Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Dinosaur Tail With Feathers Found Perfectly Preserved In Amber (bbc.com)

dryriver writes: The BBC reports: The tail of a feathered dinosaur has been found perfectly preserved in amber from Myanmar. The one-of-a-kind discovery helps put flesh on the bones of these extinct creatures, opening a new window on the biology of a group that dominated Earth for more than 160 million years. Examination of the specimen suggests the tail was chestnut brown on top and white on its underside. "This is the first time we've found dinosaur material preserved in amber," co-author Ryan McKellar, of the Royal Saskatchewan Museum in Canada, told the BBC News website. Co-author Prof Mike Benton, from the University of Bristol, added: "It's amazing to see all the details of a dinosaur tail — the bones, flesh, skin, and feathers — and to imagine how this little fellow got his tail caught in the resin, and then presumably died because he could not wrestle free."

Submission + - AT&T To Cough Up $88 Million For 'Cramming' Mobile Customer Bills (networkworld.com)

An anonymous reader writes: Some 2.7 million AT&T customers will share $88 million in compensation for having had unauthorized third-party charges added to their mobile bills, the Federal Trade Commission announced this morning. The latest shot in the federal government’s years-long battle against such abuses, these refunds will represent the most money ever recouped by victims of what is known as “mobile cramming,” according to the FTC. From an FTC press release: "Through the FTC’s refund program, nearly 2.5 million current AT&T customers will receive a credit on their bill within the next 75 days, and more than 300,000 former customers will receive a check. The average refund amount is $31. [...] According to the FTC’s complaint, AT&T placed unauthorized third-party charges on its customers’ phone bills, usually in amounts of $9.99 per month, for ringtones and text message subscriptions containing love tips, horoscopes, and 'fun facts.' The FTC alleged that AT&T kept at least 35 percent of the charges it imposed on its customers." The matter with AT&T was originally made public in 2014 and also involved two companies that actually applied the unauthorized charges, Tatto and Acquinity.

Submission + - EU Data Regulations Will Disrupt Online Advertising Business Model

Presto Vivace writes: New EU Data Regulations Will 'Rip Global Digital Ecosystem Apart'

The European Union's General Data Protection Regulation (GDPR) doesn't come into force until May 2018, but when it does it will have a profound effect on businesses. The regulation will apply to data about every one of the EU's 500 million citizens, wherever in the world it is processed or stored. ... ... Put simply, targeting and tracking companies will need to get user consent somehow. Everything that invisibly follows a user across the internet will, from May 2018, have to pop up and make itself known in order to seek express permission from individuals.

Submission + - Virginia spent over half a million on cell surveillance that mostly doesn't work (muckrock.com)

v3rgEz writes: In 2014, the Virginia State Police spent $585,265 on a specially modified Suburban outfitted with the latest and greatest in cell phone surveillance: The DRT 1183C, affectionately known as the DRTbox. But according to logs uncovered by public records website MuckRock, the pricey ride was only used 12 times — and only worked 7 of those times. Read the full DRTbox documents at MuckRock.

Submission + - An Emacs Lisp JIT Compiler Released (github.com)

kruhft writes: An Emacs Lisp JIT compiler has been released showing a 25% speedup improvement with the benchmarked raytracer. Using libjit, it 'compiles down the spine' of the bytecode vectors, moving the overhead of the interpreter loop into the hardware execution unit. Work in progress, but a good start on speeding up emacs overall. Thoughts?

Submission + - The Lack of Women in Cybersecurity is a Problem and a Threat (securityledger.com) 1

chicksdaddy writes: The devaluation of traditionally “soft” skills like empathy, communication and collaboration in the information security space may be hampering the ability of IT security teams to respond to human-focused threats and attacks, according to this article at The Security Ledger. (https://securityledger.com/2016/12/cybers-lack-of-women-a-problem-and-threat/)

Failing to prioritize skills like empathy, communication, and collaboration and the people who have them (regardless of their gender) and focusing on "hard skills" (technical expertise) "limits our conceptions of security solutions and increases risks to our systems and users."

The problem goes beyond phishing attacks and social engineering, too. “Studies have shown that projects that embrace diversity are more successful. It’s a simple truth that people with different life backgrounds and life experiences bring unique perspectives to problem-solving,” says Amie Stepanovich, the U.S. policy manager at Access Now.

In short: "when we keep hiring technologists to solve problems, we get keep getting technical solutions." Too often, such technical fixes fail to account for the human environment in which they will be deployed. “It’s prioritizing a ‘tech first’—not a ‘human first’ or ‘empathy first’—perspective,” says Dr. Sara “Scout” Sinclair Brody, the executive director of Simply Secure.

