Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

Can Iris-Scanning ID Systems Tell the Difference Between a Live and Dead Eye? (ieee.org) 12

the_newsbeagle writes: Iris scanning is increasingly being used for biometric identification because it's fast, accurate, and relies on a body part that's protected and doesn't change over time. You may have seen such systems at a border crossing recently or at a high-security facility, and the Indian government is currently collecting iris scans from all its 1.2 billion citizens to enroll them in a national ID system. But such scanners can sometimes be spoofed by a high-quality paper printout or an image stuck on a contact lens.

Now, new research has shown that post-mortem eyes can be used for biometric identification for hours or days after death, despite the decay that occurs. This means an eye could theoretically be plucked from someone's head and presented to an iris scanner. The same researcher who conducted that post-mortem study is also looking for solutions, and is working on iris scanners that can detect the "liveness" of an eye. His best method so far relies on the unique way each person's pupil responds to a flash of light, although he notes some problems with this approach.

Android

Phones Without Headphone Jacks Are Here... and They're Extremely Annoying (mashable.com) 130

A few weeks ago, we had an intense discussion on what would happen if Apple's next iPhone doesn't have a headphone port -- and what that means for the rest of the industry, as well as the pros and cons of ditching the legacy port. Over the past few months, we have seen many smartphone manufacturers launch new handsets that don't have a headphone jack. Mashable has a report today in which it says that it is already causing frustration among users. From the article: In the Android camp, phones like Lenovo's Moto Z and Moto Z Force and China's LeEco have already scrapped the 3.5mm headphone jack; to listen to music on the company's three latest phones, users need to plug in USB Type-C headphones, go wireless, or use a dongle. I'm all for letting go of old technologies to push forward, but what is happening is actually going to make things worse. The headphone jack has worked for 50 years and it can work for another 50 more because it's universal. Headphones I plug into my iPhone work in an Android phone, in a BlackBerry, in my computer, in my PS4 controller, in my tablet, in any speaker with audio-out, and so on. I can walk into any electronics store and pick up a pair of headphones and not have to worry about compatibility with any of my devices. I know it'll work. [...] With a universal headphone jack, I never have to worry whether or not the crappy pack-in iPhone EarPods I have will work with the Android phone I'm reviewing or not. I also never have to worry if I'll be able to plug my headphones into a friend's phone to listen to some new song. Same applies for when I want to use my earbuds and headphones with another person's device. And there lies the real issue. I will need different dongles -- a Lightning-to-headphone-jack and a USB-Type-C-to-headphone-jack to be prepared because I do carry both iPhone and Android phone on me daily. Dongles also get lost.
Android

Do We Need The Moto Z Smartphones' New Add-On Modules? (hothardware.com) 27

This week saw the release of the Moto Z Droid and Force Droid, new Android smartphones from Motorola and Lenovo with snap-on modules. Slashdot reader MojoKid writes that the Z Force Droid "is sheathed behind Moto ShatterShield technology making it virtually indestructible." Motorola guarantees it not to crack or shatter if dropped... However, what's truly standout are Moto Mods, which are snap-on back-packs of sorts that add new features, like the JBL Speaker, Moto Insta-Projector and Incipio OffGrid Power Pack (2220 mAh) mods... Even the fairly complex projector mod fires up in seconds and works really well.
But the Verge has called it "a good phone headed down the wrong path," adding "this company is competing in the global smartphone market, not a high school science fair, and its success will depend on presenting better value than the competition, not cleverer design. Without the benefit of the value-projecting fairy dust of brands like Apple and Beats, Lenovo will have an uphill climb trying to justify its Moto Mods pricing with functionality and looks, and our review has shown that none of the company's extras are essential."
Android

Turn Your Android Phone Into a Laptop For $99 With the Superbook (techinsider.io) 53

An anonymous Slashdot reader writes: A company called Andromium is attempting to harness the processing power of your Android smartphone and turn it into a full fledged computer. The 'Superbook' consists of a 11.6-inch laptop shell, which you connect to your phone via a USB Micro-B or Type-C cable, and run the Andromium OS application (currently in beta, but available in the Play Store)... The leader of the project and Company co-founder Gordon Zheng, previously worked at Google and pitched the idea to them... They refused so he quit his job and founded Andromium Inc.

In December 2014 the company had introduced their first product which was a dock which used the MHL standard to output to external monitor. That campaign failed, however their newest creation, the Superbook smashed their Kickstarter goal in just over 20 minutes.

