Jim Efaw - Slashdot User

Submission + - SPAM: Confusing software interface makes Citibank dump $500M

Submitted by Jim Efaw on Thursday February 18, 2021 @04:04AM

Jim Efaw writes: Due to a non-intuitive input screen and a couple of ambiguous confirmation prompts, Citibank software accidentally paid $900 million of a corporate client's loans early and in full, down to the penny. Lenders refused to give $500 million of it back, and Citi sued them. This week, a judge ruled that in New York, if you pay off a debt accidentally and the creditor doesn't know it's wrong at the moment it arrives, then it's a legit payment and the creditor doesn't have to advance the money again. So it looks like Citi's out $500M, unless they can make arrangements with their client: But the client is Revlon, who doesn't have that kind of cash right now, hence the loans.

Longer reading: Court order from case 1:20-cv-06539-JMF in the Southern District of New York; the lenders still have hold onto the cash until appeals are done.
Link to Original Source

Submission + - Maryland To Become First State To Tax Online Ads Sold By Facebook And Google. (npr.org)

Submitted by schwit1 on Wednesday February 17, 2021 @06:18PM

schwit1 writes: With a pair of votes, Maryland can now claim to be a pioneer: it's the first place in the country that will impose a tax on the sale of online ads.

The House of Delegates and Senate both voted this week to override Gov. Larry Hogan's veto of a bill passed last year to levy a tax on online ads. The tax will apply to the revenue companies like Facebook and Google make from selling digital ads, and will range from 2.5% to 10% per ad, depending on the value of the company selling the ad. (The tax would only apply to companies making more than $100 million a year.)

Proponents say the new tax is simply a reflection of where the economy has gone, and an attempt to have Maryland's tax code catch up to it. The tax is expected to draw in an estimated $250 million a year to help fund an ambitious decade-long overhaul of public education in the state that's expected to cost $4 billion a year in new spending by 2030. (Hogan also vetoed that bill, and the Democrat-led General Assembly also overrode him this week.)

Still, there remains the possibility of lawsuits to stop the tax from taking effect; Maryland Attorney General Brian Frosh warned last year that "there is some risk" that a court could strike down some provisions of the bill over constitutional concerns.

Submission + - Kia Motors America suffers ransomware attack (bleepingcomputer.com) 1

Submitted by Anonymous Coward on Wednesday February 17, 2021 @03:36PM

An anonymous reader writes: It's no surprise to anyone trying to use Kia's UVO Remote Start (on the coldest week of the year) that it's down. Mine hasn't worked since Friday afternoon. Today I learned that this is due to a data breach and ransomware attack. They are demanding about 404 bitcoin for the data (roughly $20 million), and the ransom goes up to 600 bitcoin if not paid in time (that's roughly $30 million!).

Submission + - Spy pixels in emails have become endemic (bbc.com)

Submitted by AmiMoJo on Wednesday February 17, 2021 @07:10AM

AmiMoJo writes: The use of "invisible" tracking tech in emails is now "endemic", according to a messaging service that analysed its traffic at the BBC's request. Hey's review indicated that two-thirds of emails sent to its users' personal accounts contained a "spy pixel", even after excluding for spam. Its makers said that many of the largest brands used email pixels, with the exception of the "big tech" firms. Defenders of the trackers say they are a commonplace marketing tactic. And several of the companies involved noted their use of such tech was mentioned within their wider privacy policies.

Tracking pixels are typically a .GIF or .PNG file that is as small as 1x1 pixels, which is inserted into the header, footer or body of an email. Since they often show the colour of the content below, they can be impossible to spot with the naked eye even if you know where to look. Recipients do not need to click on a link or do anything to activate them beyond open an email they are embedded in. British Airways, TalkTalk, Vodafone, Sainsbury's, Tesco, HSBC, Marks & Spencer, Asos and Unilever are among UK brands Hey detected to be using them.

Submission + - France passes disputed law on online hate speech (dw.com) 2

Submitted by AmiMoJo on Thursday May 14, 2020 @08:28AM

AmiMoJo writes: Under a new law in France, Facebook, Twitter, YouTube and similar online platforms will need to remove illegal content quickly or face large fines. Some critics say the law puts private companies in charge of policing speech. Legislation that passed the National Assembly on Wednesday gives platforms a one-hour deadline to remove terrorism and pedophilia-related content after being instructed to do so by the authorities. If the companies fail to comply, they can face fines of up to 4% of their global revenue.

