Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Bug

LastPass Bugs Allow Malicious Websites To Steal Passwords (bleepingcomputer.com) 126

Earlier this month, a Slashdot reader asked fellow Slashdotters what they recommended regarding the use of password managers. In their post, they voiced their uncertainty with password managers as they have been hacked in the past, citing an incident in early 2016 where LastPass was hacked due to a bug that allowed users to extract passwords stored in the autofill feature. Flash forward to present time and we now have news that three separate bugs "would have allowed a third-party to extract passwords from users visiting a malicious website." An anonymous Slashdot reader writes via BleepingComputer: LastPass patched three bugs that affected the Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. All bugs were reported by Google security researcher Tavis Ormandy, and all allowed the theft of user credentials, one bug affecting the LastPass Chrome extension, while two impacted the LastPass Firefox extension [1, 2]. The exploitation vector was malicious JavaScript code that could be very well hidden in any online website, owned by the attacker or via a compromised legitimate site.
The Internet

'Dig Once' Bill Could Bring Fiber Internet To Much of the US (arstechnica.com) 168

An anonymous reader quotes a report from Ars Technica: If the U.S. adopts a "dig once" policy, construction workers would install conduits just about any time they build new roads and sidewalks or upgrade existing ones. These conduits are plastic pipes that can house fiber cables. The conduits might be empty when installed, but their presence makes it a lot cheaper and easier to install fiber later, after the road construction is finished. The idea is an old one. U.S. Rep. Anna Eshoo (D-Calif.) has been proposing dig once legislation since 2009, and it has widespread support from broadband-focused consumer advocacy groups. It has never made it all the way through Congress, but it has bipartisan backing from lawmakers who often disagree on the most controversial broadband policy questions, such as net neutrality and municipal broadband. It even got a boost from Rep. Marsha Blackburn (R-Tenn.), who has frequently clashed with Democrats and consumer advocacy groups over broadband -- her "Internet Freedom Act" would wipe out the Federal Communications Commission's net neutrality rules, and she supports state laws that restrict growth of municipal broadband. Blackburn, chair of the House Communications and Technology Subcommittee, put Eshoo's dig once legislation on the agenda for a hearing she held yesterday on broadband deployment and infrastructure. Blackburn's opening statement (PDF) said that dig once is among the policies she's considering to "facilitate the deployment of communications infrastructure." But her statement did not specifically endorse Eshoo's dig once proposal, which was presented only as a discussion draft with no vote scheduled. The subcommittee also considered a discussion draft that would "creat[e] an inventory of federal assets that can be used to attach or install broadband infrastructure." Dig once legislation received specific support from Commerce Committee Chairman Greg Walden (R-Ore.), who said that he is "glad to see Ms. Eshoo's 'Dig Once' bill has made a return this Congress. I think that this is smart policy and will help spur broadband deployment across the country."
Privacy

Hackers Claim Access To 300 Million iCloud Accounts, Demand $75,000 From Apple To Delete the Cache of Data (vice.com) 119

A hacker or group of hackers calling themselves the "Turkish Crime Family" claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting that the hackers are demanding "$75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data." From the report: The hackers provided screenshots of alleged emails between the group and members of Apple's security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple. "Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain). The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device. Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim's Apple devices on April 7, unless Apple pays the requested amount. According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video.
Security

Ebay Asks Users To Downgrade Security (krebsonsecurity.com) 71

Ebay has started to inform customers who use a hardware key fob when logging into the site to switch to receiving a one-time code sent via text message. The move from the company, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is "a downgrade to a less-secure option," say security reporter Brian Kerbs. He writes: In early 2007, PayPal (then part of the same company as Ebay) began offering its hardware token for a one-time $5 fee, and at the time the company was among very few that were pushing this second-factor (something you have) in addition to passwords for user authentication. I've still got the same hardware token I ordered when writing about that offering, and it's been working well for the past decade. Now, Ebay is asking me to switch from the key fob to text messages, the latter being a form of authentication that security experts say is less secure than other forms of two-factor authentication (2FA). The move by Ebay comes just months after the National Institute for Standards and Technology (NIST) released a draft of new authentication guidelines that appear to be phasing out the use of SMS-based two-factor authentication.
Firefox

Firefox for Linux is Now Netflix Compatible (betanews.com) 70

Brian Fagioli, writing for BetaNews: For a while, Netflix was not available for traditional Linux-based operating systems, meaning users were unable to enjoy the popular streaming service without booting into Windows. This was due to the company's reliance on Microsoft Silverlight. Since then, Netflix adopted HTML5, and it made Google Chrome and Chromium for Linux capable of playing the videos. Unfortunately, Firefox -- the open source browser choice for many Linux users -- was not compatible. Today this changes, however, as Mozilla's offering is now compatible with Netflix!
Cellphones

