arogier - Slashdot User

Submission + - OpenBSD Mail Server Allows Remotely Executing Shell Commands As Root 1

Submitted by Anonymous Coward on Tuesday January 28, 2020 @09:53PM

An anonymous reader writes: A remotely exploitable vulnerability for OpenSMTPD originally appearing in the Morris Worm of 1988 has been found. The vulnerability was introduced to OpenBSD's mailserver in May 2018.

Submission + - Ask Slashdot: Will P2P Video Sites Like BitChute Someday Replace YouTube?

Submitted by dryriver on Sunday September 29, 2019 @04:43PM

dryriver writes: BitChute ( https://www.bitchute.com/ ) is a video hosting website like YouTube, except that it states its mission as being "anti-censorship" and is Peer-To-Peer, WebTorrent based. From Wikipedia: "It is based on the peer-to-peer WebTorrent system, a JavaScript torrenting program that can run in a web browser. Users who watch a video also seed it. BitChute does not rely on advertising, and users can send payments to video creators directly. In November 2018 BitChute was banned from PayPal." So it seems that you don't need huge datacenters to build something like Youtube — Bitchute effectively relies on its users to act as a distributed P2P datacenter. Is this the future of internet video? Will more and more people flock to P2P video hosting sites as/when more mainstream services like Youtube fall prey to various forms of censorship?

Submission + - Microsoft no longer allows offline accounts in Windows 10 5

Submitted by xack on Sunday September 29, 2019 @10:07AM

xack writes: In a big blow for privacy, Microsoft is no longer allowing users to create "offline accounts" in the Windows 10 setup screen. Forcing users to provide their e-mail addresses and phone numbers to Microsoft. This option was only just removed, and is probably a GDPR violation.

Submission + - Libre-RISC-V 3D CPU/GPU applying for EUR 400,000 worth of NLNet Grants (google.com)

Submitted by lkcl on Sunday September 29, 2019 @03:45AM

lkcl writes: The Libre RISC-V Hybrid CPU/GPU, previously reported on /., is applying for eight additional grants from the NLNet Foundation, totalling EUR 400,000. Details on each Grant Application are on the newly-opened RISC-V Community Forum.

The general idea is to kick RISC-V into a commercially-viable mass-volume high gear by putting forward funding proposals for NEON/SSE-style Video Acceleration to be upstreamed for use by ffmpeg, vlc, mplayer and gstreamer; hardware-assisted Mesa 3D (a port of the RADV Vulkan Driver to RISC-V), and a hardware-accelerated OpenCL port to RISC-V. This all in a "Hybrid" fashion (a la NEON/SSE) as opposed to the "usual" way that 3D and Video is done, which hugely complicate both software drivers and applications debugging.

In addition, the Libre RISC-V SoC itself is applying for grants to do a gcc port supporting its Vectorisation Engine including auto-vectorisation, and, crucially, to do an entirely Libre-licensed ASIC Layout using LIP6.fr coriolis2, working in tandem with Chips4Makers to create a 180nm commercially-viable single-core dual-issue test ASIC.

The process takes approximately 2-3 months for approval. Once accepted, anyone may be the direct (tax-deductible) recipient of NLNet donations, for sub-tasks completed. Worth noting: Puri.sm is sponsoring the project, and, given NLNet's Charitable Status, donations from Corporations (or individuals) are 100% tax-deductible.

Submission + - New Federal Rules Limit Police Searches of Family Tree DNA Databases (sciencemag.org)

Submitted by Anonymous Coward on Friday September 27, 2019 @04:44PM

An anonymous reader writes: The U.S. Department of Justice (DOJ) released new rules yesterday governing when police can use genetic genealogy to track down suspects in serious crimes—the first-ever policy covering how these databases, popular among amateur genealogists, should be used in law enforcement attempts to balance public safety and privacy concerns. The DOJ interim policy, which takes effect on 1 November, is intended to “balance the Department’s relentless commitment to solving violent crime and protecting public safety against equally important public interests,” such as privacy and civil liberties, a press release states. The policy says “forensic genetic genealogy” should generally be used only for violent crimes such as murder and rape, as well as to identify human remains. (The policy permits broader use if the ancestry database’s policy allows such searches.) Police should first exhaust traditional crime solving methods, including searching their own criminal DNA databases.