This isn’t the first article to raise a red flag over the technology sector's glaring shortage of empathy. (http://www.newyorker.com/business/currency/silicon-valley-has-an-empathy-vacuum).

And while instilling empathy and compassion in adults who lack it might seem like a tall order, the piece argues that it isn't an unsolvable problem: there are entire fields—like user experience and human-centered design—dedicated to improving the way humans and technology interact. “Shockingly little of that,” says Brody, “has made it into the security domain.”

Submission + - Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability (arstechnica.com)

An anonymous reader writes: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident—which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks.

Submission + - Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker (bleepingcomputer.com)

An anonymous reader writes: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds.

The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months.

Submission + - China passes law requiring full access to customer data (deepdotweb.com) 1

AnonymousCube writes: As if there wasn't enough reason to want tech companies to stay out of China, the Chinese government has passed a new cybersecurity law requiring companies to give them full access to customer information.

Companies are also required to give government investigators complete access to their data if there is suspected wrong-doing, and Internet operators must cooperate in any national security or crime-related investigation.

Note that China has an extremely flexible definition of "national security".
Additionally computer equipment will need to undergo mandatory certification, that could involve giving up source code, encryption keys, or even proprietary intellectual data, as Microsoft has been doing for some time.

Submission + - Surprise, "Fake News" is fake news! (theintercept.com) 1

An anonymous reader writes: A Washington Post article published claims from an organization critical of several U.S. news sites as being âoeroutine peddlers of Russian propaganda.â
The article titled âoeRussian propaganda effort helped spread âfake newsâ(TM) during election, experts sayâ The source, a website calling itself PropOrNot, claims that millions of Americans have been deceived this year in a massive Russian âoemisinformation campaign.â The Intercept claims the article is "rife with obviously reckless and unproven allegations", and âoea lot of reporters passed on this story.â while the post was all too anxious to push some more red scare.

Submission + - Online Security at IRS phone scam finally may be fizzling out (iblog.at)

amandabin writes: We all should be thankful on this Thanksgiving Day that one of the worst scams to hit the Lehigh Valley, and the nation, finally is on its way to being cooked.

Complaints about the IRS phone scam have dropped significantly in the past month or so. After three years, international detective work and technological advances finally have carved deeply into these turkeys' business.

The scheme isn't completely stuffed away yet, so remain vigilant. But it's certainly not as prevalent as it was.

The relentless calls started in fall 2013. Con artists pose as IRS and U.S. Treasury agents and threaten people with a lawsuit, arrest or grand jury investigation unless they immediately pay supposed tax debts.

The debts aren't real but the callers bully people into paying over the phone, usually with prepaid debit cards and iTunes cards. More than 9,600 people, including some locally, have lost a combined $50 million. A California man lost $136,000 when he was exploited repeatedly over 20 days, according to the U.S. Attorney General's Office.

I heard from hundreds of people who got the calls. Some were scared. Others were confused about whether the calls were legitimate. Many knew they were fraudulent and wanted to know how to stop them or where to report the scoundrels.

Nearly 2 million complaints about the scam have been reported to the Inspector General for Tax Administration. It's also the top scam complaint to the Better Business Bureau.

But it's been a month or more since I've heard any complaints. Reports to the inspector general and the BBB are way down.

That's because some of the people accused of making the calls have been locked up. Early last month, authorities in India raided a call center and charged 70 people with fraud. On Oct. 27, U.S. authorities announced that 56 others had been indicted; some of them in the states, along with five call centers in India.

"We are encouraged that our investigation, which resulted in the announced law enforcement action in late October, has had a significant impact on this criminal activity," inspector general's spokeswoman Karen Kraushaar told me.

At the peak of the scam, more than 30,000 calls were reported to the inspector general in a single week. That was down to about 1,000 in one recent week.

People still are being ripped off, though, and the inspector general recently learned of 40 people who lost money, Kraushaar said.

"It is extremely important that people remain vigilant and remember to hang up on callers who claim to be IRS or Treasury employees and make threatening calls demanding immediate payment," she said.

In about the past month, the Better Business Bureau's Scam Tracker website has received 91 reports of tax fraud, compared to 489 the previous month. While those figures include all types of tax scams, the vast majority are IRS scam calls.

"We are pleased with the drop and are looking forward to the day when we aren't getting any IRS tax scams reported," said Kelsey Owen, communications and public affairs director for the Better Business Bureau office that covers eastern Pennsylvania.

There are variations of these scam calls. Sometimes the callers are men. Sometimes they are women. Some calls are live while others at least start as robocalls. Callers often instruct victims not to tell anyone about what's going on and to remain on their cellphone while they are buying the prepaid cards to pay their supposed debt. The callers try to sound official, sometimes offering badge numbers and case numbers. But their foreign accents often give them away.

