Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Online Fraud Detection: Nobody seems to know what Rudy Giuliani's cybersecurity (bravesites.com)

j0nes1k5trich writes: Rudy Giuliani has been tapped to "lend expertise" and to advise the Trump administration on cybersecurity.

The former New York mayor "will be sharing his expertise and insight as a trusted friend concerning private sector cybersecurity problems and emerging solutions developing in the private sector," said a brief statement from the incoming Trump administration.

But details about Giuliani's role were not immediately available.

Trump's pick of Giuliani for this position isn't all too surprising to security circles. It's widely known that he is the chief executive of his own private-sector cybersecurity venture, Giuliani Partners.

Giuliani spent much of his time consulting after leaving office as mayor of New York at the end of 2001. His venture claims to offer "a comprehensive range of security and crisis management services." His consulting firm has hired controversial staffers, and has worked for questionable clientele, reports have said.

Yet, even his cybersecurity venture's website, filled with clunky Flash components and "cyber" stock imagery throughout, doesn't advertise what it does.

For the past few months while Giuliani's name was floated for positions for the Republican's presidential campaign, we've tried to find out exactly what his company does, or can do better than any other security firm — to no avail. (If you have information relating to Giuliani's company, there are a number of ways to contact me securely. We want to know, and we think others do as well.)

Yet, the company has made millions of dollars in contracts with various organizations, including the 2016 Olympic Committee.

Giuliani was most recently a guest speaker at the BlackBerry Security Summit earlier this year — the day after his bizarre appearance at the Republican National Committee — to give an equally unhinged speech comparing cybercrime to cancer and hackers to the "Mafia."

The former phone maker BlackBerry just last week announced that Giuliani's company would "assess infrastructures, identify potential cyber security vulnerabilities, address gaps and secure endpoints with the goal of offering another channel to bring customers to a new standard of security."

So clearly the company is doing something right. Right?

It's not known what Giuliani can or will bring to the table. We've reached out to the presidential transition team for more and will update if we hear back.

But right now there are more questions than answers over Giuliani's involvement, given the lack of a clear and transparent directive on what his company does or how it (if at all) will benefit the transition team and the country.

Submission + - Google's New Compression Tool Uses 75% Less Bandwidth (thenextweb.com)

An anonymous reader writes: Google just released an image compression technology called RAISR (Rapid and Accurate Super Image Resolution) designed to save your precious data without sacrificing photo quality. Claiming to use up to 75 percent less bandwidth, RAISR analyzes both low and high-quality versions of the same image. Once analyzed, it learns what makes the larger version superior and simulates the differences on the smaller version. In essence, it’s using machine learning to create an Instagram-like filter to trick your eye into believing the lower-quality image is on par with its full-sized variant. Unfortunately for the majority of smartphone users, the tech only works on Google+ where Google claims to be upscaling over a billion images a week. If you don’t want to use Google+, you’ll just have to wait a little longer. Google plans to expand RAISR to more apps over the coming months. Hopefully that means Google Photos.

Submission + - Open Source Codec Encodes Voice Into Only 700 Bits Per Second (rowetel.com)

Bruce Perens writes: David Rowe VK5DGR has been working on ultra-low-bandwidth digital voice codecs for years, and his latest quest has been to come up with a digital codec that would compete well with single-sideband modulation used by ham contesters to score the longest-distance communications using HF radio. A new codec records clear, but not hi-fi, voice in 700 bits per second, that's 88 bytes per second. Connected to an already-existing Open Source digital modem, it might beat SSB.

Obviously there are other uses for recording voice at ultra-low-bandwidth. Many smartphones could record your voice for your entire life using their existing storage. A single IP packet could carry 15 seconds of speech. Ultra-low-bandwidth codecs don't help conventional VoIP, though. The payload size for low-latency voice is only a few bytes, and the packet overhead will be at least 10 times that size.

Submission + - Trump's cyber-guru Giuliani runs ancient, utterly hackable website (theregister.co.uk)

mask.of.sanity writes: US president-elect Donald Trump's freshly minted cyber tsar Rudy Giuliani runs a website so insecure that its content management system is five years out of date, unpatched and is utterly hackable.
Giulianisecurity.com the website for Giuliani's eponymous infosec consultancy firm, runs Joomla! version 3.0, released in 2012, and since found to carry 15 separate vulnerabilities. More bugs and poor secure controls abound.