Under the new policy, police can’t quietly upload a fake profile to a genealogy website, as some have done in hopes of finding a suspect’s distant relatives, without first identifying themselves. And the site itself must have informed its users that law enforcement agencies may search their data. The policy also bars police from using a suspect’s DNA profile to look for genes related to disease risks or psychological traits. Another provision attempts to limit situations in which police secretly take a DNA sample from a suspect’s relative—from a discarded cup or tissue, for example—to help home in on a suspect. The policy says the person must give their informed consent unless police have obtained a search warrant.

Submission + - Interview with the guy who tried to frame me for heroin possession

Submitted by Anonymous Coward on Friday September 27, 2019 @01:45PM

An anonymous reader writes: krebsonsecurity.com: “In April 2013, I received via U.S. mail more than a gram of pure heroin as part of a scheme to get me arrested for drug possession. But the plan failed and the Ukrainian mastermind behind it soon after was imprisoned for unrelated cybercrime offenses.”

Submission + - Legal Shield for Websites Rattles Under Onslaught of Hate Speech (nytimes.com)

Submitted by schwit1 on Tuesday August 06, 2019 @11:50AM

schwit1 writes: Section 230 of the Communications Decency Act, has helped Facebook, YouTube, Twitter and countless other internet companies flourish.

But Section 230’s legal protection has also extended to fringe sites hosting hate speech, anti-Semitic content and racist tropes like 8chan, the internet message board where the suspect in the El Paso shooting massacre posted his manifesto.

The law shields websites from liability for content created by their users, while permitting internet companies to moderate their sites without being on the hook legally for everything they host. It does not provide blanket protection from legal responsibility for some criminal acts, like posting child pornography or violations of intellectual property.

Now, as scrutiny of big technology companies has intensified in Washington over a wide variety of issues, including how they handle the spread of disinformation or police hate speech, lawmakers are questioning whether Section 230 should be changed.

While there is growing political will to do something about Section 230, finding a middle ground on potential changes is a challenge.

“When I got here just a few months ago, everybody said 230 was totally off the table, but now there are folks coming forward saying this isn’t working the way it was supposed to work,” said Mr. Hawley, who took office in January. “The world in 2019 is very different from the world of the 1990s, especially in this space, and we need to keep pace.”

Submission + - Porn Purveyors' Use of Copyright Lawsuits Has Judges Seeing Red (bloombergquint.com) 2

Submitted by pgmrdlm on Monday August 05, 2019 @12:00PM

pgmrdlm writes: Bloomberg) — Pornography producers and sellers account for the lion’s share of copyright-infringement lawsuits in the U.S. — and judges may have seen enough. The courts are cracking down on porn vendors that file thousands of lawsuits against people for downloading and trading racy films on home computers, using tactics a judge called a “high tech shakedown.” In one case, two men were jailed in a scheme that netted $6 million in settlements.

The pornography companies have “a business model that seeks to profit from litigation and threats of litigation rather than profiting from creative works,” said Mitch Stoltz, a senior attorney with the Electronic Frontier Foundation, a San Francisco group that has waged a campaign against companies it thinks abuse the copyright system.

Two companies that make and sell porn are responsible for almost half of the 3,404 copyright lawsuits filed in the U.S. in the first seven months of this year, according to an analysis by Bloomberg Law’s Tommy Shen. Malibu Media LLC, which distributes such titles as “Stunning Sexy Shower,” has filed some 8,000 lawsuits nationwide since 2012. Strike 3 Holdings LLC, operator of such sites as “Tushy” and “Vixen,” has filed about 3,500 lawsuits in just the past two years, according to Bloomberg Law dockets.

Submission + - Two new serious vulnerabilities have been unearthed in the WPA3 standard (zdnet.com)

Submitted by Artem S. Tashkinov on Sunday August 04, 2019 @11:37AM

Artem S. Tashkinov writes: Mathy Vanhoef and Eyal Ronen have recently disclosed two new additional bugs impacting WPA3. The security researched duo found the new bugs in the security recommendations the WiFi Alliance created for equipment vendors in order to mitigate the initial Dragonblood attacks. Just like the original Dragonblood vulnerabilities from April, these two new ones allow attackers to leak information from WPA3 cryptographic operations and brute-force a WiFi network's password.

On their webpage the researchers lamented that, "once again, it shows that privately creating security recommendations and standards is at best irresponsible and at worst inept".