And within their first 38 hours, they'd crowdfunded $500,000. In an intriguing side note, Andromium "says it'll open its SDK so developers can tailor their apps for Andromium, too, though how much support that gets remains to be seen," reports Tech Insider. But more importantly, "Andromium says its prototypes are finished, and that it hopes to ship the Superbook to backers by February 2017."
Security

'High-Risk Vulnerabilities' In Oracle File-Processing SDKs Affect Major Third-Party Products (csoonline.com) 10

itwbennett writes: "Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors," writes Lucian Constantin on CSOonline. The vulnerabilities, which were found by researchers from Cisco's Talos team, are in the Oracle Outside In Technology (OIT), a collection of SDKs that are used in third-party products, including Microsoft Exchange, Novell Groupwise, IBM WebSphere Portal, Google Search Appliance, Avira AntiVir for Exchange, Raytheon SureView, Guidance Encase and Veritas Enterprise Vault.

"It's not clear how many of those products are also affected by the newly patched seventeen flaws, because some of them might not use all of the vulnerable SDKs or might include other limiting factors," writes Constantin. But the Cisco researchers confirmed that Microsoft Exchange servers (version 2013 and earlier) are affected if they have WebReady Document Viewing enabled. In a blog post the researchers describe how an attacker could exploit these vulnerabilities.

TL;DR version: "Attackers can exploit the flaws to execute rogue code on systems by sending specifically crafted content to applications using the vulnerable OIT SDKs."
Businesses

Salesforce CEO Told LinkedIn He Would Have Paid Much More Than Microsoft (recode.net) 41

Ina Fried, reporting for Recode: It was already known that LinkedIn chose a potentially lower all-cash acquisition offer from Microsoft rather than take on the uncertainties of a stock-and-cash deal from Salesforce. But now it has been revealed that Salesforce might have been willing to go "much higher" than Microsoft's $26.2 billion, or change other terms of its bid, had it been given the chance. In a filing with regulators on Friday, LinkedIn said a board committee met on July 7 to discuss an email from Salesforce CEO Marc Benioff. "The email indicated that Party A would have bid much higher and made changes to the stock/cash components of its offers, but it was acting without communications from LinkedIn," LinkedIn said in the updated filing with the Securities and Exchange Commission.
Advertising

Google Tests Ads That Load Faster and Use Less Power (bbc.co.uk) 56

Slashdot reader Big Hairy Ian quotes a report from the BBC: Google says it has found a way to make ads load faster on web pages viewed on smartphones and tablets. The company said the ads would also be less taxing on the handsets' processors, meaning their batteries should last longer. The technique is based on work it has already done to make news publishers' articles load more quickly. But it is still in development, and one expert said Google still had questions to answer. The California-based company's online advertising revenue totalled $67.4 billion last year...
The technique limits the scope of JavaScript, and "provides its own activity measurement tools, which are said to be much more efficient," according to article. A Google software engineer explains that this technique "only animates things that are visible on the screen," and throttles animation to fewer frames per second for weaker devices -- or disables the animations altogether. "This ensures that every device gets the best experience it can deliver and makes sure that ads cannot have a negative impact on important aspects of the user experience such as scrolling."
Government

Almost Half Of All TSA Employees Have Been Cited For Misconduct (mercurynews.com) 95

Slashdot reader schwit1 writes: Almost half of all TSA employees have been cited for misconduct, and the citations have increased by almost 30 percent since 2013... It also appears that the TSA has been reducing the sanctions it has been giving out for this bad behavior.
Throughout the U.S., the airport security group "has instead sought to treat the misconduct with 'more counseling and letters that explain why certain behaviors were not acceptable'," according to a report from the House Homeland Security Commission, titled "Misconduct at TSA Threatens the Security of the Flying Public". It found 1,206 instances of "neglect of duty", and also cited the case of an Oakland TSA officer who for two years helped smugglers slip more than 220 pounds of marijuana through airport security checkpoints, according to the San Jose Mercury News.

The newspaper adds that "The misconduct ranges from salacious (federal air marshals spending government money on hotel rooms for romps with prostitutes) to downright dangerous (an officer in Orlando taking bribes to smuggle Brazilian nationals through a checkpoint without questioning)." Their conclusion? "The TSA's job is to make airline passengers feel safer and, not incidentally, actually make us safer. It's failing on both."
The Almighty Buck

Maximizing Economic Output With Linear Programming...and Communism (medium.com) 316

