Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - US ISP Goes Down as Two Malware Families Go to War Over Its Modems (bleepingcomputer.com)

An anonymous reader writes: Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month, on April 10. The attack, which the company claimed it was a "malicious hacking event," was the work of BrickerBot, an IoT malware family that bricks unsecured IoT and networking devices.

"BrickerBot was active on the Sierra Tel network at the time their customers reported issues," Janit0r told Bleeping Computer in an email, "but their modems had also just been mass-infected with malware, so it's possible some of the network problems were caused by this concomitant activity."

The crook, going by Janit0r, tried to pin some of the blame on Mirai, but all the clues point to BrickerBot, as Sierra Tel had to replace bricked modems altogether, or ask customers to bring in their modems at their offices to have it reset and reinstalled. Mirai brought down over 900,000 Deutsche Telekom modems last year, but that outage was fixed within hours with a firmware update. All the Sierra Tel modems bricked in this incident were Zyxel HN-51 models, and it took Sierra Tel almost two weeks to fix all bricked devices.

Submission + - The Linux Foundation launches IoT-focused open source EdgeX Foundry, (betanews.com)

BrianFagioli writes: Unfortunately, while IoT is exciting, it can also be confusing and scary. Many devices do not work together due to fragmentation, and even worse, there can be security exploits that put the consumer's home network at risk. In other words, an internet connected refrigerator or webcam could be abused by hackers. Today, The Linux Foundation launches the open source EdgeX Foundry — an attempt to unify and simplify the Internet of Things.

The Linux Foundation says, "EdgeX Foundry is unifying the marketplace around a common open framework and building an ecosystem of companies offering interoperable plug-and-play components. Designed to run on any hardware or operating system and with any combination of application environments, EdgeX can quickly and easily deliver interoperability between connected devices, applications, and services, across a wide range of use cases. Interoperability between community-developed software will be maintained through a certification program."

Submission + - Microsoft Kills Off Security Bulletins (computerworld.com)

An anonymous reader writes: ComputerWorld reports: "Microsoft this week retired the security bulletins that for decades have described each month's slate of vulnerabilities and accompanying patches for customers — especially administrators responsible for companies' IT operations. One patch expert reported on the change for his team. "It was like trying to relearn how to walk, run and ride a bike, all at the same time," said Chris Goettl, product manager with patch management vendor Ivanti. The move to a bulletin-less Patch Tuesday brought an end to months of Microsoft talk about killing the bulletins that included an aborted attempt to toss them."

Submission + - Blind your ISP with Tor (linuxjournal.com)

emil writes: ISPs and wireless carriers are preparing to sell your internet usage history with the passage of S J Res 34. It is both ironic and unconscionable that regulators and carriers view subscriber telephone records as highly-privileged, but network traffic as theirs to take.

The Tor Project presents an effective countermeasure to blind their analytics. We cover Tor's theory of network operation, and provide detailed installation instructions for Android and desktop Linux.

Use of the Tor network will bring a unique set of bandwidth, latency, and security penalties. With the latest rule changes, this has become a price that we must pay.

Submission + - Netflix Found To Leak Information On HTTPS-Protected Videos

An anonymous reader writes: TCP/IP headers can leak details about what you are watching on Netflix despite HTTPS protection, according to new cybersecurity research. The study, conducted by Andrew Reed and Michael Kranchof the U.S. Military Academy at West Point, explored Netflix’s implementation of HTTPS and the ability to identify content information in real-time through the passive capture of network traffic. The paper explains that the TCP/IP headers of a Netflix HTTPS stream provide a 99.5% success rate for identifying video content – with the majority of identifications occurring less than two and a half minutes into the video stream. The research found that the variable bitrate (VBR) encoding leaks the contents of a particular flow, despite the use of encryption, notably as the byte-range portion of the HTTP GET commands sent by the browser perfectly align with individual video segment boundaries.

Submission + - Why Taser Zapped Its Name: It Wants To Be A Tech Powerhouse (fastcompany.com)

tedlistens writes: Taser announced this week it has a new name, Axon, as part of its aggressive push to dominate the burgeoning market for body cameras and related subscription-based software—and put some distance between itself and the stun gun for which it is widely and controversially known. (It also announced an initiative to solidify its strong lead over the competition while the market is still young, offering cameras and cloud storage free of charge for a year to any eligible police department in America.)

Though the gun generally gets high marks from law enforcement—and has given the company a monopoly in police stun guns—it has generated plenty of controversy since many people shot by the “less-lethal” weapon have died or been severely injured. “We’ve seen the need to do this” for a few years, says Smith.

