Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Russians Hacked Arizona Voter Registration Database -Official (time.com)

alir1272 writes: Russians were responsible for the recent breach of Arizona’s voter registration system, the FBI told state officials in June.

Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan said on Monday that FBI investigators did not say whether the hackers were working for the Russian government or not, the Washington Post reported. He said hackers gained access after stealing the username and password of an election official in Gila County, rather than compromising the state or county system.

The Internet

Researchers Map Locations of 4,669 Servers In Netflix's Content Delivery Network (ieee.org) 11

Wave723 writes from a report via IEEE Spectrum: For the first time, a team of researchers has mapped the entire content delivery network that brings Netflix to the world, including the number and location of every server that the company uses to distribute its films. They also independently analyzed traffic volumes handled by each of those servers. Their work allows experts to compare Netflix's distribution approach to those of other content-rich companies such as Google, Akamai and Limelight. To do this, IEEE Spectrum reports that the group reverse-engineered Netflix's domain name system for the company's servers, and then created a crawler that used publicly available information to find every possible server name within its network through the common address nflxvideo.net. In doing so, they were able to determine the total number of servers the company uses, where those servers are located, and whether the servers were housed within internet exchange points or with internet service providers, revealing stark differences in Netflix's strategy between countries. One of their most interesting findings was that two Netflix servers appear to be deployed within Verizon's U.S. network, which one researcher speculates could indicate that the companies are pursuing an early pilot or trial.

Submission + - OPPD announces official closing date for Fort Calhoun nuclear plant: Oct. 24 (omaha.com)

mdsolar writes: The Omaha Public Power District will permanently shut down its nuclear plant at Fort Calhoun on Oct. 24, according to a recent letter from the utility’s top executive to the U.S. Nuclear Regulatory Commission.

Correspondence obtained by The World-Herald and dated Aug. 25 was sent to officials at the NRC and the State of Nebraska.

“OPPD has completed analysis of the factors influencing the date for shutdown of (Fort Calhoun),” OPPD President and Chief Executive Tim Burke said in the letter.

Thus will kick into gear the plant’s decommissioning, which includes the removal and transfer of nuclear fuel from the reactor into the spent fuel pool. That’s where the fuel rods will be placed for about 18 months while they burn off energy to the point they can cool to a level that permits transfer into a more permanent storage facility.

In all, the decommissioning process could take up to 60 years and will cost OPPD as much as $1.5 billion.

Submission + - IRS doesn't tell 1 million taxpayers that illegal immigrants stole their SSNs (washingtontimes.com)

schwit1 writes: The IRS has discovered more than 1 million Americans whose Social Security numbers were stolen by illegal immigrants, but officials never bothered to tell the taxpayers themselves, the agency’s inspector general said in a withering new report released Tuesday.

Investigators first alerted the IRS to the problem five years ago, but it’s still not fixed, the inspector general said, and a pilot program meant to test a solution was canceled, and fell woefully short anyway.

As a result most taxpayers don’t learn that their identities have been stolen and their Social Security files may be screwed up.

“Taxpayers identified as victims of employment-related identity theft are not notified,” the inspector general said.

And we should put the federal government in charge of healthcare?

Submission + - DHS eyes special declaration to take charge of elections (washingtonexaminer.com)

schwit1 writes: Even before the FBI identified new cyber attacks on two separate state election boards, the Department of Homeland Security began considering declaring the election a "critical infrastructure," giving it the same control over security it has over Wall Street and and the electric power grid.

"Those who cast the votes decide nothing. Those who count the votes decide everything." Stalin

The Courts

Revived Lawsuit Says Twitter DMs Are Like Handing ISIS a Satellite Phone (theverge.com) 77

