Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Scott Adams and "The Non-Expert Problem" (blogspot.ca) 7

Layzej writes: It is easy for a non-expert to be swayed by a credible sounding narrative that claims to overthrow a scientific consensus. For a scientist it is generally clear which arguments are valid, but the general public can’t independently evaluate scientific evidence. Scientist Victor Venema provides answers to a number of concerns about climate science raised by cartoonist Scott Adams. His answers are accessible and illuminating, and hopefully helpful to the non-expert who would like to understand the truth behind certain contrarian talking points.

Submission + - FOIA confirms existence of real-life X-Files that FBI previously denied existed (muckrock.com)

v3rgEz writes: A Freedom of Information Act request for FBI files on a figure at the center of dozens of 20th century conspiracy theories reveals a rare glimpse into the Bureau's real-life "X-Files" — which the agency had long maintained don't exist. And while there's no evidence yet of Mulder or Scully, the files do include a story of flying saucers and secret assassins stranger than anything on the show.

Comment Yuuup (Score 1) 103

clouds have baked private keys into their public images, so that any user could SSH into any machine

The first capture the flag hacking event hosted by my college's volunteer systems team (which supplemented the IT staff) had this problem. Every system had the same SSH keys, so it was easy to man-in-the-middle your opponents, gain their credentials, then log into their actual systems. One of the teams that discovered this (and won the contest) went on to host the next year's event. (This was not recent.)

Security

Russia Says Foreign Spies Plan Cyber Attack On Banking System (reuters.com) 88

Russia said on Friday it had uncovered a plot by foreign spy agencies to sow chaos in Russia's banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust. From a report on Reuters: Russia's domestic intelligence agency, the Federal Security Service (FSB), said that the servers to be used in the alleged cyber attack were located in the Netherlands and registered to a Ukrainian web hosting company called BlazingFast. The attack, which was to target major national and provincial banks in several Russian cities, was meant to start on Dec. 5, the FSB said in a statement. "It was planned that the cyber attack would be accompanied by a mass send-out of SMS messages and publications in social media of a provocative nature regarding a crisis in the Russian banking system, bankruptcies and license withdrawals," it said. "The FSB is carrying out the necessary measures to neutralize threats to Russia's economic and information security."
Facebook

Facebook Knows What You're Streaming (bloomberg.com) 100

Facebook is gathering information about the shows Roku and Apple TV owners are streaming. The company then uses the Facebook profile linked to the same IP addresses to tailor the commercials that are shown to individual users. From a report on Bloomberg: For the past few weeks, the social network says, it's been targeting ads to people streaming certain shows on their Roku or Apple TV set-top boxes. It customizes commercials based on the Facebook profiles tied to the IP addresses doing the streaming, according to a company spokesman. He says Facebook is trying out this approach with the A&E network (The Killing, Duck Dynasty) and streaming startup Tubi TV, selecting free test ads for nonprofits or its own products along with a handful of name brands. This push is part of a broader effort by social media companies to build their revenue with ads on video. Twitter is placing much of its ad-sales hopes on streaming partnerships with sports leagues and other content providers. In October, CFO Anthony Noto told analysts on an earnings call that the ads played during Twitter's NFL Thursday Night Football streaming exclusives had been especially successful, with many people watching them in their entirety with the sound turned on. The participants in these partnerships don't yet have a default answer to questions such as who should be responsible for selling the ads or who should get which slice of revenue.
Medicine

The US Government is Finally Telling People that Homeopathy is a Sham (vox.com) 297

Not a good news for people who trust homeopathic drugs. The Federal Trade Commission has issued an enforcement policy statement that requires over-the-counter (OTC) homeopathic drugs and products makers to disclose in their advertisement and labeling that there is no evidence that Homeopathic products are effective and also mention that modern medical experts don't recognize any claims of effectiveness only based on homeopathic theories. From a report on Vox: This FTC ruling is definitely a step in the right direction of raising awareness about the lack of evidence behind homeopathy. "This is a real victory for reason, science, and the health of the American people," said Michael De Dora, public policy director for the Center for Inquiry, a science-based advocacy and education group that's been pushing for more homeopathy oversight. "The FTC has made the right decision to hold manufacturers accountable for the absolutely baseless assertions they make about homeopathic products." But it doesn't mean these "medicines" will disappear from store shelves. The FTC only has the right to crack down on misleading marketing claims, and if the makers of homeopathic remedies clearly state that their products are based on no science, they can still sell them.

