Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Transportation

FAA Warns More Drones Are Flying Near Airports (fortune.com) 7

Between February and September of 2016, there were 1,274 reports of drones near airports -- versus just 874 for the same period in 2015, according to newly-released FAA research. "The report detailed more than 1,200 incidents of airplane pilots, law enforcement, air traffic controllers, and U.S. citizens reporting drones flying in places they shouldn't," writes Fortune. An anonymous reader quotes their report: One of takeaway of the report was that while the FAA has received several reports from pilots that drones may have hit their aircraft, the administration was unable to verify any such claim. "Every investigation has found the reported collisions were either birds, impact with other items such as wires and posts, or structural failure not related to colliding with an unmanned aircraft," the FAA said in a statement... Although a drone hasn't smashed into an airplane yet, the FAA "wants to send a clear message that operating drones around airplanes and helicopters is dangerous and illegal. Unauthorized operators may be subject to stiff fines and criminal charges, including possible jail time," the FAA said.
Bug

Severe IE 11 Bug Allows 'Persistent JavaScript' Attacks (bleepingcomputer.com) 35

An anonymous reader writes: New research published today shows how a malicious website owner could show a constant stream of popups, even after the user has left his site, or even worse, execute any kind of persistent JavaScript code while the user is on other domains. In an interview, the researcher who found these flaws explains that this flaw is an attacker's dream, as it could be used for: ad fraud (by continuing to load ads even when the user is navigating other sites), zero-day attacks (by downloading exploit code even after the user has left the page), tech support scams (by showing errors and popups on legitimate and reputable sites), and malvertising (by redirecting users later on, from other sites, even if they leave the malicious site too quickly).

This severe flaw in the browser security model affects only Internet Explorer 11, which unfortunately is the second most used browser version, after Chrome 55, with a market share of over 10%. Even worse for IE11 users, there's no fix available for this issue because the researcher has decided to stop reporting bugs to Microsoft after they've ignored many of his previous reports. For IE11 users, a demo page is available here.

Nintendo

$10K Package Of Super Nintendo Games Finally Found By Post Office (eurogamer.net) 81

A project to preserve (and validate) every Super Nintendo game ROM had been derailed when the post office lost a package containing 100 games from the PAL region. But now Byuu, the creator of the Higan SNES emulator, reports that the package has been found. An anonymous reader writes: Thursday Byuu finally posted photos of the unboxing for the package that was shipped to him January 5th. "I'd like to offer my sincerest apologies to the USPS for assuming the worst in that these games were stolen. I should not have been so hasty to assume malicious intent." At the same time, Byuu writes that "My package was sitting in Atlanta, GA for well over a month with my address clearly visible right on the box. Had this case not been escalated to the media, it likely would have gone up for auction in a bin with other electronics sometime in March."

Byuu is now refunding donations he'd received to replace the missing games, and says he can now also resume work on the SNES Preservation Project. And going forward, according to Eurogamer, "Byuu has said he will be more cautious with shipping games in the future -- only using smaller shipments, or buying individual games to scan and archive then selling them on to get some money back."

Social Networks

Are Your Slack Conversations Really Private and Secure? (fastcompany.com) 45

An anonymous reader writes: "Chats that seem to be more ephemeral than email are still being recorded on a server somewhere," reports Fast Company, noting that Slack's Data Request Policy says the company will turn over data from customers when "it is compelled by law to do so or is subject to a valid and binding order of a governmental or regulatory body...or in cases of emergency to avoid death or physical harm to individuals." Slack will notify customers before disclosure "unless Slack is prohibited from doing so," or if the data is associated with "illegal conduct or risk of harm to people or property."

The article also warns that like HipChat and Campfire, Slack "is encrypted only at rest and in transit," though a Slack spokesperson says they "may evaluate" end-to-end encryption at some point in the future. Slack has no plans to offer local hosting of Slack data, but if employers pay for a Plus Plan, they're able to access private conversations.

