Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Homeland Security Committee Chair Says Crypto Backdoors Would Hurt U.S. Economy

Trailrunner7 writes: Rep. Michael McCaul, the chairman of the House Committee on Homeland Security, said forcing vendors to install backdoors or intentionally weakened encryption in their products is not the solution to the disagreement over law enforcement access to encrypted devices and said there needs to be international standards for how the problem is handled.

“The easy knee-jerk solution I thought was let’s just put a back door in everyone’s iPhone that law enforcement can access. Simple, makes sense,” McCaul said.

“Putting in a back door isn’t the solution. People don’t the government to have access to their data. The government wasn’t asking Apple to put in codes to create a vulnerability that would kill their product. We think there’s a better way and a better solution to doing that.”

McCaul also said that pressure from the U.S. government to insert backdoors could drive tech companies to take their operations out of the country.

“I don’t see it as privacy versus security. I see it as security versus security,” he said. “I don’t want to weaken encryption and drive these companies offshore.”
Government

Poll Who won the first US Presidential Debate of 2016? 39

Looks like someone has already voted from this IP. If you would like to vote please login and try again.

0
Percentage of others that also voted for:

Submission + - Latest DDoS Attack Dwarfs Krebs Takedown At Nearly 1Tbps, Driven By 150K Devices (hothardware.com) 1

MojoKid writes: If you thought that the massive DDoS attack earlier this month on Brian Krebs' security blog was record-breaking, take a look at what just happened to France-based hosting provider OVH. OVH was the victim of a wide-scale DDoS attack that was carried via network of over 152,000 IoT devices. According to OVH founder and CTO Octave Klaba, the DDoS attack reached nearly 1 Tbps at its peak. Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs. Many of these types devices' network settings are improperly configured, which leaves them ripe for the picking for hackers that would love to use them to carry our destructive attacks.The DDoS peaked at 990 Gbps on September 20th thanks to two concurrent attacks, and according to Klaba, the original botnet was capable of a 1.5 Tbps DDoS attack if each IP topped out at 30 Mbps. This massive DDoS campaign was directed at Minecraft servers that OHV was hosting.

Comment Re:Seriously...music off YouTube...? (Score 1) 243

Well, when I was 16-24yrs, I was into and enjoyed high fidelity stereo....my friends all did as well.

Er, not unless your parents and friends' parents were very well off, or all of them were in the military and bought their equipment duty-free in Asia you didn't. Before digital, in America a high fidelity stereo (let alone quadraphonic system) would cost your a couple grand.

I used to have an audiophile-quality system I bought stationed in Thailand, but it was stolen in a burglary. I have a pair of JBLs now, three way with twelve inch woofers. I miss my old stereo.

But I rip from YouTube occasionally, and rip from KSHE every Sunday night when they play six full albums. With Windows all it takes is Audacity and a setting in mmsys.cpl to capture a signal sent to your sound card, you don't need those goofs' web site.

I make CDs from KSHE's albums for the car, and they sound as good as factory CDs -- in the car. Their difference in quality in the house with the JBLs is marginal. It's a LOT better sound than a cassette recorded at home.

If you're in St. Louis (I'm not) you can plug your digital FM radio's "out" jacks into your computer's input jacks and you actually will have CD quality music.

The labels are fighting a losing cause.

Submission + - SPAM: Pre-Loaded Kodi Boxes Face Legal Challenge In UK

An anonymous reader writes: In a potential landmark case for video streaming and copyright regulations, a UK man has been charged with selling pre-loaded Kodi set top boxes that allowed users to circumvent copyright protections and illegally download pirated materials. The defendant, who owns an electronic equipment shop, said that he intends to challenge the charges, which state that the set-top boxes he sold illegally facilitated the circumvention of copyright laws.