Comment Same issue as killing net neutrality: bad idea (Score 1) 54

You can't whitelist everything you need to, and you can't trust end users to be able to do that all themselves (no matter how many dialogs you pop up). A/V is only capable of doing so much, so users still need educations.

The other option, as this Google engineer proposes, is to lock everything down and only allow vetted programs. This is called Trusted Computing (a.k.a. Treacherous Computing) for software and digital rights management (digital restrictions management) for media. These are very secure (so long as you trust the vetting agency), but they promote too much vendor lock-in and they directly combat Free Software.

Submission + - Author or curl gets tech support emails for random cars 1

AmiMoJo writes: The author of the popular curl utility has been receiving requests for help from frustrated car owners having difficulty with their infotainment systems. It appears that because his email address is listed on the "about" screen, as required by the curl licence, some desperate users are reaching out to him in the hopes of finding a solution.
Social Networks

The FBI Got Its Hands on Data That Twitter Wouldn't Give the CIA (theverge.com) 76

The FBI is using a tool called Dataminr to track criminals and terrorist groups on Twitter, according to documents spotted by The Verge. In a contract document, the agency says Dataminr's Advanced Alerting Tool allows it "to search the complete Twitter firehose, in near real-time, using customizable filters." However, the practice seems to violate Twitter's developer agreement, which prohibits the use of its data feed for surveillance or spying purposes. From the report:"Twitter is used extensively by terrorist organizations and other criminals to communicate, recruit, and raise funds for illegal activity," the FBI wrote in a contracting document. "With increased use of Twitter by subjects of FBI investigations, it is critical to obtain a service which will allow the FBI to identify relevant information from Twitter in a timely fashion." [...] Earlier this year, Twitter revoked API access to a tool called Geofeedia, citing the same clause in the Developer agreement, after a reports showed the tool had been used by police to target protestors in Baltimore. Facebook was also a Geofeedia customer, and used it to catch an intruder in Mark Zuckerberg's office. This isn't the first time Dataminr has run up against Twitter's anti-surveillance clause. In May, Twitter revoked CIA access to Dataminr, a move that was taken as part of a larger ban on US intelligence agencies using the product.
Music

Shazam Keeps Your Mac's Microphone Always On, Even When You Turn It Off (vice.com) 126

An anonymous reader quotes a report from Motherboard: What's that song? On your cellphone, the popular app Shazam is able to answer that question by listening for just a few seconds, as if it were magic. On Apple's computers, Shazam never turns the microphone off, even if you tell it to. When a user of Shazam's Mac app turns the app "OFF," the app actually keeps the microphone on in the background. For the security researcher who discovered that the mic is always on, it's a bug that users should know about. For Shazam, it's just a feature that makes the app work better. Patrick Wardle, a former NSA hacker who now develops free Mac security tools, discovered this issue thanks to his latest software OverSight, which is designed to alert users when apps use their webcam and microphone. After he released OverSight, Wardle received an email from a user who noticed that the security app alerted him that Shazam was still listening even after he had switched the toggle to "off." Curious about this discovery, and worried his own software might be issuing a false alarm, Wardle reverse engineered the Shazam app to figure out what was happening. After a few hours analyzing the code, Wardle found out that, in fact, Shazam never stops listening, as he explained in a blog post published on Monday. James Pearson, VP of global communications for Shazam, said in a statement to Motherboard: "There is no privacy issue since the audio is not processed unless the user actively turns the app 'ON.' If the mic wasn't left on, it would take the app longer to both initialize the mic and then start buffering audio, and this is more likely to result in a poor user experience where users 'miss out' on a song they were trying to identify."
Government

FBI Operated 23 Tor-Hidden Child Porn Sites, Deployed Malware From Them (arstechnica.com) 176

