Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Security

Ebay Asks Users To Downgrade Security (krebsonsecurity.com) 58

Ebay has started to inform customers who use a hardware key fob when logging into the site to switch to receiving a one-time code sent via text message. The move from the company, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is "a downgrade to a less-secure option," say security reporter Brian Kerbs. He writes: In early 2007, PayPal (then part of the same company as Ebay) began offering its hardware token for a one-time $5 fee, and at the time the company was among very few that were pushing this second-factor (something you have) in addition to passwords for user authentication. I've still got the same hardware token I ordered when writing about that offering, and it's been working well for the past decade. Now, Ebay is asking me to switch from the key fob to text messages, the latter being a form of authentication that security experts say is less secure than other forms of two-factor authentication (2FA). The move by Ebay comes just months after the National Institute for Standards and Technology (NIST) released a draft of new authentication guidelines that appear to be phasing out the use of SMS-based two-factor authentication.
Firefox

Firefox for Linux is Now Netflix Compatible (betanews.com) 66

Brian Fagioli, writing for BetaNews: For a while, Netflix was not available for traditional Linux-based operating systems, meaning users were unable to enjoy the popular streaming service without booting into Windows. This was due to the company's reliance on Microsoft Silverlight. Since then, Netflix adopted HTML5, and it made Google Chrome and Chromium for Linux capable of playing the videos. Unfortunately, Firefox -- the open source browser choice for many Linux users -- was not compatible. Today this changes, however, as Mozilla's offering is now compatible with Netflix!

Submission + - GNOME 3.24 Officially Released

prisoninmate writes: GNOME 3.24 just finished its six-month development cycle, and it's now the most advanced stable version of the modern and popular desktop environment used by default in numerous GNU/Linux distributions. It was developed since October 2016 under the GNOME 3.23.x umbrella, during which it received numerous improvements. Prominent new features of the GNOME 3.24 desktop environment include a Night Light functionality that promises to automatically shift the colors of your display to the warmer end of the spectrum after sunset, and a brand-new GNOME Control Center with redesigned Users, Keyboard & Mouse, Online Accounts, Bluetooth, and Printer panels. As for the GNOME apps, we can mention that the Nautilus file manager now lets users browse files as root (system administrator), GNOME Photos imitates Darktable's exposure and blacks adjustment tool, GNOME Music comes with ownCloud integration and lets you edit tags, and GNOME Calendar finally brings the Week view. New apps like GNOME Recipes are also part of this release.
Businesses

Patents Are A Big Part Of Why We Can't Own Nice Things (eff.org) 215

An anonymous reader shares an EFF article: Today, the Supreme Court heard arguments in a case that could allow companies to keep a dead hand of control over their products, even after you buy them. The case, Impression Products v. Lexmark International, is on appeal from the Court of Appeals for the Federal Circuit, who last year affirmed its own precedent allowing patent holders to restrict how consumers can use the products they buy. That decision, and the precedent it relied on, departs from long established legal rules that safeguard consumers and enable innovation. When you buy something physical -- a toaster, a book, or a printer, for example -- you expect to be free to use it as you see fit: to adapt it to suit your needs, fix it when it breaks, re-use it, lend it, sell it, or give it away when you're done with it. Your freedom to do those things is a necessary aspect of your ownership of those objects. If you can't do them, because the seller or manufacturer has imposed restrictions or limitations on your use of the product, then you don't really own them. Traditionally, the law safeguards these freedoms by discouraging sellers from imposing certain conditions or restrictions on the sale of goods and property, and limiting the circumstances in which those restrictions may be imposed by contract. But some companies are relentless in their quest to circumvent and undermine these protections. They want to control what end users of their products can do with the stuff they ostensibly own, by attaching restrictions and conditions on purchasers, locking down their products, and locking you (along with competitors and researchers) out. If they can do that through patent law, rather than ordinary contract, it would mean they could evade legal limits on contracts, and that any one using a product in violation of those restrictions (whether a consumer or competitor) could face harsh penalties for patent infringement.
Medicine