An anonymous reader quotes a report from The Verge: A long-standing lawsuit holding Twitter responsible for the rise of ISIS got new life today, as plaintiffs filed a revised version of the complaint (PDF) that was struck down earlier this month. In the new complaint, the plaintiffs argue Twitter's Direct Message service is akin to providing ISIS with physical communications equipment like a radio or a satellite phone. The latest complaint is largely the same as the one filed in January, but a few crucial differences will be at the center of the court's response. The plaintiffs also offer new arguments for why Twitter might be held responsible for the attack. In the dismissal earlier this month (PDF), District Judge William Orrick faulted the plaintiffs for not articulating a case for why providing access to Twitter's services constituted material aid to ISIS. "Apart from the private nature of Direct Messaging, plaintiffs identify no other way in which their Direct Messaging theory seeks to treat Twitter as anything other than a publisher of information provided by another information content provider," the ruling reads. At the same time, the judge found that the privacy of those direct messages "does not remove the transmission of such messages from the scope of publishing activity." The new complaint includes some language that might address that concern, explicitly comparing Twitter to other material communication tools. "Giving ISIS the capability to send and receive Direct Messages in this manner is no different than handing it a satellite phone, walkie-talkies or the use of a mail drop," the new complaint reads, "all of which terrorists use for private communications in order to further their extremist agendas." The Safe Harbor clause has been used in the past to protect service providers from liability for hosting data on their network. However, "Brookings Institute scholar Benjamin Witters argued against protecting Twitter under the Safe Harbor clause, claiming that the current reasoning would also protect companies that actively offer services in support of terrorists."
Java

Slashdot Asks: What Are Your Favorite Java 8 Features? (infoworld.com) 156

New submitter liveedu shares with us a report from InfoWorld: When Java 8 was released two years ago, the community graciously accepted it, seeing it as a huge step toward making Java better. Its unique selling point is the attention paid to every aspect of the programming language, including JVM (Java Virtual Machine), the compiler, and other help-system improvements. Java is one of the most searched programming languages according to TIOBE index for July 2016, where Java ranks number one. Its popularity is also seen on LiveCoding, a social live coding platform for engineers around the world, where hundreds and thousands of Java projects are broadcasted live. InfoWorld highlights five Java 8 features for developers in their report: lambda expressions, JavaScript Nashorn, date/time APIs, Stream API and concurrent accumulators. But those features only scratch the surface. What makes Java 8 amazing in your opinion? What are your favorite Java 8 features that help you write high quality code? You can view the entire list of changes made to the programming language here.
Google

Google Login Bug Allows Credential Theft (onthewire.io) 25

Trailrunner7 writes from a report via On the Wire: Attackers can add an arbitrary page to the end of a Google login flow that can steal users' credentials, or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process. A researcher in the UK identified the vulnerability recently and notified Google of it, but Google officials said they don't consider it a security issue. The bug results from the fact that the Google login page will take a specific, weak GET parameter. Using this bug, an attacker could add an extra step to the end of the login flow that could steal a user's credentials. For example, the page could mimic an incorrect password dialog and ask the user to re-enter the password. [Aidan Woods, the researcher who discovered the bug,] said an attacker also could send an arbitrary file to the target's browser any time the login form is submitted. In an email interview, Woods said exploiting the bug is a simple matter. "Attacker would not need to intercept traffic to exploit -- they only need to get the user to click a link that they have crafted to exploit the bug in the continue parameter," Woods said. Google told Woods they don't consider this a security issue.
PlayStation (Games)

PlayStation Now Streaming Service Available On Windows PCs (techcrunch.com) 36

Earlier this month, Sony announced PlayStation 3 games would be coming to Windows. Specifically, the company would be bringing its PlayStation Now game-streaming program to Windows PCs. Today, the service has officially launched and is available on Windows PCs. TechCrunch reports: "A 12-month subscription to PlayStation Now will run you $99.99 as part of a limited-time promotion to celebrate the PC launch. Normally, a PS Now subscription will run you more than double that. What does PlayStation Now actually provide? Access to a library of over 50 'Greatest Hits' games, which include popular titles like Mafia II, Tom Raider: GOTY edition, Borderlands and Heavy Rain. There's also over 100 console exclusives available to PC users for the first time, and a total library north of 400 games." If you're interested, you can download the app here. A USB adapter is set to go on sale September 6 that will allow you to use a DualShock 4 wireless controller with your PC.
Chrome