Though Slack has 4 million users, the article points out that there's other alternatives like Semaphor and open source choices like Wickr and Mattermost. I'd be curious to hear what Slashdot readers are using at their own workplaces -- and how they feel about the privacy and security of Slack?
Security

Java and Python FTP Attacks Can Punch Holes Through Firewalls (csoonline.com) 14

"The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks," reports CSO Online. itwbennett writes: Last weekend security researcher Alexander Klink disclosed an interesting attack where exploiting an XML External Entity vulnerability in a Java application can be used to send emails. At the same time, he showed that this type of vulnerability can be used to trick the Java runtime to initiate FTP connections to remote servers. After seeing Klink's exploit, Timothy Morgan, a researcher with Blindspot Security, decided to disclose a similar attack that works against both Java's and Python's FTP implementations. "But his attack is more serious because it can be used to punch holes through firewalls," writes Lucian Constantin in CSO Online.
"The Java and Python developers have been notified of this problem, but until they fix their FTP client implementations, the researcher advises firewall vendors to disable classic mode FTP translation by default..." reports CSO Online. "It turns out that the built-in implementation of the FTP client in Java doesn't filter out special carriage return and line feed characters from URLs and actually interprets them. By inserting such characters in the user or password portions of an FTP URL, the Java FTP client can be tricked to execute rogue commands..."
Businesses

Al Gore Sells $29.5 Million In Apple Stock (appleinsider.com) 121

An anonymous reader quotes a report from AppleInsider: A U.S. Securities and Exchange Commission filing on Friday reveals Apple board member Al Gore this week sold 215,437 shares of Apple stock (APPL) worth about $29.5 million. Gore's stock sale, which was accomplished in multiple trades ranging from $136.4 to $137.12 on Wednesday, nearly matches a $29.6 million purchase of Apple shares made in 2013. When Gore bought the stock batch more than four years ago, he exercised Apple's director stock option to acquire 59,000 shares at a price of about $7.48 per share, costing him approximately $441,000. This was pre-split AAPL, so shares were valued at $502.68 each. Following today's sale, Gore owns 230,137 shares of Apple stock worth $31.5 million at the end of trading on Friday.
Education

Arizona Bill Would Make Students In Grades 4-12 Participate Once In An Hour of Code (azpbs.org) 111

theodp writes: Christopher Silavong of Cronkite News reports: "A bill, introduced by [Arizona State] Sen. John Kavanagh [R-Fountain Hills] would mandate that public and charter schools provide one hour of coding instruction once between grades 4 to 12. Kavanagh said it's critical for students to learn the language -- even if it's only one session -- so they can better compete for jobs in today's world. However, some legislators don't believe a state mandate is the right approach. Senate Bill 1136 has passed the Senate, and it's headed to the House of Representatives. Kavanagh said he was skeptical about coding and its role in the future. But he changed his mind after learning that major technology companies were having trouble finding domestic coders and talking with his son, who works at a tech company." According to the Bill, the instruction can "be offered by either a nationally recognized nonprofit organization [an accompanying Fact Sheet mentions tech-backed Code.org] that is devoted to expanding access to computer science or by an entity with expertise in providing instruction to pupils on interactive computer instruction that is aligned to the academic standards."
Earth

Scientists Teach Bees How To Play Soccer (smithsonianmag.com) 62

Clint Perry, a biologist who studies the evolution of cognition in insects at Queen Mary University of London, and his colleagues have released the results of a creative new experiment in which they essentially taught bumblebees how to play "bee soccer." "The insects' ability to grasp this novel task is a big score for insect intelligence, demonstrating that they're even more complex thinkers than we thought," reports Smithsonian. From the report: For the study, published in the February 23 issue of Science, researchers gave a group of bees a novel goal (literally): to move a ball about half their size into a designated target area. The idea was to present them with a task that they would never have encountered in nature. Not only did the bees succeed at this challenge -- earning them a sugary treat -- but they astonished researchers by figuring out how to meet their new goal in several different ways. Some bees succeeded at getting their ball into the goal with no demonstration at all, or by first watching the ball move on its own. But the ones that watched other bees successfully complete the game learned to play more quickly and easily. Most impressively, the insects didn't simply copy each other -- they watched their companions do it, then figured out on their own how to accomplish the task even more efficiently using their own techniques. The results show that bees can master complex, social behaviors without any prior experience -- which could be a boon in a world where they face vast ecological changes and pressures.
Medicine