Satellite Navigation 'Switches Off' Parts of Brain Used For Navigation, Study Finds (scientificamerican.com) 154

A new study published today in the journal Nature Communications reveals some of the drawbacks of using satellite navigation (SatNav) technology. After scanning the brains of 24 volunteers as they explored a simulation through the streets of London's Soho district, researchers from the University of London found that listening to a satellite navigation's instructions "switches off" activity in parts of the brain used for navigation. Scientific American reports: The researchers found that a brain structure called the hippocampus, which is involved in both memory and spatial navigation, appears to encode two different maps of the environment: One tracks the distance to the final destination as the crow flies and is encoded by the frontal region of the hippocampus, the other tracks the "true path" to the goal and is encoded by its rear region. During the navigation tasks, the hippocampus acts like a flexible guidance system, flipping between these two maps according to changing demands. Activity in the hippocampal rear region acts like a homing signal, increasing as the goal gets closer. Analysis of the brain-scanning data revealed activity in the rear right of the hippocampus increased whenever the participants entered a new street while navigating. It also varied with the number of new path options available. The more alternatives there were, the greater the brain activity. The researchers also found that activity in the front of the hippocampus was associated with a property called centrality, defined by the proximity of each new street to the center of the network. Further, they observed activity in the participants' prefrontal cortices when they were forced to make a detour and had to replan their route -- and this, too, increased in relation to the number of options available. Intriguingly, when participants followed SatNav instructions, however, brain activity in these regions "switched off." Together, the new findings suggest the rear portion of the hippocampus reactivates spatial memories of possible navigation paths, with more available paths evoking more activity, and that the prefrontal cortex may contribute to path-planning by searching though different route options and selecting the best one.
Medicine

Spider Venom Might Protect Us From Deadly Strokes (arstechnica.com) 41

New submitter evolutionary writes: Apparently the Australian funnel-web spider's venom has amazing properties, if you can use it within 4.5 hours. From a report via Ars Technica: "Venom from the Australian funnel-web spider (Hadronyche infensa) contains a chemical that shuts down an ion channel known to malfunction in brain cells after strokes, researchers report Monday in PNAS. In cell experiments, the harmless chemical protected brain cells from a toxic flood of ions unleashed after a stroke strikes. In rats, the venom component markedly protected the rats' brains from extensive damage -- even when it was given hours after a stroke occurred. Researchers have years, if not decades, of work to figure out if their particular venom is safe and effective in humans. And very few potential therapies make the cut. But, this early study gives us reason to be somewhat optimistic: it follows years of research and hypotheses that such venom components and their ion channel-targets could be key to new stroke treatments -- which are desperately needed. The vast majority of strokes involve a blockage that stops or slows the flow of blood into an area of the brain (other strokes can be caused by hemorrhages.) This leaves brain cells without fresh blood and oxygen. To cope, the cells can switch to metabolic pathways that don't rely on oxygen. But this creates acidic conditions, and the pH outside of brain cells starts dropping fast -- a scenario called acidosis. In the acidic, oxygen-starved brain regions, brain cells become damaged and start dying off, causing irreparable damage. The only drug approved by the Food and Drug Administration to treat these types of strokes tries to restore blood flow by breaking up clots. But this drug is only used in about three to four percent of stroke victims because it has to be used within 4.5 hours of the stroke. It also comes with the risk of causing hemorrhages."
Microsoft

Microsoft's Edge Was Most Hacked Browser At Pwn2Own 2017, While Chrome Remained Unhackable (tomshardware.com) 136