Submission + - Georgia Department of Public Safety hit by ransomware attack.

Submitted by McFortner on Saturday August 03, 2019 @04:50PM

McFortner writes: On July 27th the Georgia Department of Public Safety announced that they got hit by a ransomware attack. When I went in to get a copy of an accident report this Friday, the officer at the Henry County, GA, police department told me that at least 7 counties in the Atlanta area were hit at the same time and they had no way of knowing when their computers would be back up. They suggest to anybody needing a report to call them first to see if by any chance the system is back up and the report is finished and can be picked up.

Submission + - Ask Slashdot: Would you rather buy a product or a service? SaaS is always bad? (wikipedia.org) 1

Submitted by shanen on Saturday August 03, 2019 @04:07PM

shanen writes: Concrete example: Product version of Microsoft Office 2013 versus the Service version called Microsoft Office 365.

SaaS is basically immortal and the permanent winner is the corporate cancer that sells it. But maybe SaaS is the natural result of producing terrible software? Microsoft "products" have been permanently broken for a LONG time. New bugs and security vulnerabilities keep being discovered, which means the product cannot EVER be regarded as completed. Whatever the original cost, no matter what the software was supposed to do, it needs unending support. Right now I'm unable to see any other solution than SaaS!

Not limited to Microsoft, of course. Perhaps Apple was the original source of the approach, and several other corporate cancers are now eclipsing Microsoft, but I think Microsoft was the first major "success story" of the approach.

(Well, actually I do see at least one alternative, but there's no way to get there from here.)

Submission + - Life-Altering Copyright Lawsuits Coming to Regular People Under Proposed Bill (eff.org)

Submitted by SonicSpike on Tuesday July 30, 2019 @07:51PM

SonicSpike writes: The Senate Judiciary Committee intends to vote on the CASE Act, legislation that would create a brand new quasi-court for copyright infringement claims. We have expressed numerous concerns with the legislation, and serious problems inherent with the bill have not been remedied by Congress before moving it forward. In short, the bill would supercharge a “copyright troll” industry dedicated to filing as many “small claims” on as many Internet users as possible in order to make money through the bill’s statutory damages provisions. Every single person who uses the Internet and regularly interacts with copyrighted works (that’s everyone) should contact their Senators to oppose this bill.

Making it so easy to sue Internet users for allegedly infringing a copyrighted work that an infringement claim comes to resemble a traffic ticket is a terrible idea. This bill creates a situation where Internet users could easily be on the hook for multiple $5,000 copyright infringement judgments without many of the traditional legal safeguards or rights of appeal our justice system provides.

Proponents of the legislation argue that the bill’s cap on statutory damages in a new “small claims” tribunal will protect accused infringers. But the limits imposed by the CASE Act of $15,000 per work are far higher than the damages caps in most state small claims courts—and they don’t require any proof of harm or illicit profit. The Register of Copyrights would be free to raise that cap at any time. And the CASE Act would also remove a vital rule that protects Internet users – the registration precondition on statutory damages.

Today, someone who is going to sue a person for copyright infringement has to register their work with the Copyright Office before the infringement began, or within three months of first publication, in order to be entitled to statutory damages. Without a timely registration, violating someone’s copyright would only put an infringer on the hook for what the violation actually cost the copyright holder (called “actual damages”), or the infringer’s profits. This is a key protection for the public because copyright is ubiquitous: it automatically covers nearly every creative work from the moment it’s set down in tangible form. But not every scribble, snapshot, or notepad is eligible for statutory damages—only the ones that U.S. authors make a small effort to protect up front by filing for registration. But if Congress passes this bill, the timely registration requirement will no longer be a requirement for no-proof statutory damages of up to $7,500 per work. In other words, nearly every photo, video, or bit of text on the Internet can suddenly carry a $7,500 price tag if uploaded, downloaded, or shared even if the actual harm from that copying is nil.

For many Americans, where the median income is $57,652 per year, this $7,500 price tag for what has become regular Internet behavior would result in life-altering lawsuits from copyright trolls that will exploit this new law. That is what happens when you eliminate the processes that tend to ensure only a truly motivated copyright holder can obtain statutory damages.

Submission + - Historic Computer Science Boolean Sensitivity Conjecture Solved (quantamagazine.org)

Submitted by Faizdog on Saturday July 27, 2019 @11:23AM

Faizdog writes: The “sensitivity” conjecture stumped many top computer scientists, yet the new proof is so simple that one researcher summed it up in a single tweet.