Slashdot reader mkwan writes: Economies are just a collection of processes that convert raw materials and labour into useful goods and services. By representing these processes as a series of equations and solving a humongous linear programming problem, it should be possible to maximize an economy's GDP. The catch? The economy needs to go communist.
"[P]oorest members would receive a basic income that gradually increases as the economy becomes more efficient, plateauing at a level where they can afford everything they want to consume," argues the article, while "The middle classes wouldn't see much change. They would continue to work in a regular job for a regular -- but steadily increasing -- wage... Without the ability to own real-estate, companies, or intellectual property, it would be almost impossible to become rich, especially since the only legal source of income would be from a government job."
Republicans

Avast Suckers GOP Delegates Into Connecting To Insecure Wi-Fi Hotspots (theregister.co.uk) 87

Avast conned more than 1,200 people into connecting to fake wi-fi hotspots set up near the Republican convention and the Cleveland airport, using common network names like "Google Starbucks" and "Xfinitywifi" as well as "I vote Trump! free Internet". An anonymous reader quotes this report from The Register: With mobile devices often set to connect to known SSIDs automatically, users can overlook the networks to which they are connecting... Some 68.3 percent of users' identities were exposed when they connected, and 44.5 per cent of Wi-Fi users checked their emails or chatted via messenger apps... In its day-long experiment Avast saw more than 1.6Gbps transferred from more than 1,200 users.
Avast didn't store the data they collected, but they did report statistics on which sites were accessed most frequently. "5.1 percent played Pokemon Go, while 0.7 percent used dating apps like Tinder, Grindr, OKCupid, Match and Meetup, and 0.24 percent visited pornography sites like Pornhub."
Security

Microsoft Rewrites Wassenaar Arms Control Pact To Protect The Infosec Industry (theregister.co.uk) 19

The Wassenaar Arrangement "is threatening to choke the cyber-security industry, according to a consortium of cyber-security companies...supported by Microsoft among others," reports SC Magazine. "'Because the regulation is so overly broad, it would require cyber responders and security researchers to obtain an export license prior to exchanging essential information to remediate a newly identified network vulnerability, even when that vulnerability is capable of being exploited for purposes of surveillance,' wrote Alan Cohn from the CRC on a Microsoft blog." Reporter Darren Pauli contacted Slashdot with this report: If the Wassenaar Arrangement carries through under its current state, it will force Microsoft to submit some 3800 applications for arms export every year, company assistant general counsel Cristin Goodwin says... The Wassenaar Arrangement caught all corners of the security industry off guard, but its full potentially-devastating effects will only be realised in coming months and years... Goodwin and [Symantec director of government affairs] Fletcher are calling on the industry to lobby their agencies to overhaul the dual-use software definition of the Arrangement ahead of a closed-door meeting in September where changes can be proposed.
Programming

Ask Slashdot: When Do You Include 'Unnecessary' Code? (sas.com) 194

"For more than 20 years I've been putting semicolons at the end of programming statements in SAS, C/C++, and Java/Javascript," writes Rick Wicklin, a researcher in computational statistics at SAS. "But lately I've been working in a computer language that does not require semicolons. Nevertheless... I catch myself typing unnecessary semicolons out of habit," he writes, while at other times "I include optional statements in my programs for clarity, readability, or to practice defensive programming." While Wicklin's post is geared towards SAS programming, Slashdot reader theodp writes that the question is a language-agnostic one: ...when to include technically-unnecessary code -- e.g., variable declarations, superfluous punctuation, block constructs for single statements, values for optional parameters that are the defaults, debugging/validation statements, non-critical error handling, explicitly destroying objects that would otherwise be deleted on exit, labeled NEXT statements, full qualification of objects/methods, unneeded code from templates...
He's wondering if other Slashdot readers have trouble tolerating their co-workers' unnecessary codes choices (which he demonstrates with a video clip from Silicon Valley). So leave your answers in the comments. When do you do include 'unnecessary' code in your programs -- and why?
Communications

Tinder Scam Promises Account Verification, But Actually Sells Porn (csoonline.com) 24

itwbennett writes: Tinder users should be on the lookout for Tinder profiles asking them to get "verified" and then sending them a link to a site called "Tinder Safe Dating." The service asks for credit card information, saying this will verify the user's age. Once payment information has been captured, the user is then signed up for a free trial of porn, which will end up costing $118.76 per month unless the service is cancelled. In Tinder's safety guidelines, the company warns users to avoid messages that contain links to third-party websites or ask money for an address.
Classic Games (Games)

Sega Announces Two New Sonic Games That Seek To Recapture The Glory Days (gamespot.com) 35

