Submission + - New Wave Wireless - Posts (facebook.com)

An anonymous reader writes: New Wave Wireless is one the fastest growing low rate national coverage cellular service companies in the country! We offer competitive service plans on America’s Largest Networks!

Submission + - Wisconsin company to implant microchips in its employees (foxbusiness.com) 1

walterbyrd writes: Three Square Market (32M), a River Falls-based software design company, says starting August 1st, it will be offering microchips to all their employees. The chips will be implanted underneath the skin between the thumb and forefinger, which will allow employees to pay for food and drinks in the company’s break room, open security doors, and login into their computers without any special cards—or passwords.

Submission + - Roomba's Next Big Step Is Selling Maps of Your Home to the Highest Bidder (gizmodo.com)

AmiMoJo writes: The Roomba is generally regarded as a cute little robot friend that no one would consider to be a potential menace. But for the last couple of years, the robovacs have been quietly mapping homes to maximize efficiency. Now, the device’s makers plan to sell that data to smart home device manufacturers, turning the friendly robot into a creeping, creepy little spy. While it may seem like the information that a Roomba could gather is minimal, there’s a lot to be gleaned from the maps it’s constantly updating. It knows the floor plan of your home, the basic shape of everything on your floor, what areas require the most maintenance, and how often you require cleaning cycles, along with many other data points.

According to the EULA, sharing with some third parties is optional, unless they are the government or Roomba sells itself or part of itself or reorganizes or goes bankrupt.

Submission + - Google Asked Me How I'd Fix Chrome Remote Desktop — Here's How! (vortex.com)

Lauren Weinstein writes: Since my posting a few days ago of “Another Google Accessibility Failure: Chrome Remote Desktop” — https://lauren.vortex.com/2017... — I’ve been contacted by a number of Googlers whom I know, asking me specifically how I’d address the accessibility problems that I noted therein. These queries were all friendly of course — not of the “put up or shut up” variety!

OK, I’ll bite. And Google can have this one for free — but like I’ve said before, this isn’t really rocket science.

Submission + - TiSA: the sleeping monster

Presto Vivace writes: Sleeping Monster: The Trade in Services Agreement (TiSA) and Labor

I’m putting this first because I think our 10%-ers believe that their guilds, their credentials, and getting their children into the right schools, especially as legacies, will protect them (indeed, will transform them into an aristocracy), and 10%-ers, especially in the suburbs, are highly sought voters by both parties. Of course, The Trade Blob is itself composed of 10%-ers, so for them TiSA may turn out to be a cloud no bigger than a man’s hand. Nevertheless, there are at least two issues affecting professionals. One is TiSA’s assault on requirements for “local presence.” Page 53:

Prohibiting requirements for local presence is one of Team TiSA’s principal demands. Accepting that ban would pose major obstacles to effective legal liability, the vetting of qualifications and assessing compliance with technical and professional standards, consumer protections and the ability to tax, as well as monitoring the labour standards of workers who are delivering the service.

At the 30,000-foot level, you can see how eliminating local requirements for “assessing compliance with technical and professional standards” would make the transfer of legal services much more frictionless; why shouldn’t I be able to obtain legal services from an English-speaking lawyer in India or the Phillipines? Granted, lawyers write the laws, so that may be slow to happen — perhap significantly, “Legal Services” do not have a CPC Code under W/120 — but what about (CPC code 862) “Accounting, auditing and bookkeeping services”? Or (8671) “Architectural services”? Or (8672) “Engineering services”? And so on.

TiSA is written with for the benefit of international corporations at the expense of local governments and labor.

Submission + - Uber Plans To Introduce a Tablet In Its Cars in India (ndtv.com)

manishs writes: Uber is taking a page out of Ola's playbook as it pushes to expand business in India, its largest overseas market. Months after its Indian rival introduced its "connected platform" called Ola Play, Uber is set to launch its own infotainment system across several of its cab tiers in the country, people familiar with the matter have told Gadgets 360. The company began testing its infotainment system — an Android tablet that comes loaded with a range of services — in select cities in the country earlier this year. The ride-hailing service now plans to install the tablet on several of its premium cabs including its Uber X fleet, and make it available for passengers in select circles later this year, people said. Uber has been inviting select drivers in New Delhi and other cities to install an HD screen-enabled tablet, according to a source and two drivers who spoke on the condition of anonymity. This is the first time Uber is planning to bring an actual tablet to its cabs in any of the markets where it operates. The company currently offers Uber Trip Experiences in select markets where it lets passengers consume a range of services using their own phone.