Kodi (formerly XBMC, a media player for the XBox system), can run diverse media file formats from a single application, with clients available for smartphones, mobile devices, computers, or set-top boxes connected to a TV. Though created to play legal content, Kodi can be modified to allow the playing of pirated content, or to facilitate free access to subscription-only channels — capabilities which forced Amazon to pull the player from its App store over piracy concerns. XMBC's Nathan Betzen said “Every day a new user shows up on the Kodi forum, totally unaware that the free movies they’re watching have been pirated and surprised to discover that Kodi itself isn’t providing those moviesThis means we will issue trademark takedown notices anywhere we think the likelihood for confusion is high.”

Link to Original Source

Submission + - Yahoo Finds Convenient Excuse In 'State-Sponsored' Hackers (csoonline.com)

itwbennett writes: 'Yahoo has blamed its massive data breach on a 'state-sponsored actor.' But the company isn't saying why it arrived at that conclusion. Nor has it provided any evidence,' writes Michael Kan. This despite claiming in a December 2015 blog post that the company has protocols in place that can detect state-sponsored hacking and a policy of warning users 'when we have a high degree of confidence.' It's this reluctance to share details that has security experts suspecting it's a convenient, if trumped up, excuse. 'If I want to cover my rear end and make it seem like I have plausible deniability, I would say 'nation-state actor' in a heartbeat,' said Chase Cunningham, director of cyber operations at security provider A10 Networks.

Submission + - Mozilla Releases 'Rebellious' Selfie App Against EU Copyright Reform

An anonymous reader writes: In response to the European Union’s (EU) proposed copyright reforms, web browser Mozilla has created a new app, called Post Crimes, which it believes highlights the outdated and harmful nature of the proposals. Mozilla argues that the reforms make everyday online activities like education and parody unlawful. It suggests that making memes, gifs and certain selfies illegal in some countries is a ridiculous proposition, and aims to open up the debate further through the Post Crimes platform. The aim of the app is to encourage users to take a selfie in front of European landmarks, which would be technically unlawful to photograph, such as the Eiffel Tower’s night-time light display. The selfies are then forwarded as postcards to members of the European Parliament. Mozilla hopes that this rebellious approach will show policymakers just how outdated the copyright reforms really are.

Submission + - Google Launches Tools Against Cross-Site Scripting (thestack.com)

An anonymous reader writes: Google has launched an online tool and a Chrome extension intended to help developers secure Content Security Policy (CSP) against attackers who use cross-site scripting to enable SQL injection, drive-by infections and other cross-domain attack vectors. The CSP Evaluator can determine whether a policy is misconfigured or even set at all, and Google’s own engineers have been using this for some time with products such as Maps Timeline, Cloud Console, Photos, History and the Google Cultural Institute. The CSP Mitigator Chrome extension performs a similar task on a local basis. Both these tools are intended to encourage the use of a nonce to sign and authenticate scripts which are permitted to run on a domain; however, the ad networks (and their analytics tools) which have made XSS so appealing to hackers over the last 15 years seem unlikely to invest time, effort and money in improving CSP on a voluntary basis.

Submission + - Only Select Developers Can Publish Google Daydream VR Apps Until 2017 (roadtovr.com)

An anonymous reader writes: Google says Daydream, their high-end VR on Android initiative, is due to launch this Fall. But at launch, only select developers will be allowed to publish Daydream VR apps to the Play Store for distribution until 2017 when the company says they'll open the doors to all developers. Google says that Daydream is an ecosystem for VR on Android, consisting of Daydream-ready phones, headsets, and apps, which will all work together to create a high-end mobile VR experience that goes beyond the company's low-cost Carboard VR initiative. There's currently no additional restriction in place for publishing Cardboard apps.

Submission + - SPAM: Feminist Discovers Why Women Can't do STEM

Stinky Cheese Man writes: "Are STEM Syllabi Gendered? A Feminist Critical Discourse Analysis" by Laura Parson of the University of North Dakota is difficult to distinguish from parody. Apparently women and minorities are intimidated by catalog descriptions of STEM courses. The STEM course descriptions analyzed by Ms. Parson implied "that not only would students be held to difficult high standards, but also that there was also a base of knowledge that was required to be successful in the course. [This] created an impression of extremely difficult courses, which ... would be prohibitive for those not confident in those areas, such as women and minorities."