An anonymous reader writes: In celebration of Sonic the Hedgehog's 25th anniversary, Sega has announced two new Sonic games at Comic-Con in San Diego. The first game is called Sonic Mania and it's a 2D platformer that features visuals and gameplay reminiscent of the classic Genesis games. "It revamps zones and acts from Sonic the Hedgehog, Sonic the Hedgehog 2, Sonic CD, Sonic the Hedgehog 3, and Sonic and Knuckles, in addition to introducing new ones into the fold," writes Mat Paget from GameSpot. The second game has no title [besides "Project Sonic 2017"], but it does have a holiday 2017 release date for PS4, Xbox One, and Nintendo NX consoles. It reportedly features both classic and modern versions of Sonic, similar to 2011's Sonic Generations. Sega made two additional announcements. "Mobile game Sonic Dash has passed 200 million downloads and will receive a special in-game event that adds the Green Hill Zone and Classic Sonic as a playable character," reports GameSpot. "The event only lasts a week, but players can unlock both the classic level and character for use after the event." The second additional announcement is that the animated Sonic Boom series will be renewed for a second season. "Sonic Mania was born out of our fans' love of the classic Sonic 2D platform games,â said Sonic Team head Takashi Iizuka. "This type of collaboration is a first for Sega and we hope everyone will be both surprised and delighted by this title. Sonic Mania has been a passion project for the entire team and we look forward to sharing more details about it later this year. Having the game actually playable at the event itself tonight was testament to the dedication of the team behind it.â
China

CRISPR: Chinese Scientists To Pioneer Gene-Editing Trial On Humans (theguardian.com) 90

An anonymous reader quotes a report from The Guardian: A team of Chinese scientists will be the first in the world to apply the revolutionary gene-editing technique known as CRISPR on human subjects. Led by Lu You, an oncologist at Sichuan University's West China hospital in Chengdu, China, the team plan to start testing cells modified with CRISPR on patients with lung cancer in August, according to the journal Nature. CRISPR is a game-changer in bioscience; a groundbreaking technique which can find, cut out and replace specific parts of DNA using a specially programmed enzyme named Cas9. Its ramifications are next to endless, from changing the color of mouse fur to designing malaria-free mosquitoes and pest-resistant crops to correcting a wide swath of genetic diseases like sickle-cell anaemia in humans. The Sichuan University trial, it is important to note, does not edit the germ-line; its effects will not be hereditary. What the researchers plan to do is enroll patients with metastatic non-small cell lung cancer, Nature reported, and for whom other treatment options -- including chemotherapy and radiotherapy -- have failed. They will then extract immune cells from the patients' blood and use CRISPR to add a new genetic sequence which will help the patient's immune system target and destroy the cancer. The cells will then be re-introduced into the patients' bloodstream. The Guardian does note that CRISPR was approved for human trials in the U.S., but if it begins on schedule in August the Sichuan University study will beat them to the punch of being the first of its kind.
Businesses

Cyanogen Inc. Reportedly Fires OS Development Arm, Switches To Apps (arstechnica.com) 109

An anonymous reader writes: Android Police is reporting that the Android software company Cyanogen Inc. will be laying off 20 percent of its workforce, and will transition from OS development to applications. The Android Police report says "roughly 30 out of the 136 people Cyanogen Inc. employs" are being cut, and that the layoffs "most heavily impact the open source arm" of the company. Android Police goes on to say that CyanogenMod development by Cyanogen Inc "may be eliminated entirely." Ars Technica notes the differences between each "Cyanogen" branding. Specifically, CyanogenMod is a "free, open source, OS heavily based on Android and compatible with hundreds of devices," while Cyanogen Inc. is "a for-profit company that aims to sell Cyanogen OS to OEMs." It appears that many of the core CyanogenMod developers will no longer be paid to work on CyanogenMod, though the community is still free to develop the software." Android Police details the firing process in their report: "Layoffs reportedly came after a long executive retreat for the company's leaders and were conducted with no advanced notice. Employees who were not let go were told not to show up to work today. Those who did show up were the unlucky ones: they had generic human resources meetings rather ominously added to their calendars last night. So, everyone who arrived at Cyanogen Inc. in Seattle this morning did so to lose their job (aside from those conducting the layoffs)." Early last year, Microsoft invested in a roughly $70 million round of equity financing for the then-startup Cyanogen Inc. Not too long before that, Google tried to acquire Cyanogen Inc., but the company turned down Google's offer to seek funding from investors and major tech companies at a valuation of around $1 billion. Cyanogen Inc. CEO Kirt McMaster once said the company was "attempting to take Android away from Google" and that it was "putting a bullet through Google's head."
Security