Wells Fargo: All ATMs Will Take Phone Codes, Not Just Cards (go.com) 70

Given the prevalence of smartphones nowadays, Wells Fargo has announced plans to upgrade all 13,000 of its ATMs next week to allow customers to access their money using their cellphones instead of traditional bank cards. Wells Fargo would be the first to upgrade all of its ATMs with the feature across the United States. ABC News reports: To access their money, customers would get unique eight-digit codes from their Wells Fargo smartphone app, and enter the code into the ATM along with their PIN number. The machines will still accept debit cards as well. One limitation of the one-time code, though, is that it won't work on the secure doors that many branches have for non-business hours that require a customer to swipe an ATM or debit card to gain entry. Wells Fargo said those secure doors are found at a small percentage of branches, mostly in major metropolitan areas like New York City or Chicago. Wells said it plans to roll out another upgrade to its ATMs later this year, which will allow customers to access the ATMs by holding their smartphones up to a reader on the machine, instead of entering the eight-digit code. It would be similar to using Apple Pay or Samsung Pay, the bank said.
Biotech

Tech Billionaires Invest In Linking Brains To Computers (technologyreview.com) 77

"To many in Silicon Valley, the brain looks like an unconquered frontier whose importance dwarfs any achievement made in computing or the Web," including Bryan Johnson, the founder of Braintree online payments, and Elon Musk. An anonymous reader quotes MIT Technology Review: Johnson is effectively jumping on an opportunity created by the Brain Initiative, an Obama-era project which plowed money into new schemes for recording neurons. That influx of cash has spurred the formation of several other startups, including Paradromics and Cortera, also developing novel hardware for collecting brain signals. As part of the government brain project, the defense R&D agency DARPA says it is close to announcing $60 million in contracts under a program to create a "high-fidelity" brain interface able to simultaneously record from one million neurons (the current record is about 200) and stimulate 100,000 at a time...

According to neuroscientists, several figures from the tech sector are currently scouring labs across the U.S. for technology that might fuse human and artificial intelligence. In addition to Johnson, Elon Musk has been teasing a project called "neural lace," which he said at a 2016 conference will lead to "symbiosis with machines." And Mark Zuckerberg declared in a 2015 Q&A that people will one day be able to share "full sensory and emotional experiences," not just photos. Facebook has been hiring neuroscientists for an undisclosed project at Building 8, its secretive hardware division.

Elon Musk complains that the current speeds for transferring signals from brains are "ridiculously slow".
Communications

Netflix Replacing Star Ratings With Thumbs Up and Thumbs Down (variety.com) 97

An anonymous reader quotes a report from Variety: Get ready to say goodbye to star ratings on Netflix: The company is getting ready to replace stars with Pandora-like thumbs ups and thumbs downs in the coming weeks. Previously-given star rating will still be used to personalize the profiles of Netflix users, but the stars are disappearing from the interface altogether. Netflix VP of Product Todd Yellin told journalists on Thursday during a press briefing at the company's headquarters in Los Gatos, Calif., that the company had tested the new thumbs up and down ratings with hundred of thousands of members in 2016. "We are addicted to the methodology of A/B testing," Yellin said. The result was that thumbs got 200% more ratings than the traditional star-rating feature. Netflix is also introducing a new percent-match feature that shows how good of a match any given show or movie is for an individual subscriber. For example, a show that should close to perfectly fit a user's taste may get a 98% match. Shows that have less than a 50% match won't display a match-rating, however.
The Media

Nick Denton Predicts 'The Good Internet' Will Rise Again (pcworld.com) 135

Gawker founder Nick Denton argued today that the future will be rooted in sites like Reddit which involve their reader community -- even if there's only a handful of subtopics each user is interested in. "There's a vitality to it and there's a model for what [media] could be," he told an audience at the South by Southwest festival.

But when it comes to other social media sites, "Facebook makes me despise many of my friends and Twitter makes me hate the rest of the world," Denton said. And he attempted to address America's politically-charged atmosphere where professional news organizations struggled to pay their bills while still producing quality journalism. An anonymous reader quotes PCWorld: The internet played a huge role in this crisis, but despite it all, Denton thinks the web can be the solution to the problems it created. "On Google Hangouts chats or iMessage you can exchange quotes, links, stories, media," he said. "That's a delightful, engaging media experience. The next phase of media is going to come out of the idea of authentic, chill conversation about things that matter. Even if we're full of despair over what the internet has become, it's good to remind yourself when you're falling down some Wikipedia hole or having a great conversation with somebody online -- it's an amazing thing. In the habits that we enjoy, there are the seeds for the future. That's where the good internet will rise up again."
To show his support for news institutions, Denton has also purchased a paid subscription to the New York Times' site.

Comment No more cold cases! (Score 1) 50

Now, Officer John Law will have a trove of DNA samples to synthesize and contaminate any evidence in the unlocked property room that will 'solve' any stone-cold whodunnit! Get rid of every pesky minority in their fine Apartheid Red communities because DNA evidence to corn-pone mouth-breathing juries is the word of God writ large.

Slashdot Top Deals

A man is not complete until he is married -- then he is finished.

Working...