Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - SPAM: Hacking Smartphones Via Voice Commands Hidden In YouTube Videos

Orome1 writes: A group of researchers from Georgetown University and UC Berkeley have demonstrated how voice commands hidden in YouTube videos can be used by malicious attackers to compromise smartphones. In order for the attack to work, the target smartphones have to have Apple Siri or Google Now – the intelligent personal assistant software that uses a natural language user interface to answer questions, make recommendations, and perform actions – enabled. And, if the video in question is not played on them, they have to be close enough to “hear” and interpret the commands hidden in the video played on other nearby devices.
Link to Original Source

Submission + - Due process is under assault in America (washingtonexaminer.com)

An anonymous reader writes: Due process isn’t the sexiest part of the Constitution. It doesn’t get all the attention like the First or Second Amendments. But it is so incredibly important to the foundation of our country that it’s painful to see the hits it’s been taking these past few years.

The latest attempt has been incredibly direct, with Sen. Joe Manchin, D-W.Va., declaring that “due process is what’s killing us right now.” Manchin’s comments came in response to the Orlando terrorist attack that killed 49 people and injured 53 more. Speaking on MSNBC’s “Morning Joe,” Manchin said that due process was keeping legislators from banning those on the Terrorist Watch List from purchasing guns.

“The problem we have, and really the firewall we have right now, is due process,” Manchin said Thursday. “It’s all due process.”

Darn that pesky due process and its constitutional protections!

Manchin is just the latest pol to advocate trampling on Americans’ constitutional rights. On Wednesday, a number of pols told my colleague Joel Gehrke that the presumption of innocence was unnecessary when government seeks to deprive someone of a constitutional right.

Submission + - Windows 10's privacy invading features aren't gone in Threshold 2 (betanews.com)

Mark Wilson writes: Since the launch of Windows 10, there have been various concerns relating to privacy. Some would dismiss this as little more than paranoia, but a lack of transparency about what was happening in the background broke a lot of people's trust. Many hoped that the release of the Threshold 2 update this month would address this, but in lots of cases it was actually a backward step.

In the RTM release of Windows 10, there was a service running in the background called Diagnostics Tracking Service (also known as DiagTrack), and people concerned about privacy — who were in the know — disabled it. In Threshold 2, this service is gone. A cause for celebration you might think; but think again. The service is still there, just under a different guise.

Submission + - Obamacare regulations to destroy craft beer industry

schwit1 writes: The cost to meet Obamacare regulations requiring beer companies to include specific calorie information on every beer they make is likely going to destroy many small local beer breweries.

As of December 2016, all brewers must include a detailed calorie count on every type of beer they produce. Failure to comply with the new regulations means craft brewers will not be able to sell their beer in any restaurant chain with over 20 locations. Because this is a major market for selling beer, it hamstrings smaller craft brewers if they do not comply.

The Cato Institute estimates the Obamacare calorie labeling requirements will cost a business as much as $77,000 to implement. For larger beer companies, this is a drop in the bucket, but for small, local craft brewers it represents a significant cost that they must pay. As a result, it creates a significant disadvantage compared to larger beer companies who can better absorb the cost of this new regulation.

But hey, who cares if a major thriving industry should be destroyed by government regulations.

Submission + - Comcast Xfinity Wi-Fi Discloses Customer Names and Addresses (csoonline.com)

itwbennett writes: Despite assurances that only business listings and not customer names and home addresses would appear in the public search results when someone searches for an Xfinity Wi-Fi hotspot, that is exactly what's happened when the service was initiated 2 years ago — and is still happening now, writes CSO's Steve Ragan. And that isn't the only security issue with the service. Another level of exposure centers on accountability. Ken Smith, senior security architect with K Logix in Brookline, Ma., discovered that Comcast is relying on the device’s MAC address as a key component of authentication.