Submission + - Yahoo's billion user breach could represent the new norm in data security

isabellwiseman writes: Today, everything is online. The internet is where people go to book flights, go shopping, complete banking transactions, socialize, and so much more. It has provided a world of profound convenience and happiness for people. The only downside is that we’ve become too comfortable with uploading sensitive information which has created a field day for data theft and identity hackers. For instance, Yahoo announced in September 2016 that a massive hack on its network in 2014 saw 500 million of its user’s data breached. Yahoo then announced in December 2016 another breach of more than one billion user accounts that occurred in August 2013, separate and distinct from the previous hack. Source

Submission + - User Trust Fail: Google Chrome and the Tech Support Scams (vortex.com)

Lauren Weinstein writes: It’s not Google’s fault that these criminals exist. However, given Google’s excellent record at detection and blocking of malware, it is beyond puzzling why Google’s Chrome browser is so ineffective at blocking or even warning about these horrific tech support scams when they hit a user’s browser.

These scam pages should not require massive AI power for Google to target.

And critically, it’s difficult to understand why Chrome still permits most of these crooked pages to completely lock up the user’s browser — often making it impossible for the user to close the related tab or browser through any means that most users could reasonably be expected to know about.

Submission + - US Releases Declassified Report On Russian Hacking (theverge.com)

An anonymous reader writes: The Office of the Director of National Intelligence has released its unclassified report on Russian hacking operations in the United States. “We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the U.S. presidential election,” according to the report. “Russia’s goals were to undermine public faith in the U.S. democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump.” The report, titled “Assessing Russian Activities and Intentions in Recent U.S. Elections,” details the successful hack of the Democratic National Committee. “The Kremlin’s campaign aimed at the U.S. election featured disclosures of data obtained through Russian cyber operations; intrusions into U.S. state and local electoral boards; and overt propaganda,” according to the report. The report states that Russian intelligence services made cyber-attacks against “both major U.S. political parties” to influence the 2016 election. The report also publicly names Guccifer 2.0 and DCLeaks.com, two sources of stolen information released to the public, as Russian operatives working on behalf of the country’s military intelligence unit, the GRU. Officials from the organization were recently the target of U.S. sanctions. WikiLeaks is also cited as a recipient of stolen information. The report also notes that the U.S. has determined Russia “accessed elements of multiple state or local electoral boards,” though no vote-tallying processes were tampered with. The FBI and CIA have “high confidence” the election tampering was ordered by Putin to help then-candidate Trump, according to the report. NSA has “moderate confidence” in the assessment.

Submission + - What happened to UI? Who are the people who approve modern UI?

Artem Tashkinov writes: Here are the staples of the modern user interface (in varying degree apply to modern web/and most operating systems like Windows 10, iOS and even Android):
  • Too much white space, huge margins, too little information
  • Text is indistinguishable from controls
  • Text in CAPS
  • Certain controls cannot be easily understood (like on/off states for check boxes or elements like tabs)
  • Everything presented in shades of gray or using a severely and artificially limited palette
  • Often awful fonts suitable only for HiDPI devices (Windows 10 modern apps are a prime example)
  • Cannot be controlled by keyboard
  • Very little customizability if any

How would Slashdotters explain the proliferation and existance of such unusable user interfaces and design choices?

Submission + - Wikipedia exceeds fundraising target, but continues asking for more money

Andreas Kolbe writes: The fundraising banners on Wikipedia this year are so effective that halfway through its December fundraising campaign, the Wikimedia Foundation has already exceeded its $25 million donations target for the entire month, reports The Register. A few weeks ago, Jimmy Wales promised that the Wikimedia Foundation would "stop the fundraiser if enough money were raised in shorter than the planned time". But there’s no sign of the Foundation doing that. When asked about this more recently, a Wikimedia Foundation spokesperson remained non-committal on ending the campaign early. The most recent audited accounts of the Wikimedia Foundation showed net assets of $92 million and revenue of $82 million. None of this money, incidentally, pays for writing or checking Wikipedia content – that's the job of unpaid volunteers – and only $2 million are spent on internet hosting every year.

Submission + - A Radically Simple Idea Will Let Us Catch Cancer Before It's Cancer (backchannel.com)

mirandakatz writes: In 2017, cancer might overtake heart disease as the leading cause of death in the US: As deaths from heart disease and stroke have dwindled, cancer has held strong, steadily narrowing the gap. But cancer researchers are starting to realize that their approach to fighting the war on cancer has been wrong for a long time. They've been waiting for tumors to get big enough to feel or see before attacking them—but the next big step in cancer prevention and treatment could be finding premalignancies, shutting down tumors before they get nasty. At Backchannel, Kat McGowan details two big advances in the way we think about cancer treatment, and what's to come in the year 2017.

