Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror

Comment Wikipedia is newspeak (Score 2, Informative) 188

Wikipedia is well known on conservative outlets for pushing leftist positions. If you think this is the only proper reflection of information, I'm guessing this article would be correct. One could argue a wiki should try to represent most positions on topics in a non-biased manner.

Submission + - New Plundervolt Attack Impacts Intel Desktop, Server, and Mobile CPUs (zdnet.com)

Submitted by Anonymous Coward
An anonymous reader writes: Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs. The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor's voltage and frequency — the same interface that allows gamers to overclock their CPUs. Academics say they discovered that by tinkering with the amount of voltage and frequency a CPU receives, they can alter bits inside SGX to cause errors that can be exploited at a later point after the data has left the security of the SGX enclave.

They say Plundervolt can be used to recover encryption keys or introduce bugs in previously secure software. Intel desktop, server, and mobile CPUs are impacted. A full list of vulnerable CPUs is available here. Intel has also released microcode (CPU firmware) and BIOS updates today that address the Plundervolt attack by allowing users to disable the energy management interface at the source of the attack, if not needed.

Submission + - French Lawmakers Approve 3 Percent Tax On Online Giants (apnews.com)

Submitted by Anonymous Coward
An anonymous reader writes: France’s lower house of parliament approved Thursday a small, pioneering tax on internet giants like Google, Amazon and Facebook — and the French government hopes other countries will follow suit. The bill aims to stop multinationals from avoiding taxes by setting up headquarters in low-tax EU countries. Currently, the companies pay nearly no tax in countries where they have large sales like France. The bill foresees a 3% tax on the French revenues of digital companies with global revenue of more than 750 million euros ($847 million), and French revenue over 25 million euros. The bill adopted by the National Assembly goes to the Senate next week, where it is expected to win final approval.

Submission + - Top VPNs secretly owned by Chinese firms (computerweekly.com)

Submitted by SonicSpike
SonicSpike writes: Almost a third (30%) of the world’s top virtual private network (VPN) providers are secretly owned by six Chinese companies, according to a study by privacy and security research firm VPNpro.

The study shows that the top 97 VPNs are run by just 23 parent companies, many of which are based in countries with lax privacy laws.

Six of these companies are based in China and collectively offer 29 VPN services, but in many cases, information on the parent company is hidden to consumers.

Researchers at VPNpro have pieced together ownership information through company listings, geolocation data, the CVs of employees and other documentation.

In some instances, ownership of different VPNs is split amongst a number of subsidiaries. For example, Chinese company Innovative Connecting owns three separate businesses that produce VPN apps: Autumn Breeze 2018, Lemon Cove and All Connected. In total, Innovative Connecting produces 10 seemingly unconnected VPN products, the study shows.

Although the ownership of a number of VPN services by one company is not unusual, VPNpro is concerned that so many are based in countries with lax or non-existence privacy laws.

For example, seven of the top VPN services are owned by Gaditek, based in Pakistan. This means the Pakistani government can legally access any data without a warrant and data can also be freely handed over to foreign institutions, according to VPNpro.

The ability to access the data held by VPN providers, the researchers said, could enable governments or other organisations to identify users and their activity online. This potentially puts human rights activists, privacy advocates, investigative journalists and whistleblowers in jeopardy.

This lack of privacy, the study notes, extends to ordinary consumers, who are also coming under greater government surveillance.

“We’re not accusing any of these companies of doing anything underhand. However, we are concerned that so many VPN providers are not fully transparent about who owns them and where they are based,” said Laura Kornelija Inamedinova, research analyst at VPNpro.

“Many VPN users would be shocked to know that data held on them could be legally requested by governments in countries such as China and Pakistan.

“Our recommendation is that people do a lot of due diligence on the VPN that they want to use, since they aren’t all created equal and simply using a VPN does not guarantee privacy or security.”

VPNpro identified a further four companies: Super VPN & Free Proxy, Giga Studios, Sarah Hawken, and Fifa VPN, which together own 10 VPN services – where the parent company, and therefore company of origin, is completely hidden.

In February 2019, two US senators raised concerns about this issue and the potential threat to consumers and government agencies, calling on the Department of Homeland Security to investigate the possibility that VPNs are allowing valuable information to be routed to foreign adversaries.

In a letter, Democrat Ron Wyden and Republican Marco Rubio asked Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA) under the DHS, to perform a VPN threat assessment to determine potential risks to the US government, SearchSecurity reported.

In a factsheet on VPNs, civil liberties and privacy group Big Brother Watch warns that VPN providers have the potential to see users’ internet activity, “but many paid for VPNs make it clear that they do not log any of their user’s traffic”.

This prevents VPN providers from giving a document of any of the websites users visit, the guidance states.

Big Brother Watch recommends that free VPNs should be avoided because they may not be secure and could track users.

“If you want to be sure your online activity stays private, make sure you choose a VPN which does not log your internet activity and online traffic,” the guidance says. “Not all VPNs are the same. Make sure you do your research before choosing a VPN.”

Submission + - London Police's Face Recognition System Gets It Wrong 81 Percent of the Time (technologyreview.com)

Submitted by Anonymous Coward
An anonymous reader writes: London’s police force has conducted 10 trials of face recognition since 2016, using Japanese company NEC’s Neoface technology. It commissioned academics from the University of Essex to independently assess the scheme, and they concluded that the system is 81% inaccurate (in other words, the vast majority of people it flags for the police are not on a wanted list). They found that of 42 matches, only eight were confirmed to be correct, Sky News reports. The Met police insists its technology makes an error in only one in 1,000 instances, but it hasn’t shared its methodology for arriving at that statistic.

