Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Microsoft Patents AI To Monitor All Actions In Windows And Feed It To Bing (hothardware.com) 1

MojoKid writes: Microsoft has angered users over the past year for its willingness to push the boundaries of acceptable practice for promoting adoption of its operating system. Also, some feel it crossed that line with respect to user data collection and privacy concerns. However, Microsoft stands to garner a lot more criticism if its recent patent filing comes to life in a production software product. The title of the filing is "Query Formulation Via Task Continuum" and it aims to make it easier for apps to share data in real-time so that the user can perform better searches. Microsoft feels that the current software model in which applications are self-contained within their own silos potentially slows the user down. To combat this disconnect, Microsoft has devised a way to facilitate better communications between apps through the use of what it calls a "mediation component." This is Microsoft's all-seeing-eye that monitors all input within apps to decipher what the user is trying to accomplish. All of this information could be gathered from apps like Word, Skype, or even Notepad by the mediator and processed. So when the user goes to the Edge web browser to further research a topic, those contextual concepts are automatically fed into a search query. Microsoft says that this will provide faster, more relevant searchers to users. The company says the mediator can be introduced as an optional module that can be installed in an operating system or directly built in. If it's the latter, plenty of people will likely be looking for a kill switch.

Submission + - Google Creates New Algorithm for Handling Web Traffic Congestion (softpedia.com)

An anonymous reader writes: A team of six Google engineers has submitted a commit to the Linux networking development group that implements a new computer algorithm for handling TCP traffic congestion control.

According to the team, the new algorithm will improve the efficiency with which Linux-based servers will handle network bottlenecks. The new algorithm has already been tested and used on Google's internal backbone networks, google.com and YouTube.

Google's staff says that implementing BBR only implies changes on the server side, not on the network or the receiving side. Equipment can be gradually upgraded without updating both sides of a connection. This means no patches for browsers, smartphones, or switches, just the servers.

Submission + - U.S. and China Ratify Paris Climate Accord

PvtVoid writes: The BBC reports that the U.S. and China have announced ratification of the Paris Climate Accord, designed to reduce greenhouse gas emissions enough to hold global warming to 2C. The U.S. and China are by far the world's largest producers of the greenhouse gases responsible for climate change.

Submission + - Banks still not sanitizing user input.

BarbaraHudson writes: Recently I tried once again to use my bank's mobile app. I had deleted it a couple of times in the past because I could never get it to work. The bank had all sorts of excuses — "Maybe your card hasn't been activated for online banking", "You need to download the latest version", "We'll need to reset your password", "We'll issue you a new card", etc. New card, password reset both did nothing.

Turns out that entering the card number as shown on the card will never work. The card format is 9999 9999 9999 9999 (spaces between each group of 4 digits). They failed Rule 00; sanitize input.

Entering the number in that format will always fail. In this case they failed to remove spaces before testing whether the card number was valid. The android code to remove the embedded spaces is pretty generic one-liner:

String cardNo = edittext.getText().toString().replace(" ", "");

Looking at the online forums, others have had the same problem for the app's entire existence.

Having figured that out, I was immediately locked out for "too many failures to answer the security question". Of course, it never presented a security question, because the bozo who wrote the program incremented some "bad answer" counter on every login attempt, even if they never got to the point of seeing a security question. It also locks you out of using web banking on the same account..

Locking someone out of their account is now easy as pie, because it also works if the user enters their name instead of their card number. (If you have 5 John Smiths, you'll lock them all out, since access is granted based on both the user name and password matching if the account number isn't entered). Just load up an android app for the bank (I won't disclose which bank until 45 days have passed since notifying them today), enter their name and a bogus password a few times, and every John Smith is locked out. And of course, if the so-called developers are failing to do such basic input sanitation, it makes me pretty sure there are other intern-level programmer bugs are awaiting exploitation elsewhere.

Adding frustration is that they cannot do a password reset over the phone unless you have already signed up for telephone banking. Now why would anyone sign up for telephone banking when an app or the web is supposed to be more convenient? The excuse I was given is that they need it to establish my identity. So why not just text me an sms or email code that I can enter when requesting a password reset?

Lets hope other banks didn't use the same app geniuses.

Submission + - 36000 SAP Systems Exposed Online, Most Open To Attacks (helpnetsecurity.com)

dinscott writes: ERPScan released the first comprehensive SAP Cybersecurity Threat Report, covering product security, implementation security, and security awareness.

Among the interesting findings is that of the 36,000 services found online, 69 percent should not be exposed directly to the Internet as they are designed for internal use only, have critical vulnerabilities or require additional network filtration. Also, that countries where the highest number of SAP security presentations were delivered are characterized by more secure SAP system installations than countries where researchers did not present their studies — a win for those who preach SAP security.

Submission + - SPAM: Bulk of melted fuel in Fukushima no. 2 reactor at bottom of pressure vessel

AmiMoJo writes: Most of the melted nuclear fuel inside the No. 2 reactor at the disaster-hit Fukushima No. 1 power plant is likely located at the bottom of its pressure vessel, plant operator TEPCO has revealed. According to a study that used a cosmic ray imaging system, an estimated 130 tons of the so-called fuel debris remains at the bottom of the vessel. A decision on how to remove fuel from the reactors is due by 2017. Reactors 2 and 3 are expected to be flooded with water to make the process easier, but reactor 1 will have to be done dry, which is much more difficult and unprecedented.