Hadi Partovi, the Silicon Valley investor and founder of the nonprofit Code.org, says the broader, more public-facing brand will help the company recruit top programming and AI talent—part of a shift he’s been pushing for since he joined the Taser board in 2010. "To be able to start a new business, especially a new business in a completely different road—it would be as if Facebook started something new, and then that new thing became bigger than Facebook itself.”

Still, the bold moves raise a lot of questions about the company's business practices and the way that body cameras are being deployed.

Submission + - The Giant Freaking Robot Fight—U.S. vs. Japan—Is Now Set (nerdist.com)

schwit1 writes: While smaller robots battling one another have been part of reality television for several years now, the idea of giant robots piloted by human beings has been the exclusive domain of fiction. A couple of years ago, it looked like that era was coming to an end as an American outfit challenged a Japanese company known for its giant robot. After all, the Americans had a giant robot too, so why not put the two mechas against one another?

For a while there was nothing, but now we have news. More importantly, we have a date for this technological clash of the titans.

If you’re unfamiliar with the feud between America’s MegaBots, Inc. and Japan’s Suidoboshi Heavy Industries (SHI), it’s a tale of the former challenging the latter to a giant robot “duel” for pride, title, and the posterity of giant mechs that will surely battle to the death for years to come, sawing and burning each other down in front of an audience like Ancient Roman Gladiators made of steel and flamethrowers.

The robots facing off in August—which will now happen at an undisclosed location because the “original Duel venue fell through” and caused considerable delays—is between Megabots’ Mk. III and SHI’s KURATAS. Considerable battle upgrades have been made to both the original Mk. III and KURATAS over the last year-plus, the Mk. III’s coming after the team behind the 12,000-pound bot raised over $500,000 on kickstarter.


Submission + - Gigabyte Firmware Bugs Allow the Installation of BIOS/UEFI Ransomware (bleepingcomputer.com)

An anonymous reader writes: Last week, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte BRIX small computing devices, which allow an attacker to write malicious content to the UEFI firmware. During their presentation, researchers installed a proof-of-concept UEFI ransomware, preventing the BRIX devices from booting, but researchers say the same flaws can be used to plant rootkits that allow attackers to persist malware for years.

The two vulnerabilities discovered are CVE-2017-3197 and CVE-2017-3198. The first is a failure on Gigabyte's part to implement write protection for its UEFI firmware. The second vulnerability is another lapse on Gigabyte's side, who forgot to implement a system that cryptographically signs UEFI firmware files. Add to this the fact that Gigabyte uses an insecure firmware update process, which doesn't check the validity of downloaded files using a checksum and uses HTTP instead of HTTPS. A CERT vulnerability note was published to warn users of the impending danger and the bugs' ease of exploitation.

Submission + - Why Uber Won't Fire Its CEO (backchannel.com)

mirandakatz writes: As negative press about Uber has piled up, multiple people have called for the ridesharing giant to fire its CEO, Travis Kalanick. But that's so much more easily said than done: The only person who can decide Uber needs a new CEO is Travis himself. At Backchannel, Jessi Hempel unpacks the dual-class share structure that has become so popular among savvy tech founders in recent years, as it allows them to maintain control over decisions the company makes, even if their ownership in the company is significantly reduced. As Hempel writes, "The argument for allowing a small set of founders complete control over their boards is the same one to be made for enabling benevolent dictatorships. Benevolence, however, does not come with a permanent guarantee."

Comment We've seen this coming... (Score 1) 155

This has happened in several other industries as well. If a market (in this case TV content and sports broadcasts, in particular) moves in a new technological direction, to stay competitive, you have to adapt. Print media has been learning this for a while and still doesn't have it totally figured out - but they are learning. Take what they have done and improve upon it.

Submission + - Westinghouse Files For Bankruptcy, In Blow To Nuclear Power (reuters.com)

