of imagination of the speaker. But in this case, does usability outweigh security?"

UK School Forbids Parents From Taking Pics of Kids Screenshot-sm 12

tonywong writes "Mrs Ethelston's Church of England Primary School, in Uplyme, Devon, prohibited parents photographing their own children during a school event, claiming it was due to changes in child protection and images legislation. This may be harsh but not as bizarre as another UK school attempting to cover up photos of all the students with smiley faces last year. Perhaps the UK has more bogeymen per square kilometer (kilometre if you're a non USian) than the rest of the world, or is the UK on the leading edge of things-to-come?"

Phony TCP Retransmissions Can Hide Secret Messages 188

Hugh Pickens writes "New Scientist reports that a team of steganographers at the Institute of Telecommunications in Warsaw, Poland have figured out how to send hidden messages using the internet's transmission control protocol (TCP) using a method that might help people in totalitarian regimes avoid censorship. Web, file transfer, email and peer-to-peer networks all use TCP, which ensures that data packets are received securely by making the sender wait until the receiver returns a 'got it' message. If no such acknowledgment arrives (on average 1 in 1000 packets gets lost or corrupted), the sender's computer sends the packet again in a system known as TCP's retransmission mechanism. The new steganographic system, dubbed retransmission steganography (RSTEG), relies on the sender and receiver using software that deliberately asks for retransmission even when email data packets are received successfully (PDF). 'The receiver intentionally signals that a loss has occurred,' says Wojciech Mazurczyk. 'The sender then retransmits the packet but with some secret data inserted in it.' Could a careful eavesdropper spot that RSTEG is being used because the first sent packet is different from the one containing the secret message? As long as the system is not over-used, apparently not, because if a packet is corrupted, the original packet and the retransmitted one will differ from each other anyway, masking the use of RSTEG."

Cone of Silence 2.0 91

Village Idiot sends word of a patent granted to MIT researchers for a cone of silence a la Maxwell Smart. This one doesn't use plastic, but rather active and networked sensors and speakers embedded in a (probably indoor) space such as an open-plan office. "In 'Get Smart,' secret agents wanting a private conversation would deploy the 'cone of silence,' a clear plastic contraption lowered over the agents' heads. It never worked — they couldn't hear each other, while eavesdroppers could pick up every word. Now a modern cone of silence that we are assured will work is being patented by engineers Joe Paradiso and Yasuhiro Ono of the Massachusetts Institute of Technology. ... Instead of plastic domes, they use a sensor network to work out where potential eavesdroppers are, and speakers to generate a subtle masking sound at just the right level. ... The array of speakers... aims a mix of white noise and randomized office hubbub at the eavesdroppers. The subtle, confusing sound makes the conversation unintelligible." One comment thread on the article wonders about the propriety of tracking people around an office in order to preserve privacy.

Slashdot Top Deals