In addition to the arrests, technology also played a role in reducing the number of calls getting through.

As I reported in a recent column, a new technique being developed by phone and technology companies to block illegal robocalls stopped a substantial number of these scam calls during a test.

While this is all good news, I fear the fraud could catch a second wind. Schemes as profitable as this often morph into new ones. The Better Business Bureau also warned of that.

"We know from past experience that scammers are opportunists," Emma Fletcher, manager of the BBB's Scam Tracker, said in a news release last month. "Hopefully this crew won't be stealing from anyone again for a long while. But we will be keeping an eye on incoming scam reports so we can alert consumers what the 'next big thing' in scams turns out to be."

The IRS phone scam already was evolving prior to the raid in India. John Miller of Bethlehem Township told me he got several calls in late September from the "Office of Taxation" that followed the same script.

"I guess they gathered that everybody has figured out the IRS game so now they're trying a different name," Miller told me.

If you get an IRS scam call, you can report it to the Treasury Inspector General for Tax Administration (800-366-4484, www.tigta.gov) or the BBB Scam Tracker (www.bbb.org/scamtracker/us).

Protect yourself against scams by reading my previous Watchdog columns at www.mcall.com/watchdog. If you are targeted with a new scam, let me know and I'll warn others.

The Watchdog is published Thursdays and Sundays. Contact me at watchdog@mcall.com, 610-841-2364 or The Morning Call, 101 N. Sixth St., Allentown, PA, 18101. I'm on Twitter @mcwatchdog and Facebook at Morning Call Watchdog.

Submission + - Do Your Family Members Have a Right to Your Genetic Code? (technologyreview.com)

schwit1 writes: When a woman gets her genome sequenced, questions about privacy arise for her identical twin sister.

Patients must give their informed consent before undergoing whole-genome sequencing or any other genetic test. But there are no laws that restrict what patients can do with their own genetic information, or that require patients’ family members to be involved in the consent process. This raises questions about who owns an individual’s genetic code, since family members share many genetic traits and may harbor the same genetic abnormalities associated with certain diseases.

Submission + - 48 Organizations Now Have Access To Every Brit's Browsing Hstory (zerohedge.com)

schwit1 writes: Last week, in a troubling development for privacy advocates everywhere, we reported that the UK has passed the "snooper charter" effectively ending all online privacy. Now, the mainstream media has caught on and appears to be displeased. As AP writes today, "after months of wrangling, Parliament has passed a contentious new snooping law that gives authorities — from police and spies to food regulators, fire officials and tax inspectors — powers to look at the internet browsing records of everyone in the country."

For those who missed our original reports, here is the new law in a nutshell: it requires telecom companies to keep records of all users' web activity for a year, creating databases of personal information that the firms worry could be vulnerable to leaks and hackers. Civil liberties groups say the law establishes mass surveillance of British citizens, following innocent internet users from the office to the living room and the bedroom. They are right.

Which government agencies have access to the internet history of any British citizen? Here is the answer courtesy of blogger Chris Yuo, who has compiled the list:

Metropolitan police force
City of London police force
Police forces maintained under section 2 of the Police Act 1996
Police Service of Scotland
Police Service of Northern Ireland
British Transport Police
Ministry of Defence Police
Royal Navy Police
Royal Military Police
Royal Air Force Police
Security Service
Secret Intelligence Service
GCHQ
Ministry of Defence
Department of Health
Home Office
Ministry of Justice
National Crime Agency
HM Revenue & Customs
Department for Transport
Department for Work and Pensions
NHS trusts and foundation trusts in England that provide ambulance services
Common Services Agency for the Scottish Health Service
Competition and Markets Authority
Criminal Cases Review Commission
Department for Communities in Northern Ireland
Department for the Economy in Northern Ireland
Department of Justice in Northern Ireland
Financial Conduct Authority
Fire and rescue authorities under the Fire and Rescue Services Act 2004
Food Standards Agency
Food Standards Scotland
Gambling Commission
Gangmasters and Labour Abuse Authority
Health and Safety Executive
Independent Police Complaints Commissioner
Information Commissioner
NHS Business Services Authority
Northern Ireland Ambulance Service Health and Social Care Trust
Northern Ireland Fire and Rescue Service Board
Northern Ireland Health and Social Care Regional Business Services Organisation
Office of Communications
Office of the Police Ombudsman for Northern Ireland
Police Investigations and Review Commissioner
Scottish Ambulance Service Board
Scottish Criminal Cases Review Commission
Serious Fraud Office
Welsh Ambulance Services National Health Service Trust

Slashdot Top Deals

Research is what I'm doing when I don't know what I'm doing. -- Wernher von Braun

Working...