An anonymous reader quotes a report from Ars Technica: Federal investigators temporarily seized a Tor-hidden site known as Playpen in 2015 and operated it for 13 days before shutting it down. The agency then used a "network investigative technique" (NIT) as a way to ensnare site users. However, according to newly unsealed documents recently obtained by the American Civil Liberties Union, the FBI not only temporarily took over one Tor-hidden child pornography website in order to investigate it, the organization was in fact authorized to run a total of 23 other such websites. According to an FBI affidavit among the unsealed documents: "In the normal course of the operation of a web site, a user sends "request data" to the web site in order to access that site. While Websites 1-23 operate at a government facility, such request data associated with a user's actions on Websites 1-23 will be collected. That data collection is not a function of the NIT. Such request data can be paired with data collected by the NIT, however, in order to attempt to identify a particular user and to determine that particular user's actions on Websites 1-23." Security researcher Sarah Jamie Lewis told Ars that "it's a pretty reasonable assumption" that at one point the FBI was running roughly half of the known child porn sites hosted on Tor-hidden servers. Lewis runs OnionScan, an ongoing bot-driven analysis of the Tor-hidden darknet. Her research began in April 2016, and it shows that as of August 2016, there were 29 unique child porn related sites on Tor-hidden servers. That NIT, which many security experts have dubbed as malware, used a Tor exploit of some kind to force the browser to return the user's actual IP address, operating system, MAC address, and other data. As part of the operation that took down Playpen, the FBI was then able to identify and arrest the nearly 200 child porn suspects. (However, nearly 1,000 IP addresses were revealed as a result of the NIT's deployment, which could suggest that even more charges may be filed.)
Opera

Web of Trust, Downloaded 140M Times, Pulled From Extension Stores After Revelations That It Sells Users' Data (theregister.co.uk) 115

According to multiple reports, Web of Trust, one of the top privacy and security extensions for web browsers with over 140 million downloads, collects and sells some of the data of its users -- and it does without properly anonymizing it. Upon learning about this, Mozilla, Google and Opera quickly pulled the extension off their respective extension stores. From a report on The Register: A browser extension which was found to be harvesting users' browsing histories and selling them to third parties has had its availability pulled from a number of web browsers' add-on repositories. Last week, an investigative report by journalists at the Hamburg-based German television broadcaster, Norddeutscher Rundfunk (NDR), revealed that Web of Trust Services (WoT) had been harvesting netizens' web browsing histories through its browser add-on and then selling them to third parties. While WoT claimed it anonymised the data that it sold, the journalists were able to identify more than 50 users from the sample data it acquired from an intermediary. NDR quoted the data protection commissioner of Hamburg, Johannes Caspar, criticising WoT for not adequately establishing whether users consented to the tracking and selling of their browsing data. Those consent issues have resulted in the browser add-on being pulled from the add-on repositories of both Mozilla Firefox and Google Chrome, although those who have already installed the extension in their browsers will need to manually uninstall it to stop their browsing being tracked.
DRM

DRM is Used to Lock in, Control and Spy on Users, Says Free Software Foundation (torrentfreak.com) 72

In a scathing critique, the Free Software Foundation is urging the U.S. Government to drop the DMCA's anti-circumvention provisions which protect DRM. From a report on TorrentFreak:Late last year the U.S. Copyright office launched a series of public consultations to review critical aspects of the DMCA law. FSF sees no future for DRM and urges the Copyright Office to repeal the DMCA's anti-circumvention provisions. "Technological protection measures and Digital Restrictions Management (DRM) play no legitimate role in protecting copyrighted works. Instead, they are a means of controlling users and creating 'lock in'," FSF's Donald Robertson writes. According to FSF, copyright is just an excuse, the true purpose is to lock down and control users. "Companies use this control illegitimately with an eye toward extracting maximum revenue from users in ways that have little connection to actual copyright law. In fact, these restrictions are technological impediments to the rights users have under copyright law, such as fair use." Even if copyright was the main concern, DRM would be an overbroad tool to achieve the goal, the foundation notes. FSF highlights that DRM is not just used to control people but also to spy on them, by sending all kinds of personal data to technology providers. This is done to generate extra income at the expense of users' rights, they claim. "DRM enables companies to spy on their users, and use that data for profit," Robertson adds. "DRM is frequently used to spy on users by requiring that they maintain a connection to the Internet so that the program can send information back to the DRM provider about the user's actions," he adds.

Slashdot Top Deals

Real wealth can only increase. -- R. Buckminster Fuller

Working...