Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - EFF needs your help to stop Congress dismantling Internet privacy protections! (eff.org)

Peter Eckersley writes: Last year the FCC passed rules forbidding ISPs (both mobile and landline) from using your personal data without your consent for purposes other than providing you Internet access. In other words, the rules prevent ISPs from turning your browsing history into a revenue stream to sell to marketers and advertisers. Unfortunately, members of Congress are scheming to dismantle those protections as early as this week. If they succeed, ISPs would be free to resume selling users' browsing histories, pre-loading phones with spyware, and generally doing all sorts of creepy things to your traffic.

The good news is, we can stop them. We especially need folks in the key states of Alaska, Colorado, Maine, Montana, Nevada, Ohio, and Pennsylvania to call their senators this week and tell them not to kill the FCC's Broadband Privacy Rules.

Together, we can stop Congress from undermining these crucial privacy protections.

Submission + - How the Internet Gave Mail-Order Brides the Power (backchannel.com)

mirandakatz writes: For decades, the mail-order bride system in the Philippines went something like this: Western men picked Filipinas out of catalogues, and the women had little to no information about the men they were agreeing to marry. The internet has changed all of that. As Meredith Talusan reports at Backchannel, technology has empowered Filipinas to be choosy about the Western men they pursue—and indeed, when it comes to online dating, they now hold much of the power. As Talusan writes, "in one sense, the leveling of dating power between Filipinas and Westerners is the fulfillment of the global internet’s promise to equalize relations between disparate places and people. Yet even as Filipinas and Westerners face off as equals online, the world of dating exposes the ultimate limitations of the web."

Submission + - SPAM: New hobby of PVS-Studio team: fixing potential vulnerabilities in open source

Andrey_Karpov writes: The topic of vulnerabilities detected in various open source projects is extremely popular nowadays. The news about that can be found on different sites (example: Adobe fixes 8 Security Vulnerabilities in Adobe Flash Player & Shockwave Player). However, it is of no use to discuss these vulnerabilities (CVE) from a programmers' point of view. It is more important to prevent these vulnerabilities at the stage of writing the code, rather than worry that some leak was found again. Therefore, the Common Weakness Enumeration list (CWE) is of greater interest to the developers.

This list (CWE) presents systematized errors that may cause vulnerabilities. There are different factors that influence the fact, if an error turns into a vulnerability or not. In other words, a defect sometimes can be exploited, and sometimes not, depending on luck.

What is significant, is that by eliminating the errors, given in CWE, a programmer protects the code from a great number of potential vulnerabilities in advance. Static analyzers can be great assistants in this case.

PVS-Studio has always been able to detect a large number of various weaknesses (potential vulnerabilities) in the program code. However, historically, we positioned PVS-Studio as a tool to search for errors. As I've already said, there is a trend in the software development to look for vulnerabilities in the code, although it's just the same. We started rebranding of our tool. Common Weakness Enumeration (CWE) was the first thing we looked at and wrote an article where provided a draft of a table, presenting the comparison of PVS-Studio diagnostics and CWE. We also demonstrated a couple of potential vulnerabilities in Apache HTTP Server.

That was not the end. We got interested in fixing potential vulnerabilities in various projects. Moreover, we decided to compile these small actions on making the world a better place, into small weekly reports. The first one covered the defects in C# projects (CoreFX, MSBuild).

The second would be interesting for the community of C and C++ programmers. It is about errors in such projects as FreeBSD, GCC, Clang.

Some may say that nor every project requires testing for the potential vulnerabilities from the CWE point of view. I agree. But it's useful to find bugs and fix them in any case. Plus it demonstrates that PVS-Studio can be used to look for security issues.

Submission + - Critical Cisco Flaw Found Buried in Vault 7 Documents

Trailrunner7 writes: Hundreds of models of Cisco switches are vulnerable to a remote-code execution bug in the company’s IOS software that can be exploited with a simple Telnet command. The vulnerability was uncovered by company researchers in the CIA hacking tool dump known as Vault 7.

The bug is a critical one and an attacker who is able to exploit it would be able to get complete control of a target device. The flaw lies in the Cluster Management Protocol (CMP) that’s used in IOS, and Cisco said it’s caused by the incorrect processing of CMP-specific Telnet options, as well as accepting and processing these commands from any Telnet connection.

“An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device,” the Cisco advisory says.

Submission + - Windows 10 will download some updates even over a metered connection

AmiMoJo writes: Until now Windows 10 has allowed users to avoid downloading updates over metered (pay-per-byte) connections, to avoid racking up huge bills. Some users were setting their ethernet/wifi connections as metered in order to prevent Windows 10 from downloading and installing updates without their permission. In its latest preview version of the OS, Microsoft is now forcing some updates necessary for "smooth operation" to download even on these connections. As well as irritating users who want to control when updates download and install, users of expensive pay-per-byte connections could face massive bills.

Comment People don't have a clear understanding. (Score 1) 125

guess that a lot of people don't understand all the details.

Getting a job at Microsoft or Amazon is considered, by some people, as good support for getting future jobs.

Suppose you have lived for years in Seattle. Your friends are there. You have spent years learning to make yourself comfortable there. You wouldn't want to move. And, if you decide to move, to where?

There are people who make huge amounts of money who are willing to accept that there are some surroundings that are miserable.

Mostly, however, I think I don't fully understand the sociology of Seattle.