At the Pwn2Own 2017 hacking event, Microsoft's Edge browser proved itself to be the least secure browser at the event, after it was hacked no less than five times. Google's Chrome browser, on the other hand, remained unhackable during the contest. Tom's Hardware reports: On the first day, Team Ether (Tencent Security) was the first to hack Edge through an arbitrary write in the Chakra JavaScript engine. The team also used a logic bug in the sandbox to escape that, as well. The team got an $80,000 prize for this exploit. On the second day, the Edge browser was attacked fast and furious by multiple teams. However, one was disqualified for using a vulnerability that was disclosed the previous day. (The teams at Pwn2Own are supposed to only use zero-day vulnerabilities that are unknown to the vendor. Two other teams withdrew their entries against Edge. However, Team Lance (Tencent Security) successfully exploited Microsoft's browser using a use-after-free (UAF) vulnerability in Chakra, and then another UAF bug in the Windows kernel to elevate system privileges. The exploit got the team $55,000. Team Sniper (Tencent Security) also exploited Edge and the Windows kernel using similar techniques, which gained this team the same amount of money, as well. The most impressive exploit by far, and also a first for Pwn2Own, was a virtual machine escape through an Edge flaw by a security team from "360 Security." The team leveraged a heap overflow bug in Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape. The team hacked its way in via the Edge browser, through the guest Windows OS, through the VM, all the way to the host operating system. This impressive chained-exploit gained the 360 Security team $105,000. The fifth exploit against Edge was done by Richard Zhu, who used two UAF bugs--one in Edge and one in a Windows kernel buffer overflow--to complete the hack. The attack gained Zhu $55,000. At last year's Pwn2Own 2016, Edge proved to be more secure than Internet Explorer and Safari, but it still ended up getting hacked twice. Chrome was only partially hacked once, notes Tom's Hardware.

Submission + - EFF needs your help to stop Congress dismantling Internet privacy protections! (eff.org)

Peter Eckersley writes: Last year the FCC passed rules forbidding ISPs (both mobile and landline) from using your personal data without your consent for purposes other than providing you Internet access. In other words, the rules prevent ISPs from turning your browsing history into a revenue stream to sell to marketers and advertisers. Unfortunately, members of Congress are scheming to dismantle those protections as early as this week. If they succeed, ISPs would be free to resume selling users' browsing histories, pre-loading phones with spyware, and generally doing all sorts of creepy things to your traffic.

The good news is, we can stop them. We especially need folks in the key states of Alaska, Colorado, Maine, Montana, Nevada, Ohio, and Pennsylvania to call their senators this week and tell them not to kill the FCC's Broadband Privacy Rules.

Together, we can stop Congress from undermining these crucial privacy protections.

AI

Who's Liable For Decisions AI and Robotics Make? (betanews.com) 174

An anonymous reader shares a BetaNews article: Reuters news agency reported on February 16 that "European lawmakers called [...] for EU-wide legislation to regulate the rise of robots, including an ethical framework for their development and deployment and the establishment of liability for the actions of robots including self-driving cars." The question of determining "liability" for decision making achieved by robots or artificial intelligence is an interesting and important subject as the implementation of this technology increases in industry, and starts to more directly impact our day to day lives. Indeed, as application of Artificial Intelligence and machine learning technology grows, we are likely to witness how it changes the nature of work, businesses, industries and society. And yet, although it has the power to disrupt and drive greater efficiencies, AI has its obstacles: the issue of "who is liable when something goes awry" being one of them. Like many protagonists in industry, Members of the European Parliament (MEPs) are trying to tackle this liability question. Many of them are calling for new laws on artificial intelligence and robotics to address the legal and insurance liability issues. They also want researchers to adopt some common ethical standards in order to "respect human dignity."
Microsoft

Microsoft Outlook, Skype, OneDrive Hit By Another Authentication Issue (zdnet.com) 48

Two weeks after a widespread authentication issue hit Outlook, Skype, OneDrive, Xbox and other Microsoft services, it's happening again. From a report: On March 21, users across the world began reporting via Twitter that they couldn't sign into Outlook.com, OneDrive and Skype, (and possibly more). I, myself, am unable to sign into Outlook.com, OneDrive or Skype at 2:30 pm ET today, but my Office 365 Mail account is working fine. (Knock wood.) I believe the issue started about an hour ago, or 1:30 p.m. ET or so. MSA is Microsoft's single sign-on service which authenticates users so they can log into their various Microsoft services. As happened two weeks ago, Skype Heartbeat site, has posted a message noting that users may be experiencing problems sending messages and signing in.
Security

New Technology Combines Lip Motion and Passwords For User Authentication (bleepingcomputer.com) 54