Furthermore, scientific knowledge itself is considered to be male-biased. "STEM syllabi explored in this analysis promoted the male-biased STEM institution by reinforcing views of knowledge as static and unchanging, as it is traditionally considered to be in science, which is a masculine concept of knowledge." This is opposed to the "feminist view of knowledge" in which "knowledge is constructed by the student and dynamic, subject to change."

Ms. Parson feels that "the individualistic, difficult and competitive nature of the STEM classroom" creates a "a chilly climate that marginalizes women".

Thanks to Tyler O'Neil at PJ Media.

Submission + - SPAM: US Sues Palantir for Discrimination - Against Asians 1

jeffb (2.718) writes: The US Department of Labor is suing Palantir Technologies, a large private US big-data analysis company, for alleged racial discrimination against Asian job applicants. The lawsuit claims that Palantir hired 14 non-Asians and 11 Asians out of a pool of more than 1160 "qualified" applicants, where 85% of the applicants in that pool were Asian.

I'm sure Slashdot readers will have a number of questions about this. For example:
  • How did DoL or Palantir reliably categorize applicants as "Asian" or "non-Asian"?
  • How did DoL categorize applicants as "qualified"?
  • How do these proportions (percentage of Asian applicants, percentages hired) compare to other companies in this space?

Link to Original Source

Comment Re:A shot at Ernst & Young also (Score 4, Informative) 109

It's actually "Ernst & Young (Hong Kong)" - i.e. "China" - specifically, rather than Ernst and Young in general, but that caught my eye as well. In fact, there's a lot of things about the write up that imply that Mozilla at least suspects some high level corruption on behalf of multiple actors in this but is just being politic about it, and especially so if you keep in mind what some of WoSign's "errors" might enable in terms of censorship and surveillance.

Submission + - Earth Is At Its Warmest In 120,000 Years, Says Study (washingtonpost.com)

An anonymous reader writes: As part of her doctoral dissertation at Stanford University, Carolyn Snyder, now a climate policy official at the U.S. Environmental Protection Agency, created a continuous 2 million year temperature record, much longer than a previous 22,000 year record. Snyder’s temperature reconstruction, published Monday in the journal Nature, doesn’t estimate temperature for a single year, but averages 5,000-year time periods going back a couple million years. Snyder based her reconstruction on 61 different sea surface temperature proxies from across the globe, such as ratios between magnesium and calcium, species makeup and acidity. But the further the study goes back in time, especially after half a million years, the fewer of those proxies are available, making the estimates less certain, she said. These are rough estimates with large margins of errors, she said. But she also found that the temperature changes correlated well to carbon dioxide levels. Temperatures averaged out over the most recent 5,000 years — which includes the last 125 years or so of industrial emissions of heat-trapping gases — are generally warmer than they have been since about 120,000 years ago or so, Snyder found. And two interglacial time periods, the one 120,000 years ago and another just about 2 million years ago, were the warmest Snyder tracked. They were about 3.6 degrees (2 degrees Celsius) warmer than the current 5,000-year average. Snyder said if climate factors are the same as in the past — and that’s a big if — Earth is already committed to another 7 degrees or so (about 4 degrees Celsius) of warming over the next few thousand years.

Comment Re:Are they big enough? (Score 1) 109

Firefox alone, possibly not. However, Mozilla's certificate store is also the one commonly used by NSS on Linux which might not be so big on the web browser front, but that's going to cause a lot of problems for people trying to use any post-revocation WoSign/Startcom certificates to send email through Linux gateways using TLS. Also, while I didn't mention it in the submission since it's far from certain, there's a reason the response is on GoogleDocs; one of the authors (Ryan Sleevi) is a Google employee heavily involved in CA management for Chromium, so it's possibly just a matter of time before Google Chrome drops them as well. Historically on CA trust violations Mozilla, Google and Microsoft have generally all done the same thing in roughly the same timeframe, so if both Mozilla and Google are going to revoke...

Slashdot Top Deals

If bankers can count, how come they have eight windows and only four tellers?

Working...