Submission + - Fourth Ethereum Platform Hacked This Month: Hacker Steals $8.4M From Veritaseum (bleepingcomputer.com)

An anonymous reader writes: Veritaseum has confirmed today that a hacker stole $8.4 million from the platform's ICO on Sunday, July 23. This is the second ICO hack in the last week and the fourth hack of an Ethereum platform this month. An ICO (Initial Coin Offering) is similar to a classic IPO (Initial Public Offering), but instead of stocks in a company, buyers get tokens in an online platform. Users can keep tokens until the issuing company decides to buy them back, or they can sell the tokens to other users for Ethereum. Veritaseum was holding its ICO over the weekend, allowing users to buy VERI tokens for a product the company was preparing to launch in the realm of financial services.

The hacker breached its systems, stole VERI tokens and immediately dumped them on the market due to the high-demand. The hacker made $8.4 million from the token sale, which he immediately started to launder. In a post-mortem announcement, Middleton posted online today, the Veritaseum CEO said "the amount stolen was miniscule (less than 00.07%) although the dollar amount was quite material." The CEO also suspects that "at least one corporate partner that may have dropped the ball and [might] be liable." Previous Ethereum services hacks include Parity, CoinDash, and Classic Ether Wallet.

Submission + - New details emerge on Fruitfly, a near-undetectable Mac backdoor (zdnet.com)

An anonymous reader writes: Apple released security patches for Fruitfly earlier this year, but variants of the malware have since emerged. The core of the malware is an obfuscated perl script using antiquated code, with indicators in the code that suggest the malware may go back almost half a decade or more, the security firm said. Nevertheless, the malware still works well on modern versions of macOS, including Yosemite. Fruitfly connects and communicates with a command and control server, where an attacker can remotely spy on and control an infected Mac.

Given how rare Mac malware is, especially one with all the hallmarks of what could be a nation state attacker, Patrick Wardle, a former NSA hacker who now serves as chief security researcher at Synack, got to work.

He found that he could take complete control of an infected Mac, including its keyboard and mouse, take screenshots of the display, remotely switch on the webcam, and modify files. The malware can also run commands in the background, and even kill the malware's process altogether — likely in an effort to avoid detection.

"The most interesting feature is that the malware can send an alert when the user is active," said Wardle, so that the attacker can then avoid interfering with the computer to remain stealthy. "I haven't seen that before," he said. He even found that some commands supported additional parameters. What he called the "second byte" to each command would offer more granular options. He explained that he could take screenshots of the display of varying quality — a useful feature for low-bandwidth connections or trying to evade network detection.

He noticed that the malware was communicating out to primary servers that were offline. But some of the backup servers were available.

Submission + - Maritime Disaster in The Artic On The Rise (nytimes.com)

cdreimer writes: According to a report in The New York Times, maritime disaster is on the rise as global warming melts polar ice and opens the Artic to commercial ship traffic:

"When the Crystal Serenity, a 1,000-passenger luxury liner, sails in August on a monthlong Arctic cruise through the Northwest Passage, it will have a far more utilitarian escort: a British supply ship. The Ernest Shackleton, which normally resupplies scientific bases in Antarctica, will help with the logistics of shore excursions along the route from Alaska to New York through Canada’s Arctic Archipelago. But the escort ship will also be there should the Serenity become stuck in ice or if something else goes wrong. The Shackleton can maneuver through ice and will be carrying emergency water and rations for the liner’s passengers and 600 crew members, gear for containing oil spills and a couple of helicopters. As global warming reduces the extent of sea ice in the Arctic, more ships — cargo carriers as well as liners like the Serenity taking tourists to see the region’s natural beauty — will be plying far-northern waters. Experts in maritime safety say that raises concerns about what will happen when something goes wrong."

The International Maritime Organization (IMO) has recently agreed to phase-out of the use of heavy fuel oil (HFO) in the Artic that would be impossible to clean up.