“This conjecture has stood as one of the most frustrating and embarrassing open problems in all of combinatorics and theoretical computer science,” wrote Scott Aaronson of the University of Texas, Austin, in a blog post. “The list of people who tried to solve it and failed is like a who’s who of discrete math and theoretical computer science,” he added in an email.

The conjecture concerns Boolean functions, rules for transforming a string of input bits (0s and 1s) into a single output bit. One such rule is to output a 1 provided any of the input bits is 1, and a 0 otherwise; another rule is to output a 0 if the string has an even number of 1s, and a 1 otherwise. Every computer circuit is some combination of Boolean functions, making them “the bricks and mortar of whatever you’re doing in computer science,” said Rocco Servedio of Columbia University.

“People wrote long, complicated papers trying to make the tiniest progress,” said Ryan O’Donnell of Carnegie Mellon University.

Now Hao Huang, a mathematician at Emory University, has proved the sensitivity conjecture with an ingenious but elementary two-page argument about the combinatorics of points on cubes. “It is just beautiful, like a precious pearl,” wrote Claire Mathieu, of the French National Center for Scientific Research, during a Skype interview.

Aaronson and O’Donnell both called Huang’s paper the “book” proof of the sensitivity conjecture, referring to Paul Erds’ notion of a celestial book in which God writes the perfect proof of every theorem. “I find it hard to imagine that even God knows how to prove the Sensitivity Conjecture in any simpler way than this,” Aaronson wrote.

It can even be described in a single tweet!

Submission + - Japan Approves First Human-Animal Embryo Experiments (nature.com) 2

Submitted by Anonymous Coward on Friday July 26, 2019 @05:39PM

An anonymous reader writes: A Japanese stem-cell scientist is the first to receive government support to create animal embryos that contain human cells and transplant them into surrogate animals since a ban on the practice was overturned earlier this year. Hiromitsu Nakauchi, who leads teams at the University of Tokyo and Stanford University in California, plans to grow human cells in mouse and rat embryos and then transplant those embryos into surrogate animals. Nakauchi's ultimate goal is to produce animals with organs made of human cells that can, eventually, be transplanted into people.

Until March, Japan explicitly forbid the growth of animal embryos containing human cells beyond 14 days or the transplant of such embryos into a surrogate uterus. That month Japan’s education and science ministry issued new guidelines allowing the creation of human-animal embryos that can be transplanted into surrogate animals and brought to term. Nakauchi’s experiments are the first to be approved under Japan’s new rules, by a committee of experts in the science ministry. Final approval from the ministry is expected next month.

Submission + - Banned Chinese Security Cameras Are Almost Impossible To Remove (bloomberg.com)

Submitted by Anonymous Coward on Wednesday July 10, 2019 @05:25PM

An anonymous reader writes: U.S. federal agencies have five weeks to rip out Chinese-made surveillance cameras in order to comply with a ban imposed by Congress last year in an effort to thwart the threat of spying from Beijing. But thousands of the devices are still in place and chances are most won’t be removed before the Aug. 13 deadline. A complex web of supply chain logistics and licensing agreements make it almost impossible to know whether a security camera is actually made in China or contains components that would violate U.S. rules. The National Defense Authorization Act, or NDAA, which outlines the budget and spending for the Defense Department each year, included an amendment for fiscal 2019 that would ensure federal agencies do not purchase Chinese-made surveillance cameras. The amendment singles out Zhejiang Dahua Technology Co. and Hangzhou Hikvision Digital Technology Co., both of which have raised security concerns with the U.S. government and surveillance industry.

Despite the looming deadline to satisfy the NDAA, at least 1,700 Hikvision and Dahua cameras are still operating in places where they’ve been banned, according to San Jose, California-based Forescout Technologies, which has been hired by some federal agencies to determine what systems are running on their networks. The actual number is likely much higher, said Katherine Gronberg, vice president of government affairs at Forescout, because only a small percentage of government offices actually know what cameras they’re operating. The agencies that use software to track devices connected to their networks should be able to comply with the law and remove the cameras in time, Gronberg said. “The real issue is for organizations that don’t have the tools in place to detect the banned devices,” she added.

Slashdot Top Deals