Fasting Diet 'Regenerates Diabetic Pancreas' (bbc.com) 130

According to a new study published in the journal Cell, a certain type of fasting diet can trigger the pancreas to regenerate itself. Of course, the researchers advise people not to try this without medical advice. BBC reports: In the experiments, mice were put on a modified form of the "fasting-mimicking diet." It is like the human form of the diet when people spend five days on a low calorie, low protein, low carbohydrate but high unsaturated-fat diet. It resembles a vegan diet with nuts and soups, but with around 800 to 1,100 calories a day. Then they have 25 days eating what they want -- so overall it mimics periods of feast and famine. Previous research has suggested it can slow the pace of aging. But animal experiments showed the diet regenerated a special type of cell in the pancreas called a beta cell. These are the cells that detect sugar in the blood and release the hormone insulin if it gets too high. There were benefits in both type 1 and type 2 diabetes in the mouse experiments. Type 1 is caused by the immune system destroying beta cells and type 2 is largely caused by lifestyle and the body no longer responding to insulin. Further tests on tissue samples from people with type 1 diabetes produced similar effects.
The Courts

Appeals Court: You Have the Right To Film the Police (arstechnica.com) 135

An anonymous reader quotes a report from Ars Technica: A divided federal appeals court is ruling for the First Amendment, saying the public has a right to film the police. But the 5th U.S. Circuit Court of Appeals, in upholding the bulk of a lower court's decision against an activist who was conducting what he called a "First Amendment audit" outside a Texas police station, noted that this right is not absolute and is not applicable everywhere. The facts of the dispute are simple. Phillip Turner was 25 in September 2015 when he decided to go outside the Fort Worth police department to test officers' knowledge of the right to film the police. While filming, he was arrested for failing to identify himself to the police. Officers handcuffed and briefly held Turner before releasing him without charges. Turner sued, alleging violations of his Fourth Amendment right against unlawful arrest and detention and his First Amendment right of speech. The 2-1 decision Thursday by Judge Jacques Wiener is among a slew of rulings on the topic, and it provides fresh legal backing for the so-called YouTube society where people are constantly using their mobile phones to film themselves and the police. A dissenting appellate judge on the case -- Edith Brown Clement -- wrote Turner was not unlawfully arrested and that the majority opinion from the Texas-based appeals court jumped the gun to declare a First Amendment right here because one "is not clearly established."
The Courts

ZeniMax Files Injunction To Stop Oculus From Selling VR Headsets (gamespot.com) 73

ZeniMax, the parent company of Fallout and Skyrim developer Bethesda, has filed for an injunction against virtual-reality company Oculus over the recent stolen technology case. The company had accused Oculus of stealing VR-related code, and was subsequently awarded $500 million by a Dallas court earlier this month. ZeniMax has now filed additional papers against Oculus, requesting that Oculus' products using the stolen code be removed from sale. GameSpot reports: Specifically, ZeniMax is seeking to block sales of its mobile and PC developer kits, as well as technology allowing the integration of Oculus Rift with development engines Unreal and Unity, reports Law360. If the injunction isn't granted, ZeniMax wants a share of "revenues derived from products incorporating its intellectual properties," suggesting a 20 percent cut for at least 10 years. ZeniMax argues the previous settlement of $500 million is "insufficient incentive for [Oculus] to cease infringing." Oculus, meanwhile, says that "ZeniMax's motion does not change the fact that the [original] verdict was legally flawed and factually unwarranted. We look forward to filing our own motion to set aside the jury's verdict and, if necessary, filing an appeal that will allow us to put this litigation behind us," the virtual reality company stated.
Displays