Submission + - 70 Percent of Enterprise Ransomware Victims Paid Up

Trailrunner7 writes: Ransomware gangs have been targeting businesses in the last few months, seeking bigger paydays than what they can extract from consumers. The plan has been highly successful, according to new data, which shows that 70 percent of businesses infected with ransomware have paid the ransom to get their data back.

Researchers at IBM Security’s X-Force surveyed executives at 600 businesses of all sizes and found that organizations hit with ransomware are choosing to pay out at a high rate. The data shows that 20 percent of compromised organizations have paid ransoms of more than $40,000, and 25 percent have paid between $20,000 and $40,000. Those numbers are far higher than what consumers typically pay, which is usually in the range of $500-$1,000, depending on the ransomware variant.

Submission + - U.S. Election Assistance Commission Hacked

wiredmikey writes: Researchers have discovered that a Russian-speaking hacker broke into the U.S. Election Assistance Commission (EAC) systems, and has been trying to sell stolen access credentials — including admin-level — on the underground.

On December 1, researchers with Recorded Future discovered internet chatter that appeared to relate to an EAC breach. A hacker, called "Rasputin" by Recorded Future, was discussing the sale of more than 100 EAC access credentials to a middle-eastern government broker. The hacker claimed to have accessed the systems via an SQLi vulnerability, which Recorded Future was able to locate and report.

EAC said Thursday that was aware of the 'potential intrusion' and was investigating the incident.

Submission + - India Just Flew Past Us in the Race to E-Cash (backchannel.com)

mirandakatz writes: Since India's prime minister banned 86% of the rupee notes in circulation last month, citizens have been waiting in hours-long lines for ATMs. But these circumstances have also created an unexpected progression: a burgeoning cashless economy. At Backchannel, Lauren Razavi explores how India is now beating many Western countries in adopting mobile payments, and how demonetization has triggered a radical shift toward reimagining India’s enormous informal economy as a data-driven digital marketplace.

Submission + - Malvertising Campaign Infects Your Router Instead of Your Browser (bleepingcomputer.com)

An anonymous reader writes: Malicious ads are serving exploit code to infect routers, instead of browsers, in order to insert ads in every site users are visiting. Unlike previous malvertising campaigns that targeted users of old Flash or Internet Explorer versions, this campaign focused on Chrome users, on both desktop and mobile devices.

The malicious ads included in this malvertising campaign contain exploit code for 166 router models, which allow attackers to take over the device and insert ads on websites that didn't feature ads, or replace original ads with the attackers' own. Researchers haven't yet managed to determine an exact list of affected router models, but some of the brands targeted by the attackers include Linksys, Netgear, D-Link, Comtrend, Pirelli, and Zyxel.

Because the attack is carried out via the user's browser, using strong router passwords or disabling the administration interface is not enough. The only way users can stay safe is if they update their router's firmware to the most recent versions, which most likely includes protection against the vulnerabilities used by this campaign.

Submission + - First Offshore Wind Farm In US Waters Delivers Power To Rhode Island (arstechnica.com)

An anonymous reader writes: On Monday, energy company Deepwater Wind announced that its wind farm three miles off the coast of Block Island, Rhode Island, has the all-clear to sell electricity to the regional power grid. The Block Island Wind Farm is the first offshore wind energy plant in the U.S., and it's expected to produce 30 MW of electricity at full capacity. Deepwater Wind is slowly ramping up energy output and still must provide additional paperwork to the Rhode Island Coastal Resources Management Council, but the executive director of that organization, Grover Fugate, told the Providence Journal, “we don't anticipate any major issues” to getting the wind farm fully online. The one hitch in the Deepwater's plan is that one of the five turbines was recently damaged when a drill bit was left in a critical part of turbine. According to the Providence Journal, "the bit had caused damage to an unspecified number of the 128 magnet modules that line the circular generator and are critical to producing energy." Although the magnet modules can apparently be replaced easily, Deepwater needs to have the components shipped from France, where General Electric, the manufacturer of the wind turbines, makes them. For now, four turbines capable of churning out 6 MW of power each are operational. The Providence Journal notes that National Grid will pay Deepwater Wind 24.4 cents per kilowatt hour of power, with the price escalating over time to 47.9 cents per kilowatt hour. Because the residents of Block Island have some of the most expensive electricity rates in the nation, they will actually see energy savings, despite the price. Mainland Rhode Islanders, on the other hand, will pay an extra $1.07 per month on average.

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Working...