Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Bad Neighborhoods Theory Applies to Bots, Also (securityledger.com)

chicksdaddy writes: It turns out that the “bad neighborhoods” theory (http://ns.umich.edu/new/releases/8588) applies to computers, as well as people.

Researchers from the firm Recorded Future said that the company has developed what it described as a “support vector machine” model to analyze contextual open source intelligence (OSINT) data on malicious online behavior. (https://www.recordedfuture.com/artificial-intelligence-cyber-defense/) That is cross referenced to “CIDR neighborhoods” – blocks of Internet addresses identified using Classless Internet Domain Routing. The AI's output is a predictive risk score for specific IP addresses that are likely to turn to crime.

So far the results are promising. In one case, Recorded Future tagged an IP address as likely to be used in an attack a full 10 days before it actually was. In an analysis of 500 previously unseen IPs with a predictive risk scores that suggested they would become malicious, 25% turned up on independent, open source lists of malicious IP addresses within 7 days, the company said. By comparison, just %.02 percent of the entire population of global (IPV4) IP addresses are marked as malicious at any time, the company said.

As for why, the explanation that Recorded Future gives sounds similar to the findings of sociological and psychologic research on the effects of bad neighborhoods. The notion there is that “bad neighborhoods” – characterized by crime, poverty and a scarcity of good role models and economic opportunities – can affect the cognitive development of children and even of the children of those children.(https://psmag.com/growing-up-poor-has-effects-on-your-children-even-if-you-escape-poverty-df11e668378a#.a27begtv0)

In the case of Internet connected systems that are destined to ‘go bad,’ the issue is proximity to computers that are involved in malicious activity, Staffan Truve, CTO, Recorded Future told The Security Ledger.(https://securityledger.com/2016/12/bad-neighborhoods-predict-which-computers-turn-to-crime-also/)

Hackers and botnet operators are rational, economic beings, he observes. That means that they will eventually use infrastructure that they rent for a purpose (like virtual systems in a data center that might be rented out for use in a denial of service attack). By analyzing the “closeness” of IPV4 addresses, Recorded Future found a predictor of future malicious activity. Proximity to one of those bad apples makes it more likely that you’re a bad apple, also – or soon will be, he said. “There’s an underlying logic, which is that the neighborhood (the system) is in will be the core part of whether it becomes malicious, but also how your neighbors are talked about.”

Submission + - Pebble Is No More After Fitbit Buys Smartwatch Assets

Mickeycaskill writes: Pebble will no longer support or make smartwatches, ending its bid to become an independent challenger to Apple, Samsung and others.

The original Pebble watch was funded on Kickstarter and other devices had been added to the range over the years. However the journey is at an end.

Fitbit's acquisition does not include the products Pebble has, mostly variants of its smartwatch, but rather adds assets that aim to help fitness wearable specialist Fitbit better establish a platform from which other fitness and health related products and services can be built upon.

“The additional resources will facilitate the faster delivery of new products, features and functionality while introducing speed and efficiencies to develop the general purpose utility consumers value in a connected device,” Fitbit said.

Pebble on the other hand will case creating its smartwatches and will cease to operate as an independent entity.

Submission + - ESPN Loses Another 555,000 Subscribers Per Nielsen (outkickthecoverage.com)

An anonymous reader writes: Last month ESPN lost 621,000 subscribers according to Nielsen media estimates, which was the worst month in the company's history. This month things weren't much better — ESPN lost another 555,000 subscribers according to Nielsen media estimates, meaning that the worst month in the history of ESPN has now been followed up by the second worst month in ESPN history. ESPN has now lost a jawdropping 1.176 million subscribers in the past two months.

Putting that into perspective, that means nearly 20,000 people a day are leaving ESPN for each of the past two months. If that annual average subscriber loss continued, ESPN would lose over seven million subscribers in the next 12 months. And at an absolute minimum, these 1.176 million lost subscribers in the past two months will lead to a yearly loss in revenue of over $100 million. According to Nielsen ESPN now has 88.4 million cable and satellite subscribers, a precipitous decline from well over 100 million subscribers just a few years ago.