Submission + - Global network of labs will test security of medical devices (securityledger.com)

chicksdaddy writes: Amid increasing concerns about cyber threats to healthcare environments, a global network of labs will test the security of medical devices, according to an announcement on Monday by a consortium of healthcare industry firms, universities and technology firms, The Security Ledger reports. (https://securityledger.com/2017/07/exclusive-whistl-labs-will-be-cyber-range-for-medical-devices/)

The “World Health Information Security Testing Labs (or “WHISTL”) will adopt a model akin to the Underwriters Laboratory, which started out testing electrical devices, and focus on issues related to cyber security and privacy, helping medical device makers “address the public health challenges” created by connected health devices and complex, connected healthcare environments, according to a statement by The Medical Device Innovation, Safety and Security Consortium (http://www.mdiss.org/).

“MDISS WHISTL facilities will dramatically improve access to medical device security know-how while protecting patient privacy and the intellectual property of our various stakeholders,” said Dr. Nordenberg, MD, Executive Director of MDISS.

The labs will be one of the only independent, open and non-profit network of labs specifically designed for the needs of medical field, including medical device designers, hospital IT, and clinical engineering professionals. Experts will assess the security of medical devices using standards and specifications designed by testing organizations like Underwriters Labs. Evaluations will include application security testing like “fuzzing,” static code analysis and penetration testing of devices.

Any vulnerabilities found will be reported directly to manufacturers in accordance with best practices, and publicly disclosed to the international medical device vulnerability database (MDVIPER) which is maintained by MDISS and the National Health Information Sharing and Analysis Center (NH-ISAC).

The group says it plans for 10 new device testing labs by the end of the year including in U.S. in states like New York to Indiana, Tennessee and California and outside North America in the UK, Israel, Finland, and Singapore. The WHISTL facilities will work with Underwriters Labs as well as AAMI, the Association for the Advancement of Medical Instrumentation. Specifically, MDISS labs will base its work on the UL Cybersecurity Assurance Program specifications (UL CAP) and follow testing standards developed by both groups including the UL 2900 and AAMI 80001 standards.

Submission + - World's first floating wind farm emerges off coast of Scotland (bbc.co.uk)

AmiMoJo writes: The world's first full-scale floating wind farm has started to take shape off the north-east coast of Scotland. The revolutionary technology will allow wind power to be harvested in waters too deep for the current conventional bottom-standing turbines. The manufacturer hopes to cash in on a boom in the technology, especially in Japan and the west coast of the US, where waters are deep. The tower, including the blades, stretches to 175m and weighs 11,500 tonnes.

The price of energy from bottom-standing offshore wind farms has plummeted 32% since 2012, and is now four years ahead of the government's expected target. Another big price drop is expected, taking offshore wind to a much lower price than new nuclear power.

Submission + - US Government Dumps Kaspersky After Espionage Insinuations

Rick Zeman writes: The Washington Post writes the that the US General Services Administration has dumped Kaspersky products because of their alleged ties to the Russian Government saying, "... the agency’s statement suggested a vulnerability exists in Kaspersky that could give the Russian government backdoor access to the systems it protects, though they offered no explanation or evidence of it." Kaspersky, of course, denies this, offering their source code up for US Government review, but "Three current and former defense contractors told The Post that they knew of no specific warnings circulated about Kaspersky in recent years, but it has become an unwritten rule at the Pentagon not to include Kaspersky as a potential vendor on new projects."

Submission + - Skylake/Kaby Lake microcode finally fixed

KiloByte writes: After much feet-dragging and trying to sweep the thing under the carpet, Intel has finally released a microcode update that fixes that serious hyper-threading issue we had before.

If you have one of affected processor models (or any Sky/Kaby Lake, to be safe), you'd better install the update immediately. New microcode versions are shipped by Debian and all competent distributions; on Windows you need a BIOS/UEFI update. Sorry if your machine vendor ignores you, like most do.

All known hyper-threading issues are now fixed, after the update you can turn HT back on.

Submission + - Users Leave 45,000 One-Star Facebook Reviews After Hacker's Unjust Arrest (bleepingcomputer.com)

An anonymous reader writes: Over 45,000 users have left one-star reviews on a company's Facebook page after the business reported a security researcher to police and had him arrested in the middle of the night instead of fixing a reported bug. The arrest took place this week in Hungary after an 18-year-old found a flaw in the online ticket-selling system of Budapesti Közlekedési Központ (BKK), Budapest's public transportation authority.