Google Integrates Cast Into Chrome, No Extension Required (venturebeat.com) 28

An anonymous reader writes from a report via VentureBeat: On Monday, Google announced Google Cast is now built right into Chrome, allowing anyone using the company's browser to cast content to supported devices without having to install or configure anything. The Google Cast extension for Chrome, which launched in July 2013, is no longer required for casting. The report adds: "Here's how it works. When you browse websites that are integrated with Cast, Chrome will now show you a Cast icon as long as you're on the same network as a Cast device. With a couple of clicks, you can view the website content on your TV, listen to music on your speakers, and so on. In fact, Google today also integrated Hangouts with Google Cast: Signed-in users on Chrome 52 or higher can now use the 'Cast...' menu item from Chrome to share the contents of a browser tab or their entire desktop into a Hangout." The support document details all the ways you you can use Google Cast with Chrome.

Submission + - How many servers does it take to deliver Netflix to the world? This many (ieee.org)

Wave723 writes: For the first time, a team of researchers has mapped the entire content delivery network that brings Netflix to the world, including the number and location of every server that the company uses to distribute its films. They also independently analyzed traffic volumes handled by each of those servers. Their work allows experts to compare Netflix's distribution approach to those of other content-rich companies such as Google, Akamai and Limelight.

To do this, IEEE Spectrum reports that the group reverse-engineered Netflix's domain name system for the company's servers, and then created a crawler that used publicly available information to find every possible server name within its network through the common address nflxvideo.net. In doing so, they were able to determine the total number of servers the company users, where those servers are located, and whether the servers were housed within Internet exchange points or with Internet service providers, revealing stark differences in Netflix's strategy between countries.

One of their most interesting findings was that two Netflix servers appear to be deployed within Verizon's U.S. network, which one researcher speculates could indicate that the companies are pursuing an early pilot or trial.

Submission + - Weaponizing Disinformation (nytimes.com)

XXongo writes: With a vigorous national debate underway on whether Sweden should enter a military partnership with NATO, officials in Stockholm suddenly encountered an unsettling problem: a flood of distorted and outright false information on social media, confusing public perceptions of the issue. As the defense minister, Peter Hultqvist, traveled the country to promote the pact in speeches and town hall meetings, he was repeatedly grilled about the bogus stories.
The planting of false stories is nothing new; the Soviet Union devoted considerable resources to that during the ideological battles of the Cold War. Now, though, disinformation is regarded as an important aspect of Russian military doctrine, and it is being directed at political debates in target countries with far greater sophistication and volume than in the past, using everything from paid internet trolls to faked documents to dubious news stories planted in conventional media.
The fundamental purpose of dezinformatsiya, or Russian disinformation, experts said, is to undermine the official version of events — even the very idea that there is a true version of events — and foster a kind of policy paralysis.

Encryption

FBI Director Says Prolific Default Encryption Hurting Government Spying Efforts (go.com) 238

SonicSpike quotes a report from ABC News: FBI Director James Comey warned again Tuesday about the bureau's inability to access digital devices because of encryption and said investigators were collecting information about the challenge in preparation for an "adult conversation" next year. Widespread encryption built into smartphones is "making more and more of the room that we are charged to investigate dark," Comey said in a cybersecurity symposium. The remarks reiterated points that Comey has made repeatedly in the last two years, before Congress and in other settings, about the growing collision between electronic privacy and national security. "The conversation we've been trying to have about this has dipped below public consciousness now, and that's fine," Comey said at a symposium organized by Symantec, a technology company. "Because what we want to do is collect information this year so that next year we can have an adult conversation in this country." The American people, he said, have a reasonable expectation of privacy in private spaces -- including houses, cars and electronic devices. But that right is not absolute when law enforcement has probable cause to believe that there's evidence of a crime in one of those places, including a laptop or smartphone. "With good reason, the people of the United States -- through judges and law enforcement -- can invade our private spaces," Comey said, adding that that "bargain" has been at the center of the country since its inception. He said it's not the role of the FBI or tech companies to tell the American people how to live and govern themselves. "We need to understand in the FBI how is this exactly affecting our work, and then share that with folks," Comey said, conceding the American people might ultimately decide that its privacy was more important than "that portion of the room being dark." Comey made his remarks to the 2016 Symantec Government Symposium. The Daily Dot has another take on Comey's remarks, which you can read here.