Submission + - Matt Taibbi: 'Washington Post' 'Blacklist' Story Is Shameful and Disgusting (rollingstone.com)

MyFirstNameIsPaul writes: From the article:

Most high school papers wouldn't touch sources like these. But in November 2016, both the president-elect of the United States and the Washington Post are equally at ease with this sort of sourcing.

Even worse, the Post apparently never contacted any of the outlets on the "list" before they ran their story. Yves Smith at Naked Capitalism says she was never contacted. Chris Hedges of Truthdig, who was part of a group that won the Pulitzer Prize for The New York Times once upon a time, said the same. "We were named," he tells me. "I was not contacted."

Hedges says the Post piece was an "updated form of Red-Baiting."

"This attack signals an open war on the independent press," he says. "Those who do not spew the official line will be increasingly demonized in corporate echo chambers such as the Post or CNN as useful idiots or fifth columnists."


Submission + - The IRS Just Declared War on Bitcoin Privacy (fee.org)

SonicSpike writes: The Internal Revenue Service has filed a “John Doe” summons seeking to require U.S. Bitcoin exchange Coinbase to turn over records about every transaction of every user from 2013 to 2015.

That demand is shocking in sweep, and it includes: “complete user profile, history of changes to user profile from account inception, complete user preferences, complete user security settings and history (including confirmed devices and account activity), complete user payment methods, and any other information related to the funding sources for the account/wallet/vault, regardless of date.” And every single transaction.

The demand is not limited to owners of large amounts of Bitcoin or to those who have transacted in large amounts. Everything about everyone.

Equally shocking is the weak foundation for making this demand. In a declaration submitted to the court, an IRS agent recounts having learned of tax evasion on the part of one Bitcoin user and two companies. On this basis, he and the IRS claim “a reasonable basis for believing” that all U.S. Coinbase users “may fail or may have failed to comply” with the internal revenue laws.

The IRS’s effort to strip away the privacy of all Coinbase users is more broad than the government’s effort in recent cases dealing with cell site location information. In the CSLI cases, the government has sought data about particular suspects, using a standard below the probable cause standard required by the Fourth Amendment (“specific and articulable facts showing that there are reasonable grounds to believe”).

Submission + - Facebook fake-news writer: "Donald Trump is in the White House because of me" (washingtonpost.com) 1

JoeyRox writes: "Paul Horner, the 38-year-old impresario of a Facebook fake-news empire, has made his living off viral news hoaxes for several years. He has twice convinced the Internet that he’s British graffiti artist Banksy; he also published the very viral, very fake news of a Yelp vs. “South Park” lawsuit last year. But in recent months, Horner has found the fake-news ecosystem growing more crowded, more political and vastly more influential: In March, Donald Trump’s son Eric and his then-campaign manager, Corey Lewandowski, even tweeted links to one of Horner’s faux-articles. His stories have also appeared as news on Google."

Submission + - OAuth 2.0 Flaw Exposes 1 Billion Mobile Apps to Takeover (threatpost.com)

msm1267 writes: Third-party applications that allow single sign-on via Facebook and Google and support the OAuth 2.0 protocol, are exposed to account hijacking.

Three Chinese University of Hong Kong researchers presented at Black Hat EU last week a paper called “Signing into One Billion Mobile LApp Accounts Effortlessly with OAuth 2.0.” The paper describes an attack that takes advantage of poor OAuth 2.0 implementations and puts more than one billion apps in jeopardy.

The researchers examined 600 top U.S. and Chinese mobile apps that use OAuth 2.0 APIs from Facebook, Google and Sina—which operates Weibo in China—and support SSO for third-party apps. The researchers found that 41.2 percent of the apps they tested were vulnerable to their attack, including popular dating, travel, shopping, hotel booking, finance, chat, music and news apps. None of the apps were named in the paper, but some have been downloaded hundreds of millions of times and can be exploited for anything from free phone calls to fraudulent purchases.

Submission + - The sorry state of science the last time the Cubs won the World Series (sciencemag.org)

sciencehabit writes: In 1908, the last time the Chicago Cubs won the World Series, humans were far from ignorant. People already crossed continents and oceans on trains and ships, and they sent and received messages over vast distances using the telegraph. Yet, scientifically, people had only begun to systematically decipher nature's mysteries. Indeed, a quick look at the state of the sciences shows how shockingly far humans have comes since the Cubs last won baseball's championship. Astronomers knew of only one galaxy (our own), DNA was unknown, and the terms "big bang", "black hole", and "antimatter" had not been invented. Science has the full list of what we did--and didn't--know 100 years ago.