An anonymous reader writes: Westinghouse Electric Co, a unit of Japanese conglomerate Toshiba Corp, filed for bankruptcy on Wednesday, hit by billions of dollars of cost overruns at four nuclear reactors under construction in the U.S. Southeast. The bankruptcy casts doubt on the future of the first new U.S. nuclear power plants in three decades, which were scheduled to begin producing power as soon as this week, but are now years behind schedule. The four reactors are part of two projects known as V.C. Summer in South Carolina, which is majority owned by SCANA Corp, and Vogtle in Georgia, which is owned by a group of utilities led by Southern Co. Costs for the projects have soared due to increased safety demands by U.S. regulators, and also due to significantly higher-than-anticipated costs for labor, equipment and components. Pittsburgh-based Westinghouse said it hopes to use bankruptcy to isolate and reorganize around its "very profitable" nuclear fuel and power plant servicing businesses from its money-losing construction operation. Westinghouse said in a court filing it has secured $800 million in financing from Apollo Investment Corp, an affiliate of Apollo Global Management, to fund its core businesses during its reorganization. Westinghouse’s nuclear services business is expected to continue to perform profitably over the course of the bankruptcy and eventually be sold by Toshiba, people familiar with the matter said. When regulators in Georgia and South Carolina approved the construction of Westinghouse's AP1000 reactors in 2009, it was meant to be the start of renewed push to develop U.S. nuclear power. However, a flood of cheap natural gas from shale, the lack of U.S. legislation to curb carbon emissions and the 2011 Fukushima nuclear accident in Japan dampened enthusiasm for nuclear power. Toshiba had acquired Westinghouse in 2006 for $5.4 billion. It expected to build dozens of its new AP1000 reactors — which were hailed as safer, quicker to construct and more compact — creating a pipeline of work for its maintenance division.

Submission + - Google launches new open source website (betanews.com)

BrianFagioli writes: Google is an essential member of the open source community. The search giant contributes some really great projects, offering code to be used many — it claims more than 2,000 such contributions! Heck, the company even hosts the annual Summer of Code program, where it pairs students with open source projects teams. In other words, Google is helping to get young folks excited about open source. Today, Google announces that it is launching an all-new website to focus on open source. It is not a general open source site, but a destination to learn more about the search-giant's relationship with it.

"Today, we're launching opensource.google.com, a new website for Google Open Source that ties together all of our initiatives with information on how we use, release, and support open source. This new site showcases the breadth and depth of our love for open source. It will contain the expected things: our programs, organizations we support, and a comprehensive list of open source projects we've released. But it also contains something unexpected: a look under the hood at how we 'do' open source," says Will Norris, Open Source Programs Office, Google.

Submission + - Google and Facebook Can't Just Make Fake News Disappear (backchannel.com)

mirandakatz writes: It makes sense that people are pointing fingers at Google and Facebook, demanding that they come up with a silver bullet for fake news: The two companies have an effective monopoly on online information flows, and because centralized systems proved able to somewhat curb spam and SEO, it seems that they should be able to stop this problem, too. But fake news is a much bigger problem than something like spam, and no one company is going to be able to just write a program that "fixes" it. At Backchannel, danah boyd writes that "I don’t want to let companies off the hook, because they do have a responsibility in this ecosystem. But they’re not going to produce the silver bullet that they’re being asked to produce. And I think that most critics of these companies are really naive if they think that this is an easy problem for them to fix."

Submission + - SPAM: Soviet cover-up of nuclear fallout worse than Chernobyl

schwit1 writes: It was a nuclear disaster four times worse than Chernobyl in terms of the number of cases of acute radiation sickness, but Moscow’s complicity in covering up its effects on people’s health has remained secret until now.

We knew that in August 1956, fallout from a Soviet nuclear weapons test at Semipalatinsk in Kazakhstan engulfed the Kazakh industrial city of Ust-Kamenogorsk and put more than 600 people in hospital with radiation sickness, but the details have been sketchy.

After seeing a newly uncovered report, New Scientist can now reveal that a scientific expedition from Moscow in the aftermath of the hushed-up disaster uncovered widespread radioactive contamination and radiation sickness across the Kazakh steppes.

The scientists then tracked the consequences as nuclear bomb tests continued — without telling the people affected or the outside world.

The report by scientists from the Institute of Biophysics in Moscow was found in the archive of the Institute of Radiation Medicine and Ecology (IRME) in Semey, Kazakhstan. “For many years, this has been a secret,” says the institute’s director Kazbek Apsalikov, who found the report and passed it on to New Scientist.

More nuclear bomb tests were conducted at Semipalatinsk than anywhere else in the world during the 1950s and early 1960s. Western journalists have reported since the breakup of the Soviet Union on the apparent health effects on villagers downwind of the tests. And some recent studies have estimated radiation doses using proxies such as radioactivity in tooth enamel.

The newly revealed report, which outlines “the results of a radiological study of Semipalatinsk region” and is marked “top secret”, shows for the first time just how much Soviet scientists knew at the time about the human-health disaster and the extent of the cover-up.

Link to Original Source

Slashdot Top Deals

Frankly, Scarlett, I don't have a fix. -- Rhett Buggler

Working...