When it comes to other "manifestly illicit" — such as hate speech, racist comments, or religious bigotry — the companies would be required to remove it within 24 hours of it being reported by the users. The law seeks to "induce responsibility" from the creators of online platforms who argue "that the tool they themselves have created is uncontrollable," Justice Minister Nicole Belloubet told lawmakers on Wednesday. The law also sets up a prosecutor specialized in digital content and a government unit to observe online hate speech.

Submission + - Researchers Are Liberating Thousands of Pages of Forgotten Hacking History (vice.com)

Submitted by Anonymous Coward on Friday May 10, 2019 @03:19PM

An anonymous reader writes: A journalist and a security researchers are sending dozens of FOIA requests to the US government to get documents about hacking incidents and famous hacker groups.

Submission + - After city switched to a new bodycam vendor, Axon threatened its credit score (muckrock.com) 1

Submitted by v3rgEz on Thursday May 09, 2019 @01:04PM

v3rgEz writes: The deal Fontana Police Department struck with Axon sounded simple enough: a trial of five inexpensive body cameras and, for each of them, a Professional subscription to the company’s cloud storage system. But then after dropping the Taser manufacturer's cloud services, the city of Fontana, California faced a choice: Pay for cloud services its police department didn’t use or risk its credit score.

Comment Windows Server and Network Solutions (Score 5, Informative) 470

by Jim Efaw on Tuesday October 13, 2015 @05:34PM (#50721137) Attached to: Clinton Home Servers Had Ports Open

I hope she was using Windows, we all know how hardened that is.

Not only was she running Windows Server (according to the AP article), but she was using Network Solutions for her registrar, even after the U.S. Postal Service and several other large institutions had their NetSol domains slammed to a registrar in the British Virgin Islands against their will; and for some reason the clintonemail.com IP address was changed to that same company in 2011. (This, of course, years and years after anyone with tech experience had dropped Network Solutions.)

Submission + - Clinton home servers had ports open

Submitted by Jim Efaw on Tuesday October 13, 2015 @03:35PM

Jim Efaw writes: Hillary Clinton's home servers had more than just the e-mail ports open directly to the Internet. The Associated Press discovered, by using scanning results from 2012 "widely available online", that the clintonemail.com server also had the RDP port open; another machine on her network had the VNC port open, and another one had a web server open even though it didn't appear to be configured for a real site. Clinton previously said that her server featured "numerous safeguards", but hasn't explained what that means. Apparently, requiring a VPN wasn't one of them.

Submission + - 802.11ac WiFi Router Round-Up Tests Broadcom XStream Platform Performance (hothardware.com)

Submitted by MojoKid on Tuesday October 13, 2015 @03:12PM

MojoKid writes: Wireless routers are going through somewhat of a renaissance right now, thanks to the arrival of the 802.11ac standard that is "three times as fast as wireless-N" and the proliferation of Internet-connected devices in our homes and pockets. So, what is the big deal with AC and should you care? First off, it's backwards compatible with all previous standards and whereas 802.11n was only able to pump out 450Mb/s of total bandwidth, 802.11ac is capable of transmitting at up to 1,300Mbps on a 5GHz channel. AC capabilty is only available on the 5GHz channel, which has fewer devices on it than a typical 2.4GHz channel. The trade-off is that 5GHz signals typically don't travel as far as those on the 2.4GHz channel. However, 802.11ac makes up for it with a technology named Beamforming, which allows it to figure out where devices are located and amplify the signal in their direction instead of just broadcasting in all directions like 802.11n. Also, while 802.11n supports only four streams of data, 802.11ac supports up to eight streams on channels that are twice as wide. HotHardware's AC Router round-up takes a look at four flagship AC routers from ASUS, TRENDnet, D-Link and Netgear. All are AC3200 routers that use the new Broadcom XStream 5G platform. Netgear's Nighthawk X6 tends to offer the best balance of performance in various use cases, along with some killer good looks. However, all models performed similarly, with subtle variances in design, features and pricing left to diffentiate them from one another.

Comment basic tips for legitimate domain holders (Score 1) 108

by Jim Efaw on Saturday July 04, 2015 @06:35PM (#50045505) Attached to: Ask Slashdot: What Is the Best Way To Hold Onto Your Domain?