Comment News stories say that is true. More detail: (Score 4, Informative) 125

News stories I've found indicate what you said is correct:

Seattle: Together with abusive companies and bad city management, Seattle is a miserable place.

Houses in Seattle are expensive: Seattle bumps Boston as the most expensive U.S. housing market that's not in California.

Rent is expensive: Seattle rent is 5th most expensive in U.S.

Traffic: Seattle one of the worst U.S. cities for traffic congestion, tied with NYC (March 31, 2015) Quote: "An additional 23 minutes a day spent in traffic may not sound like much, but when it adds up over a year it becomes 89 hours." (Whoever wrote that must be accustomed to Seattle misery. An additional 23 minutes a day spent in traffic sounds HORRIBLE.)

Slow internet: Many areas of Seattle have poor internet connections. See the article, These places have the slowest Internet in the country. (June 25, 2015) Quote: "... Seattle ... CenturyLink (CTL) customers trying to access particular sites from 9 p.m. to 10 p.m. will have unbearably slow speeds."

Microsoft: Microsoft Is Filled With Abusive Managers And Overworked Employees, Says Tell-All Book (May 23, 2012)

Amazon: Worse than Wal-Mart: Amazon's sick brutality and secret history of ruthlessly intimidating workers (February 23, 2014)

Amazon: Inside Amazon: Wrestling Big Ideas in a Bruising Workplace (August 15, 2015) Quote: "The company is conducting an experiment in how far it can push white-collar workers..."

Amazon: Amazon Under Fire Over Alleged Worker Abuse in Germany (February 19, 2013)

Submission + - Insurance Startup Uses Behavioral Science To Keep Customers Honest (fastcompany.com)

tedlistens writes: at FastCo, Ainsley O'Connell writes:

Insurance startup Lemonade won itself headlines in January with the boast that it had successfully approved a claim in just three seconds. In that time, Lemonade’s software had run 18 anti-fraud algorithms and sent a payment to the lucky customer’s bank account—a process that would have taken a traditional property and casualty insurer days, if not weeks.

But it’s what happened before Lemonade’s artificial intelligence kicked into gear that makes the renegade insurer so potentially disruptive to this trillion-dollar industry, for which premiums alone comprise 7% of U.S. GDP. The customer, Brooklyn educator Brandon Pham, opened Lemonade’s mobile app, signed an “honesty pledge” to attest to the truth of his claim, and then recorded a short video explaining that his Canada Goose parka, worth nearly $1,000, had been stolen.

That deceptively simple claims process is the byproduct of academic research on psychology and behavioral economics conducted by Dan Ariely, one of the field’s most prominent voices and Lemonade’s chief behavioral officer.... “There’s a lot of science about when people behave and misbehave that has not been put to use,” says Lemonade cofounder and CEO Daniel Schreiber.

Submission + - Firefox 52 forces pulseaudio, dev claims that telemetry is essential (mozilla.org) 3

jbernardo writes: While trying to justify breaking audio on firefox for several linux users by making it depend on pulseaudio (and not even mentioning it in the release notes), Anthony Jones, who claims, among other proud achievements, to be "responsible for bringing Widevine DRM to Linux, Windows and Mac OSX", informs users that disabling telemetry will have consequences — "Telemetry informs our decisions. Turning it off is not without disadvantage."
The latest one is, as documented on the mentioned bug, that firefox no long has audio unless you have pulseaudio installed. Many bug reporters suggest that firefox telemetry is disabled by default on many distributions, and also that power users, who are the ones more likely to remove pulseaudio, are also the ones more likely to disable telemetry.
As for the pulseaudio dependence, apparently there was a "public" discussion on google groups, and it can be seen that the decision was indeed based on telemetry.
So, if for any reason you still use firefox, and want to have some hope it won't be broken for you in the future, enable all the spyware/telemetry.

Submission + - Critical Information for Aviators Bogged Down In 'Ridiculous' 1920s NOTAM System 2

Freshly Exhumed writes: Mark Zee of OpsGroup, an entity that provides airlines and aircraft operators worldwide with critical flight information, has had enough of the NOTAM system of critical information notices to aviators, decrying that it has become 'absolutely ridiculous. We communicate the most critical flight information, using a system invented in 1920, with a format unchanged since 1924, burying essential information that will lose a pilot their job, an airline their aircraft, and passengers their lives, in a mountain of unreadable, irrelevant bullshit.'

Submission + - Windows 10 UAC Bypass Uses Backup and Restore Utility (bleepingcomputer.com)

An anonymous reader writes: A new User Access Control (UAC) bypass technique relies on altering Windows registry app paths and using the Backup and Restore utility to load malicious code without any security warning. The technique works when an attacker launches the Backup and Restore utility, which loads its control panel settings page. Because the utility doesn't known where this settings page is located, it queries the Windows Registry. The problem is that low-privileged users can modify Windows Registry values and point to malware.

Because the Backup and Restore utility is a trusted application, UAC prompts are suppressed. This technique only works in Windows 10, and not earlier OS versions, and was tested with Windows 10 build 15031. A proof-of-concept script is available on GitHub. The same researcher had previously found two other UAC bypass techniques, one that abuses the Windows Event Viewer, and one that relies on the Windows 10 Disk Cleanup utility

Slashdot Top Deals

Anyone can hold the helm when the sea is calm. -- Publius Syrus

Working...