An anonymous reader writes: "Scientists from the Hong Kong Baptist University (HKBU) have developed a new user authentication system that relies on reading lip motions while the user speaks a password out loud," reports BleepingComputer. Called "lip password" the system combines the best parts of classic password-based systems with the good parts of biometrics. The system relies on the uniqueness of someone's lips, such as shape, texture, and lip motions, but also allows someone to change the lip motion (password), in case the system ever gets compromised. Other biometric solutions, such as fingerprints, iris scans, and facial features, become eternally useless once compromised.
United States

'Sorry, I've Forgotten My Decryption Password' is Contempt Of Court, Pal - US Appeal Judges (theregister.co.uk) 507

Thomas Claburn, reporting for The Register: The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court opted not to address a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination. In the case under review, the US District Court for the Eastern District of Pennsylvania held the defendant (referred to in court documents as "John Doe" because his case is partially under seal) in contempt of court for willfully disobeying and resisting an order to decrypt external hard drives that had been attached to his Mac Pro computer. The defendant's computer, two external hard drives, an iPhone 5S, and an iPhone 6 Plus had been seized as part of a child pornography investigation.
Communications

Hundreds of Cisco Switches Vulnerable To Flaw Found in WikiLeaks Files (zdnet.com) 76

Zack Whittaker, writing for ZDNet: Cisco is warning that the software used in hundreds of its products are vulnerable to a "critical"-rated security flaw, which can be easily and remotely exploited with a simple command. The vulnerability can allow an attacker to remotely gain access and take over an affected device. More than 300 switches are affected by the vulnerability, Cisco said in an advisory. According to the advisory, the bug is found in the cluster management protocol code in Cisco's IOS and IOS XE software, which the company installs on the routers and switches it sells. An attacker can exploit the vulnerability by sending a malformed protocol-specific Telnet command while establishing a connection to the affected device, because of a flaw in how the protocol fails to properly process some commands. Cisco said that there are "no workarounds" to address the vulnerability, but it said that disabling Telnet would "eliminate" some risks.
Businesses

Happiness is on the Wane in the US, UN Global Report Finds (theguardian.com) 379

From a report on The Guardian, shared by five anonymous readers: Happiness in the US is declining and is expected to continue on a downward path, with Donald Trump's policies forecast to deepen the country's social crisis. The US has slipped to 15th place in the World Happiness Report 2017, produced by the United Nations. The world's economic superpower is well behind top-ranked Norway, although it remains above Germany in 17th place, the UK in 19th, and France in 32nd. Norway knocked Denmark off the top spot as the world's happiest country, with Iceland and Switzerland rounding out the top four. The report's authors stress, however, that the top four are so close that changes are not statistically significant. The next tier of countries are regular leaders in international happiness surveys: Finland is in fifth place, followed by the Netherlands, Canada, New Zealand, Australia and Sweden. The world's "unhappiest" countries are all in the Middle East and Africa: war-stricken Yemen and Syria feature in the bottom 10, with Tanzania, Burundi and Central African Republic making up the final three.
Government

FBI Director Comey Confirms Investigation Into Trump Campaign (reuters.com) 516

FBI Director James Comey confirmed during testimony before Congress Monday that the FBI is investigating whether the Trump campaign colluded with a covert Russian campaign to interfere with the election. From a report on Reuters: Comey told a congressional hearing on Russian activities that the probe "includes investigating the nature of any links between individuals associated with the Trump campaign and the Russian government and whether there was any coordination between the campaign and Russia's efforts. Because it is an open, ongoing investigation and is classified, I cannot say more about what we are doing and whose conduct we are examining," Comey said. Earlier, the chairman of the U.S. House of Representatives Intelligence Committee, Republican Representative Devin Nunes, told the same hearing that the panel had seen no evidence of collusion between Russia and Trump's 2016 campaign. Nunes also denied an unsubstantiated claim from Trump that there had been a wiretap on his Trump Tower in New York but said it was possible other surveillance was used against the Republican.

Slashdot Top Deals

Chemist who falls in acid is absorbed in work.

Working...