The young man discovered that he could access BKK's website, press F12 to enter the browser's developer tools mode, and modify the page's source code to alter a ticket's price. Because there was no client or server-side validation put in place, the BKK system accepted the operation and issued a ticket at a smaller price. As a demo, the young man says he bought a ticket initially priced at 9459 Hungarian forints ($35) for 50 Hungarian forints (20 US cents).

Instead of thanking the hacker, BKK had police arrest him in the middle of the night and brazenly announce it in a press conference. As details of the case emerged, public outrage grew against BKK and its manager Kálmán Dabóczi, especially after it was revealed that the company was paying around $1 million per year for maintenance of its IT systems, hacked in such a ludicrously simple manner. Tens of thousands of Hungarians have shown their solidarity and support for the teenager by going on Facebook and leaving one-star reviews on BKK's page. Since then, other security lapses have also surfaced on Twitter.

Submission + - Creating the largest neutrino detectors in the world (lbl.gov)

HanzoSpam writes: The Long-Baseline Neutrino Facility (LBNF) will house the international Deep Underground Neutrino Experiment (DUNE), which will be built and operated by a group of roughly 1,000 scientists and engineers from 30 countries.

When complete, LBNF/DUNE will be the largest experiment ever built in the U.S. to study the properties of mysterious particles called neutrinos. Unlocking the mysteries of these particles could help explain more about how the universe works and why matter exists at all.

The DOE’s Fermi National Accelerator Laboratory (Fermilab), located outside Chicago, will generate a beam of neutrinos and send them 1,300 kilometers (800 miles) through the Earth to Sanford Lab, where a four-story-high, 70,000-ton detector will be built beneath the surface to catch those neutrinos.

Submission + - How Cyberwarfare Makes Everyone A Target (wsj.com)

cdreimer writes: According to a report by The Wall Street Journal (paywalled, alternative website), "the war taking place across the global internet, everyone is a combatant—and a target": "This is already a banner year for hacks, breaches and cyberwarfare, but the past week was exceptional. South Carolina reported hackers attempted to access the state’s voter registration system 150,000 times on Election Day last November—part of what former Homeland Security Secretary Jeh Johnson alleges is a 21-state attack perpetrated by Russia. And U.S. intelligence officials alleged that agents working for the United Arab Emirates planted false information in Qatari news outlets and social media, leading to sanctions and a rift with Qatar’s allies. Meanwhile, Lloyd’s of London declared that the takedown of a major cloud service could lead to monetary damages on par with those of Hurricane Katrina. Threats to the real world from the cyberworld are worse than ever, and the situation continues to deteriorate. A new kind of war is upon us, one characterized by coercion rather than the use of force, says former State Department official James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies. Businesses and individuals now are directly affected in ways that were impossible in the first Cold War. In another age, the threat of nuclear annihilation loomed over everyone’s heads, but the cloak-and-dagger doings of global powers remained distinct from the day-to-day operations of businesses. Now, they are hopelessly entangled. The often-unfathomable priorities of terrorists, cybercriminals and state-affiliated hackers only makes things worse."

Submission + - What to do now that wireless routers have locked firmware/bootloaders? 1

thejynxed writes: Awhile ago the FCC in the USA implemented a rule that required manufacturers to restrict end-users from tampering with the radio outputs on wifi routers. It was predicted that manufacturers would take the lazy way out by locking down the firmware/bootloaders of the routers entirely instead of partitioning off access to the radio transmit power and channel ranges. This has apparently proven to be the case, as even now routers that were previously marketed as "Open Source Ready" or "DD-WRT Compatible" are coming with locked firmware. In my case, having noticed this trend, I purchased three routers from Belkin, Buffalo, and Netgear in Canada, the UK, and Germany respectively, instead of the USA, and the results: All three routers had locked firmware/bootloaders, with no downgrade rights and no way to install Tomato, DD-WRT, OpenWRT, etc. It seems the FCC rule is an example of the wide-reaching effect of US law on the products sold in other nations, etc. So, does anyone know a good source of unlocked routers or other technical information on how to bypass this ridiculous outcome of FCC over-reach and manufacturer laziness?

Slashdot Top Deals