As you've implied, but just to make it clear: It's not legitimate for someone to declare your domain's death in absentia just because they can't see anything new and cute. The domain name system was not invented for website addresses in the first place; it was invented to let people assign their own names for computers, and it's nobody's business whether they can see your list of zero or a million computers that are also none of their business. That being said, I'll mention a few tips to defend your domain against self-serving grabby types:

As long as you already have web hosting anyway, just make sure there's a homepage that mentions that the domain really is in use. It doesn't have to have images or anything fancy at all; just enough to let people know that someone is paying attention if they pull any tricks. Maybe mention that it's been in use since 2001, to indirectly discourage anyone from thinking that a typosquatting case is going to be in their favor. In any case, it will get the point across that you're not a squatter.
If you ever get tired of paying for hosting, some registrars (like Gandi) will host a redirect or a simple 1-page or 3-page site of your own content for free (not just placeholder spam for their own company). That's enough to tell grabby types to move along and stay off your lawn.
If you think someone might actually try to impersonate you to hijack your registration (either by registrar move, transfer of ownership, or "updating" your contact information to theirs), have your domain registrar add protective EPP flags for your domain. You have to go through the extra step of having those turned back off later if you really want to transfer or early-delete your domain name. Some of them:
- clientDeleteProhibited and clientTransferProhibited: These stop your domain from being dropped or moved to another registrar where the attacker already has their own control in place. (Some registrars may already have them turned on.)
- clientUpdateProhibited: If you think you're under active attack, you might ask for this; it usually means you can't even change which nameservers the domain uses, without asking for the flag to be removed first.
- serverDeleteProhibited, serverTransferProhibited, serverUpdateProhibited: These are "super" versions of the above, but you probably don't want them unless someone is aggressively trying to steal your domain. Adding and removing them on your own request means that you have to ask your registrar, then the registrar has to forward the request to the top-level domain registry, who then has to add or remove the flags.
While you're playing with your domain registration: Make sure your registration contact information is good enough that your registrar can actually reach you if something goes wrong. Strictly speaking, someone can file a whois data complaint against a domain, claiming the contact data is phony, and then the registrar has to make sure they can contact someone who will still claim control of the domain.

Submission + - OpenDNS Guide redirection ends Friday

Submitted by Jim Efaw on Sunday June 01, 2014 @03:58AM

Jim Efaw writes: Tired of the OpenDNS Guide surprise from website-unavailable.com when you go to an old link or a typo from some ISPs? Relief is at hand: On June 6, 2014, OpenDNS will stop redirecting dead hostnames to Guide and its ads; the OpenDNS Guide itself will shut down sometime afterwards. OpenDNS nameservers will start returning normal NXDOMAIN and SERVFAIL messages instead. Phishing protection and optional parental controls will still stay in place.

Submission + - SeaWorld canvasses employees for online poll

Submitted by Jim Efaw on Friday January 03, 2014 @01:30PM

Jim Efaw writes: Probably just par for the course these days: Orlando Business Journal held an online poll asking "Has CNN's 'Blackfish' documentary changed your perception of SeaWorld?" (a show that was previously discussed on Slashdot). SeaWorld decided to respond by going to "team members" and "encourage them to make their opinions known". 54% of votes cast were from the same SeaWorld IP address. Turns out that even without that IP, less than 10% had said it changed their perception, but no word on whether the other voters were just SeaWorld staff from somewhere else. Since the canvassing story broke, however, the votes have gone heavily towards "Yes". (I don't suppose having it on Slashdot will help, either.)

Comment Daffy Khadaffy's precious bodily fluids (Score 1) 126

by Jim Efaw on Monday February 28, 2011 @07:52PM (#35342954) Attached to: Cracks Showing in the Libyan Firewall?

I would be worrying about my precious bodily fluids, not the internet.

He's been doing that quite enough. The whole time he's been in power, or at least the last 30 years or so, he has been obsessed with people being doped up, given alcohol, or otherwise polluted. A few days ago, he told the public to avoid any milk or Nescafe from the areas in rebellion because they had been spiked with hallucinogens.

Comment Re:Persistent myth? (Score 1) 705

by Jim Efaw on Monday February 21, 2011 @05:07PM (#35271858) Attached to: Why You Shouldn't Reboot Unix Servers

"It's a persistent myth that only the beating of tom-toms restores the sun after an eclipse. But is that really true?"

Odd: that's pretty much the intro line to well over a third of all programming on History Channel in the U.S. now. (Another third is historic battles recreated as computer animations with some guy talking about equipment like it was a football game; the rest is people selling crap someone had in their basement, which is about as close to actual history as they get now.) Watch for a revealing look (except not) at the life of Unix admins next season: The Admin's Book of Secrets.

Slashdot Top Deals