Submission + - Was St. Jude Medical Device Hack Report Just Armchair Engineering? (securityledger.com)

chicksdaddy writes: The battle of words over warnings from a Wall Street trader about serious security flaws in implantable medical devices (https://securityledger.com/2016/08/the-big-short-alleged-security-flaws-fuel-bet-against-st-jude-medical/) continued on Tuesday, as researchers from The University of Michigan joined St. Jude itself in raising doubts about research that was used by the investment firm Muddy Waters to bet against ( or “short”) the stock of St. Jude Medical, a major medical device maker, The Security Ledger reports (https://securityledger.com/2016/08/short-sheet-researchers-raise-doubts-on-st-jude-research/).

In a statement released on Tuesday, Kevin Fu and Thomas Crawford of the Archimedes Center for Medical Device Research did not directly challenge the findings of the report by Muddy Waters and the firm MedSec, but did suggest that, rather than being evidence of a successful attack, the output observed by the researchers may have been typical for a home-monitored implantable cardiac defibrillator (ICD) device being tested while not properly connected to a patient.

“The U-M team reproduced error messages the report cites as evidence of a successful ‘crash attack’ but the messages are the same set of errors that display if the device isn’t properly plugged in,” the University said in a statement.

“We’re not saying the report is false. We’re saying it’s inconclusive because the evidence does not support their conclusions,” said Fu, U-M associate professor of computer science and engineering and director of the Archimedes Center for Medical Device Security. Fu is also co-founder of medical device security startup Virta Labs.

In a separate blog post, Kevin Fu of the University of Michigan said the research that informed the Muddy Waters report may be an example of 'armchair engineering.' (http://blog.secure-medicine.org/2016/08/study-on-st-jude-medical-device_30.html)

The conflict may come down to how different viewers interpret the same events. The behavior witnessed by the MedSec researchers and described in their report may not have been a security issue, but simply evidence of the device acting as designed, Fu and his colleagues say.

A defibrillator’s electrodes are connected to heart tissue via wires that are woven through blood vessels the wires are used both for sensing operations and to send shocks to the heart, if necessary. No surprise, when the defibrillator is not connected to a human host, the data transmitted by the device is quite different.

“When these wires are disconnected, the device generates a series of error messages: two indicate high impedance, and a third indicates that the pacemaker is interfering with itself,” said Denis Foo Kune, former U-M postdoctoral researcher and co-founder of Virta Labs” in a statement.

That behavior is very similar to what is described in the Muddy Waters report on St. Jude as evidence of a successful attack.

While medical knowledge isn’t necessary to find vulnerabilities in a medical device or even hack them, it is critical to understanding the clinical implications of any software flaws and whether there is the possibility of causing harm to patients, Fu said.

Communications

Study: 33% of Facebook Users Want Less News In Their Feed (businessinsider.com) 75

An anonymous reader writes from a report via Business Insider: According to a survey of 526 random Facebook users conducted by Spot.IM, 33% of Facebook users in the U.S. want to see fewer news articles in their feeds. The survey comes at a time when Facebook is desperately trying to improve the quality of publisher articles that gain traction on its platform. Here are some important takeaways from the study: Older people are likelier to want less news in their Facebook feeds. While 33% of all respondents indicated there was too much news and shared links in their Facebook feeds, the majority of this group was individuals aged 30 or older. Those 30-44 (37%), 45-59 (36%), and 60+ (36%) said they want less news in their feeds. Young Facebook users enjoy consuming news on social media. While middle-aged and older Facebook users don't like seeing news in their feeds, those aged 18-29 were much more interested and excited to see even more news articles on Facebook. 32% of respondents in this group wanted to see more news, while just 21% wanted less. This is an encouraging sign for publishers who want to reach a new generation of news consumers. The majority of people don't care about how much news they see on Facebook. Overall, 51% of all surveyed said they simply don't care if more or less news shows up in their Facebook feeds. A study conducted in June by Columbia University says that 59% of people don't even read the articles they share.

Slashdot Top Deals