Submission + - SPAM: AT&T Is Spying on Americans for Profit, New Documents Reveal

schwit1 writes: The telecom giant is doing NSA-style work for law enforcement—without a warrant—and earning millions of dollars a year from taxpayers.

Hemisphere isn’t a “partnership” but rather a product AT&T developed, marketed, and sold at a cost of millions of dollars per year to taxpayers. No warrant is required to make use of the company’s massive trove of data, according to AT&T documents, only a promise from law enforcement to not disclose Hemisphere if an investigation using it becomes public.

Hemisphere is used far beyond the war on drugs to include everything from investigations of homicide to Medicaid fraud.

Link to Original Source

Submission + - This is How Russian Hackers Broke Into John Podesta's Gmail Account (vice.com)

An anonymous reader writes: A series of previously unpublished malicious Bitly links are the smoking gun that proves Russian hackers broke into the Gmail account of John Podesta, the Hillary campaign chair. The links also prove an undeniable connection between the leak of Podesta's emails on WikiLeaks and other leaks of hacked emails on "DCLeaks."

Submission + - NSA Deputy Proposes Dedicated U.S. Cybersecurity Team (thestack.com)

An anonymous reader writes: Curtis Dukes, the NSA Deputy National Manager for National Security Systems, has urged the government to rethink their cybersecurity strategy as a whole, and find a way to unite separate departments to create a cohesive security policy to combat cybercrime. Speaking at a public policy think tank, Dukes outlined the lack of inter-agency cooperation that he believes is endangering national security, observing that managing the response requirements of different departments involved in cybercrime creates a delay of days — or even up to a week — when responding to a cyberattack. “I am now firmly convinced that we need to rethink how we do cyber defense as a nation.” he said. “By the time we get that sorted we are at a disadvantage when it comes to an adversary and how they can attack us in that regard.”

Submission + - Oak Ridge National Laboratory turns CO2 to booze, er, I mean fuel (ornl.gov)

davidwr writes: The laboratory's process turns carbon dioxide into ethanol using common materials and nanotechnology. The laboratory press release is here, the paper is here.

The press release did not mention how much, if any, of the ethanol would be used for celebratory purposes.

Paper citation:

Song, Y., Peng, R., Hensley, D. K., Bonnesen, P. V., Liang, L., Wu, Z., Meyer, H. M., Chi, M., Ma, C., Sumpter, B. G. and Rondinone, A. J. (2016), High-Selectivity Electrochemical Conversion of CO2 to Ethanol using a Copper Nanoparticle/N-Doped Graphene Electrode. ChemistrySelect. doi:10.1002/slct.201601169

Submission + - Chrome Version 53 Introduces Web Bluetooth

jenningsthecat writes: From Hackaday.com comes the news that the latest version of Chrome includes trial support for Web Bluetooth. According to Hackaday, "JavaScript code, served to your browser, can now connect directly to your Bluetooth LE (BTLE) devices". The article goes on to discuss the pros and (significant) cons of this development.

Yikes! The IOT continues to spread its tentacles, and the possibility of retaining some small vestige of personal privacy diminishes by the second.

Submission + - Vanity Fair Publishes Expose Article on Theranos

PvtVoid writes: In a new article, Vanity Fair examines the Theranos disaster, from origins to aftermath. It's a compelling story of hubris, glamour and secrecy about the unicorn Silicon Valley company that turned out to be founded on bullshit. While not the only unicorn company founded on bullshit, Theranos had the distinction of actually putting its customers' lives in danger: "[The Centers for Medicare and Medicaid Services] soon discovered that some of the tests Theranos was performing were so inaccurate that they could leave patients at risk of internal bleeding, or of stroke among those prone to blood clots. The agency found that Theranos appeared to ignore erratic results from its own quality-control checks during a six-month period last year and supplied 81 patients with questionable test results." At least Elizabeth Holmes is going to be played by Jennifer Lawrence in an upcoming movie.

Slashdot Top Deals

BASIC is to computer programming as QWERTY is to typing. -- Seymour Papert

Working...