Slashdot Asks: Are Curved TVs Worth It? (cnet.com) 145

New submitter cherishjoo shares a report written by David Katzmaier via CNET: When the first curved TVs appeared more than three years ago I asked whether they were a gimmick. As a TV reviewer I had to give the curve a fighting chance, however, so I took a curved Samsung home to live with my family for awhile, in addition to subjecting it to a full CNET review. In the end, I answered my own question with the headline "Great picture quality, but the curved screen is a flat-out gimmick." Since then most of the video geeks I know, including just about everybody I hear from on Twitter, Facebook and article comments, pooh-poohs curved TV screens as a useless distraction. A curved TV takes the traditional flat screen and bends it along a gentle arc. The edges end up a bit closer, ostensibly providing a slight wraparound effect. Curved TV makers, citing huge curved screens like IMAX, call their sets more "immersive" than their flat counterparts, but in my experience that claim doesn't hold water at in-home (as opposed to theatrical) screen sizes and viewing distances. The only real image-quality benefit I saw to the curve was a reduction in reflections in some cases. That benefit wasn't worth the slight geometric distortions introduced by the curve, not to mention its awkwardness when hung on the wall. That said, the curve doesn't ruin an otherwise good picture. In TVs, assuming similar prices, curved vs. flat boils down to a choice of aesthetics. As Katzmaier mentioned, curved TVs have been on the market for several years now, and while manufacturers continue to produce them, the verdict on whether or not the pros outweigh the cons is still murky. Here's our question for you: Are curved televisions worth the inflated price tag? If you are in the market for a new TV, does the fact that the display is curved entice you or steer you away?
Botnet

World's Largest Spam Botnet Adds DDoS Feature (bleepingcomputer.com) 24

An anonymous reader writes from a report via BleepingComputer: Necurs, the world's largest spam botnet with nearly five million infected bots, of which one million are active each day, has added a new module that can be used for launching DDoS attacks. The sheer size of the Necurs botnet, even in its worst days, dwarfs all of today's IoT botnets. The largest IoT botnet ever observed was Mirai Botnet #14 that managed to rack up around 400,000 bots towards the end of 2016 (albeit the owner of that botnet has now been arrested). If this new feature were to ever be used, a Necurs DDoS attack would easily break every DDoS record there is. Fortunately, no such attack has been seen until now. Until now, the Necurs botnet has been seen spreading the Dridex banking trojan and the Locky ransomware. According to industry experts, there's a low chance we'd see the Necurs botnet engage in DDoS attacks because the criminal group behind the botnet is already making too much money to risk exposing their full infrastructure in DDoS attacks.
Government

FCC To Halt Rule That Protects Your Private Data From Security Breaches (arstechnica.com) 109

According to Ars Technica, "The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers' personal information." From the report: The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCC's new Republican majority. The privacy order's data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening. The data security rule requires ISPs and phone companies to take "reasonable" steps to protect customers' information -- such as Social Security numbers, financial and health information, and Web browsing data -- from theft and data breaches. The rule would be blocked even if a majority of commissioners supported keeping them in place, because the FCC's Wireline Competition Bureau can make the decision on its own. That "full commission vote on the pending petitions" could wipe out the entire privacy rulemaking, not just the data security section, in response to petitions filed by trade groups representing ISPs. That vote has not yet been scheduled. The most well-known portion of the privacy order requires ISPs to get opt-in consent from consumers before sharing Web browsing data and other private information with advertisers and other third parties. The opt-in rule is supposed to take effect December 4, 2017, unless the FCC or Congress eliminates it before then. Pai has said that ISPs shouldn't face stricter rules than online providers like Google and Facebook, which are regulated separately by the Federal Trade Commission. Pai wants a "technology-neutral privacy framework for the online world" based on the FTC's standards. According to today's FCC statement, the data security rule "is not consistent with the FTC's privacy standards."
Data Storage

Toshiba Plans To Ship a 1TB Flash Chip To Manufacturers This Spring (computerworld.com) 22

Lucas123 writes: Toshiba has begun shipping samples of its third-generation 3D NAND memory product, a chip with 64 stacked flash cells that it said will enable a 1TB chip shipping later this spring. The new flash memory product has 65% greater capacity than the previous generation technology, which used 48 layers of NAND flash cells. The chip will be used in data centers and consumer SSD products. The technology announcement comes even as suitors are eyeing buying a majority share of the company's memory business. Along with a previous report about Western Digital, Foxxcon, SK Hynix and Micron Technology have now also thrown their hats in the ring to purchase a majority share in Toshiba's memory spin-off, according to a new report in the Nikkei's Asian Review.

Slashdot Top Deals