Submission + - Tor Project to Fix Bug Used For DDoS Attacks on Onion Sites For Years (zdnet.com)

Submitted by Anonymous Coward
An anonymous reader writes: The Tor Project is preparing a fix for a bug that has been abused for the past years to launch distributed denial of service (DDoS) attacks against dark web (.onion) websites. Barring any unforeseen problems, the fix is scheduled for the upcoming Tor protocol 0.4.2 release.

The bug has been known to Tor developers for years, and has been used to launch Slow Loris-like attacks on the web servers that run the Tor service supporting an .onion site. It works by opening many connections to the server and maxing out the CPU. Since Tor connections are CPU intensive because of the cryptography involved to support the privacy and anonymity of the network, even a a few hundreds connections are enough to bring down dark web portals.

A tool to exploit the bug and to automate DDoS attacks has been around for four years, and has been used by hackers to extort dark web marketplaces all spring. At least two markets selling illegal products have shut down after refusing to pay attackers. To get the bug fixed, members of a dark web forum banded together and donated to the Tor Project to sponsor the bug's patch.

Submission + - Engineer faces 219 years in prison for smuggling US military chips to China (zdnet.com)

Submitted by schwit1
schwit1 writes: On Tuesday, the US Department of Justice (DoJ) said that Yi-Chi Shih, a part-time Los Angeles resident, attempted to secure semiconductor chips used in US military applications in order to transfer them to Chinese associates.

The 64-year-old was subject to a six-week trial in a Los Angeles, California federal court.

Prosecutors alleged that Shih, alongside co-defendant Kiet Ahn Mai of Pasadena, California, conspired to gain access to a sensitive system belonging to an unnamed US firm which manufactured semiconductor chips and Monolithic Microwave Integrated Circuits (MMICs).

The victim company’s PC systems were accessed fraudulently after Mai posed as a potential customer, giving Shih the opportunity to obtain custom processors. While the firm in question believed the chips would only be used in the United States, Shih transferred the products to the Chengdu GaStone Technology Company (CGTC), a Chinese firm building an MMIC manufacturing plant.

Evidence suggested that Shih managed to “defraud the US company out of its proprietary, export-controlled items, including its design services for MMICs.”

Submission + - OpenPGP Keyserver Attack Ongoing

Submitted by Trailrunner7
Trailrunner7 writes: There’s an interesting and troubling attack happening to some people involved in the OpenPGP community that makes their certificates unusable and can essentially break the OpenPGP implementation of anyone who tries to import one of the certificates.

The attack is quite simple and doesn’t exploit any technical vulnerabilities in the OpenPGP software, but instead takes advantage of one of the inherent properties of the keyserver network that’s used to distribute certificates. Keyservers are designed to allow people to discover the public certificates of other people with them they want to communicate over a secure channel. One of the properties of the network is that anyone who has looked at a certificate and verified that it belongs to another specific person can add a signature, or attestation, to the certificate. That signature basically serves as the public stamp of approval from one user to another.

Last week, two people involved in the OpenPGP community discovered that their public certificates had been spammed with tens of thousands of signatures--one has nearly 150,000--in an apparent effort to render them useless. The attack targeted Robert J. Hansen and Daniel Kahn Gillmor, but the root problem may end up affecting many other people, too.

Matthew Green, a cryptographer and associate professor at Johns Hopkins University, said that the attack points out some of the weaknesses in the entire OpenPGP infrastructure.

"PGP is old and kind of falling apart. There's not enough people maintaining it and it's full of legacy code. There are some people doing the lord's work in keeping it up, but it's not enough," Green said. "Think about like an old hospital that's crumbling and all of the doctors have left but there's still some people keeping the emergency room open and helping patients. At some point you have to ask whether it's better just to let it close and let something better come along.

"I think PGP is preventing the development of better stuff and the person who did this is clearly demonstrating this problem."

Comment Re:This is all about Gillette (Score 1) 317

by overdamped (#58095840) Attached to: YouTube Struggles To Fight Mobs Weaponizing Their 'Dislike' Button
This is absolutely correct. Google could care less about their bombed mashup. This is very much about satiating Proctor & Gamble's branding on future products and limiting PR damage. It's extremely sad when free speech takes a nosedive to corporate interests, but google started down this track long before youtube with the "good censor" memo. This is only a byproduct of a company that pushed a huge reality distortion field on its "don't be evil" policy quite some time ago.

Submission + - Food Taste 'Not Protected By Copyright,' EU Court Rules (bbc.com)

Submitted by Anonymous Coward
An anonymous reader writes: The taste of a food cannot be protected by copyright, the EU's highest legal authority has ruled in a case involving a Dutch cheese. The European Court of Justice said the taste of food was too "subjective and variable" for it to meet the requirements for copyright protection. The court was asked to rule in the case of a spreadable cream cheese and herb dip, Heksenkaas, produced by Levola. Levola argued another cheese, Witte Wievenkaas, infringed its copyright. The firm claimed that Heksenkaas was a work protected by copyright; it asked the Dutch courts to insist Smilde, the producers of Witte Wievenkaas, cease the production and sale of its cheese. The Court of Justice of the European Union was asked by Netherlands' court of appeal to rule on whether the taste of a food could be protected under the Copyright Directive.

Slashdot Top Deals

Beware of Programmers who carry screwdrivers. -- Leonard Brandwein

Close