Submission + - Facebook, Twitter, and YouTube Blocked in Turkey During Reported Coup Attempt (techcrunch.com)

An anonymous reader writes: In response to an attempted military coup, the Turkish government has reportedly blocked social media sites including Facebook, Twitter and YouTube. TechCrunch reports: "Turkey Blocks, a Twitter account that regularly checks if sites are being blocked in the country, reported at 1:04 PM Pacific (11:04 PM Istanbul time) that Facebook, Twitter, and YouTube were all unresponsive, though Instagram and Vimeo remained available." Some Turkish users were able to update their social media accounts likely through a VPN or other anonymizing service. One user posted a video on Twitter that tweet shows what appears to be a fighter jet flying very low over the Turkish capital of Ankara; another user has tweeted a video of a helicopter opening fire in Turkey. The Associated Press reports that Turkish prime minister, Binali Yildirim, has confirmed the coup by a group within Turkey's military.

Submission + - SPAM: Bastille Day Terrorist Attacks in Nice, France. 84 Dead 1

MrKaos writes: Videos are emerging of another terrorist attack in Nice France. Police failed to stop the driver of a fixed axle lorry who sebsequently used the vehicle to plough through crowds of people celebrating Bastille day.
Claims are emerging that the driver was also using an automatic weapon and had a stock of grenades. France was still in a state of emergency from the previous terrorist attacks.

Eighty four are dead and eighteen are in a critical condition.

The cowardly Daesh (ISIS) have claimed responsibility for the attack against the citizens of France.

Link to Original Source

Submission + - 60 people killed and many more injured in terrorist attack in Nice, France (bbc.com)

An anonymous reader writes: A truck slowly drove towards a crowd, accelerated and then hit people on the famous Promenade des Anglais shortly after celebratory fireworks had ended. July 14th is a national holiday in remembrance of the attack on the Bastille which started the French Revolution. The truck reportedly drove more than a mile before the driver was shot and the truck stopped.

Submission + - SPAM: Do You Own Your Own Fingerprints?

schwit1 writes: These days, many of us regularly feed pieces of ourselves into machines for convenience and security. Our fingerprints unlock our smartphones, and companies are experimenting with more novel biometric markers—voice, heartbeat, grip—as ID for banking and other transactions. But there are almost no laws in place to control how companies use such information. Nor is it clear what rights people have to protect scans of their retinas or the contours of their face from cataloging by the private sector.

There’s one place where people seeking privacy protections can turn: the courts. A series of plaintiffs are suing tech giants, including Facebook and Google, under a little-used Illinois law. The Biometric Information Privacy Act, passed in 2008, is one of the only statutes in the U.S. that sets limits on the ways companies can handle data such as fingerprints, voiceprints, and retinal scans. At least four of the suits filed under BIPA are moving forward. “These cases are important to scope out the existing law, perhaps point out places where the law could be improved, and set principles that other states might follow,” says Jeffrey Neuburger, a partner at law firm Proskauer Rose.

The bankruptcy of fingerprint-scanning company Pay By Touch spurred BIPA’s passage. Hundreds of Illinois grocery stores and gas stations used its technology, allowing customers to pay with the tap of a finger. As the bankrupt company proposed selling its database, the Illinois chapter of the American Civil Liberties Union drafted what became BIPA, and the bill passed with little corporate opposition, says Mary Dixon, legislative director of the Illinois ACLU.

Link to Original Source

Submission + - Reconnoiter The Cost Of Studying In France (rediff.com)

An anonymous reader writes: France has been a delightful country for all those who wish to study abroad and thus we discuss stuff like study abroad in France, cost of studying in France, and related topics to address the serious students.

Submission + - Google staff protest casual sexism by adding "Lady" to their job titles

AmiMoJo writes: More than 800 members of Google's staff are standing together in a showing against sexism today by appending a single word to their job titles: "Lady." This is happening in response to a ludicrous comment made during Alphabet's shareholder meeting last week, when someone referred to company CFO Ruth Porat as the organization's "lady CFO." The idea sprouted in an email group for alums of a Google leadership-development program for women. One employee suggested that they should all change their titles to "Lady ___" in acknowledgement and lighthearted protest of the incident. As in "Lady Systems Engineer," or "Lady People Analytics Manager." As of now, more than 800 Googlers — women and men — have changed their job titles in the company-wide directory or in their email signatures.

Submission + - Microsoft to buy LinkedIn for $26.2 billion; (cnbc.com) 1

McGruber writes: CNBC is reporting that Microsoft is acquiring "professional social platform" LinkedIn for $196 per share, in an all-cash deal valued at $26.2 billion.

In a statement, Microsoft CEO Satya Nadella said "The LinkedIn team has grown a fantastic business centered on connecting the world's professionals. Together we can accelerate the growth of LinkedIn, as well as Microsoft Office 365 and Dynamics as we seek to empower every person and organization on the planet."

Submission + - Worst Mass Shooting in U.S. History (cnn.com) 17

An anonymous reader writes: From CNN:

"Fifty people were killed inside Pulse, a gay nightclub, Orlando Police Chief John Mina and other officials said Sunday morning, just hours after a shooter opened fire in the deadliest mass shooting in U.S. history. At least 53 more people were injured, Mina said. Police have shot and killed the gunman, he told reporters.

The shooter is not from the Orlando area, Mina said. He has been identified as Omar Saddiqui Mateen, 29, of Fort Pierce, about 120 miles southeast of Orlando, two law enforcement officials tell CNN.
Orlando authorities said they consider the violence an act of domestic terror. The FBI is involved. While investigators are exploring all angles, they "have suggestions the individual has leanings towards (Islamic terrorism), but right now we can't say definitely," said Ron Hopper, assistant special agent in charge of the FBI's Orlando bureau."

Slashdot Top Deals

"All we are given is possibilities -- to make ourselves one thing or another." -- Ortega y Gasset

Working...