Auto Industry Publishes Its First Set of Cybersecurity Best Practices (securityledger.com) 37

chicksdaddy quotes a report from Security Ledger: The Automotive industry's main group for coordinating policy on information security and "cyber" threats has published a "Best Practices" document, giving individual automakers guidance on implementing cybersecurity in their vehicles for the first time. The Automotive Information Sharing and Analysis Center (ISAC) released the Automotive Cybersecurity Best Practices document on July 21st, saying the guidelines are for auto manufacturers as well as their suppliers. The Best Practices cover organizational and technical aspects of vehicle cybersecurity, including governance, risk management, security by design, threat detection, incident response, training, and collaboration with appropriate third parties. Taken together, they move the auto industry closer to standards pioneered decades ago and embraced by companies like Microsoft. They call on automakers to design software to be secure from the ground up and to take a sober look at risks to connected vehicles as part of the design process. Automakers are urged to test for and respond to software vulnerabilities, to develop methods for assessing and fixing security vulnerabilities, to create training programs, promote cybersecurity awareness for both information technology and vehicle specific risks, and educate employees about security awareness. The document comes after a Kelly Blue Book survey that found that 62% of drivers think "connected cars will be hacked," and that 42% say they "want cars to be more connected."
Democrats

Hillary Clinton Chooses Virginia Sen. Tim Kaine As Running Mate (go.com) 322

An anonymous reader quotes a report from ABC News: Virginia Sen. Tim Kaine has been chosen as Hillary Clinton's running mate -- a man she called a "relentless optimist" who "devoted his life to fighting for others." Kaine has long been considered to be at the top of Clinton's short list. He was previously vetted for the vice presidency by Barack Obama in 2008. Kaine was an early supporter of Clinton's, appearing at a "Ready for Hillary" breakfast in May 2014 where he urged her to enter the 2016 presidential race. Kaine told NBC in June that he "encouraged her to run in May of 2014, because I could telescope forward and see some of the challenges that this nation would be facing. And I decided that by reason of character, by reason of background, and experience, but also especially by reason of results, she would be the most qualified person to be president in January of 2017." Prior to being elected to the Senate, Kaine served as governor and lieutenant governor of Virginia. In 2009, President Obama picked Kaine to lead the Democratic National Committee. Last week, Republican presidential nominee Donald Trump announced Mike Pence as his VP running mate.
Businesses

VW Has Emissions-Cheating Fix Ready, Says Report (pressherald.com) 58

An anonymous reader writes from a report via Portland Press Herald: Volkswagen plans to fix the engines that were rigged to cheat on emissions tests by updating computer software and installing a larger catalytic converter to trap harmful nitrogen oxide, according to two dealers who were briefed by executives on the matter. The dealers said that limited details of the plan were made public last week at a regional dealer meeting in Newark, New Jersey, by Volkswagen of America Chief Operating Officer Mark McNabb. Portland Press Herald reports: "One dealer said the group was told that early testing of a small sample of repaired cars showed that the fix made 'no discernible difference' in the cars' mileage, horsepower or torque. Both dealers said they were told that more testing was needed and that the plans still had to be approved by the U.S. Environmental Protection Agency and the California Air Resources Board. One of the dealers said the so-called 'Generation 1' diesels -- about 325,000 VW Jettas, Golfs, Passats and Beetles from the 2009 to 2014 model years – would get new software and bigger catalytic converters in January or February of next year. About 90,000 'Generation 2' Passats already have sufficient emissions systems and would get only a software update early next year. Another 67,000 'Generation 3' 2015 models would get software in October and would get additional hardware a year later, the dealer said. Dealers also were told that they'd be reimbursed by VW for sales losses due to the scandal, and that new vehicles are coming." Last month, Volkswagen agreed to a record $14.7 billion settlement over the emissions cheating.
Government

Issa Bill Would Kill A Big H-1B Loophole (computerworld.com) 228

ErichTheRed writes: This isn't perfect, but it is the first attempt I've seen at removing the "body shop" loophole in the H-1B visa system. A bill has been introduced in Congress that would raise the minimum wage for an H-1B holder from $60K to $100K, and place limits on the body shop companies that employ mostly H-1B holders in a pass-through arrangement. Whether it's enough to stop the direct replacement of workers, or whether it will just accelerate offshoring, remains to be seen. But, I think removing the most blatant and most abused loopholes in the rules is a good start. "The high-skilled visa program is critical to ensuring American companies can attract and retain the world's best talent," said Issa in a statement. "Unfortunately, in recent years, this important program has become abused and exploited as a loophole for companies to replace American workers with cheaper labor from overseas."

Slashdot Top Deals