Submission + - The History of SQL Injection, the Hack That Will Never Go Away

An anonymous reader writes: SQL injection (SQLi) is where hackers typically enter malicious commands into forms on a website to make it churn out juicy bits of data. It's been used to steal the personal details of World Health Organization employees, grab data from the Wall Street Journal, and hit the sites of US federal agencies.

“It’s the most easy way to hack,” the pseudonymous hacker w0rm, who was responsible for the Wall Street Journal hack, told Motherboard. The attack took only a “few hours.”

But, for all its simplicity, as well as its effectiveness at siphoning the digital innards of corporations and governments alike, SQLi is relatively easy to defend against.

So why, in 2015, is SQLi still leading to some of the biggest breaches around?

Comment Should help Linux in the long run (Score 2) 110

As trivial as this might seem, having games for linux might help bring in more of the youth crowd. Their comfort level with linux will increase and out of that user stream you'll develop more hardcore linux users. I doubt Steam thought about it that way but in the long run, it is really a smart thing for the future heath of the linux fan base.

Comment Worst taxi experiences ever... (Score 3, Interesting) 136

Context of the story aside, my worst experiences with taxis have all been in Las Vegas. Being being asshats with lawyer ties to politicians, they are angry at their customers just for being customers. It has gotten to the point where I'd rather pay for a private car or take a hotel shuttle over a taxi any time we visit Las Vegas. I've been yelled at, my wife's bags tossed to the ground and just made really uncomfortable when dealing with them.

Comment Politics Feh (Score 3, Interesting) 130

I remember when nobody posted politics on Slashdot. You guys have ruined a perfectly good site by trying to turn it into a political evangelism site. Can we stick to technology related issues please? I'm sure a lot of you will vote me down for saying these things but how many people have stopped coming here because Slashdot isn't a great place to see cutting edge information any more. There is far too much political demagoguery here, it is depressing.

Comment Google's desire to sell all things (Score 1, Insightful) 217

Well thats just a bunch of horse hockey. If you uninstall an app, it's service related functions should stop. This is just some crazy thing google is doing to keep getting access to your data for analysis. They make money by analyzing everything you do online and with android products. In this instance, it is something they should be shamed for continuing to do after you removed the software.

Submission + - Most Advanced Climate Data Shows 10-Year Cooling Trend (dailycaller.com) 1

nefus writes: Data from America’s most advanced climate monitoring system shows the U.S. has undergone a cooling trend over the last decade, despite recent claims by government scientists that warming has accelerated worldwide during that time.

Submission + - Ask Slashdot: How to own the rights to software developed at work? 2

ToneyTime writes: I'm a young developer building custom add ins for my companies chosen SAAS platform as a full time staff member. The platform supports a developer community to share code and plug-ins with an option to sell the code.

While I don't plan on having a breakthrough app, I am interested in sharing the solutions I create with the hopefully potential of selling. All solutions are created and made by me for the business needs and aim to keep any company specific data out. I have a good relationship with management and can develop on my own personal instance of the platform, but would be doing so on company time. Going contractor is a bit premature for me at this stage.

Any advise, references or stories to learn from?

Submission + - Mozilla Begins To Move Towards HTTPS-Only Web

jones_supa writes: Mozilla is officially beginning to phase out non-secure HTTP to prefer HTTPS instead. After a robust discussion on the mailing list, the company will boldly start removing capabilities of non-secure web. There are two broad elements of this plan: setting a date after which all new features will be available only to secure websites, and gradually phasing out access to browser features for non-secure websites, especially regarding features that pose risks to users' security and privacy. It should be noted that this plan still allows for usage of the "http" URI scheme for legacy content. With HSTS and the upgrade-insecure-requests CSP attribute, the "http" scheme can be automatically translated to "https" by the browser, and thus run securely. The goal of this effort is also to send a message to the web developer community that they need to be secure. Mozilla expects to make some proposals to the W3C WebAppSec Working Group soon.

Slashdot Top Deals

Some people have a great ambition: to build something that will last, at least until they've finished building it.

Working...