Slashdot

Syndicate content Slashdot
News for nerds, stuff that matters
Updated: 58 min 36 sec ago

J.J. Abrams Reacts To Death of Star Trek Actor Anton 'Chekov' Yelchin

6/19/2016 7:32pm
On Sunday morning 27-year-old actor Anton Yelchin, who plays Chekov in the new Star Trek movies, was killed in a freak accident with his own car in the driveway of his home in Studio City. "It appears he momentarily exited his car and it rolled backward, causing trauma that led to his death," a police spokesperson told the Hollywood Reporter. This afternoon J. J. Abrams tweeted a picture of a handwritten eulogy addressed to Anton. "You were brilliant. You were kind. You were funny as hell, and supremely talented. And you weren't here nearly long enough. Missing you..." Zachary Quinto, who plays Mr. Spock, also tweeted a link to a picture posted in memorial on Instagram, where he called Yelchin "one of the most open and intellectually curious people I have ever had the pleasure to know... wise beyond his years, and gone before his time..." Stephen King called him a "crazily talented actor gone too soon," remembering Yelchin from one of his last roles in a 10-episode adaptation of King's "Mr. Mercedes". Yelchin will play a mentally deranged ice cream truck driver who's also an IT worker for a Geek Squad-like company named "Cyber Patrol".

Read more of this story at Slashdot.

One Million IP Addresses Used In Brute-Force Attack On A Bank

6/19/2016 6:34pm
Cisco says in just one week in February they detected 1,127,818 different IP addresses being used to launch 744,361,093 login attempts on 220,758,340 different email addresses -- and that 93% of those attacks were directed at two financial institutions in a massive Account Takeover (ATO) campaign. An anonymous reader writes: Crooks used 993,547 distinct IPs to check login credentials for 427,444,261 accounts. For most of these attacks, the crooks used proxy servers, but also two botnets, one of compromised Arris cable modems, and one of ZyXel routers/modems. Most of these credentials have been acquired from public breaches or underground hacking forums. This happened before the recent huge data breaches such as MySpace, LinkedIn, Tumblr, and VK.com. It's apparently similar to the stolen-credentials-from-other-sites attack that was launched against GitHub earlier this week.

Read more of this story at Slashdot.

IBM Engineer Builds a Harry Potter Sorting Hat Using 'Watson' AI

6/19/2016 5:33pm
An anonymous reader writes: As America celebrates Father's Day, The Next Web reports on an IBM engineer who found a way to combine his daughters' interest in the Harry Potter series with an educational home technology project. Together they built a Hogwarts-style sorting hat -- which assigns its wearer into an appropriate residence house at the school of magic -- and it does it using IBM's cognitive computing platform Watson. "The hat uses Watson's Natural Language Classifier and Speech to Text to let the wearer simply talk to the hat, then be sorted according to what he or she says..." reports The Next Web. "Anderson coded the hat to pick up on words that fit the characteristics of each Hogwarts house, with brainy and cleverness going right into Ravenclaw's territory and honesty a recognized Hufflepuff attribute." The hat's algorithm would place Stephen Hawking and Hillary Clinton into Ravenclaw, according to the article, while Donald Trump "was assigned to Gryffindor for his boldness -- but only with a 48 percent certainty." The sorting hat talks, drawing its data directly from the IBM Cloud, and if you're interested in building your own, the IBM engineer has shared a tutorial online.

Read more of this story at Slashdot.

New Ransomware Written Entirely In JavaScript

6/19/2016 4:35pm
An anonymous reader writes: Security researchers have discovered a new form of ransomware written entirely in JavaScript and using the CryptoJS library to encode a user's files. Researchers say the file is being distributed through email attachments, according to SC Magazine, which reports that "Opening the attachment kicks off a series of steps that not only locks up the victim's files, but also downloads some additional malware onto the target computer. The attachment does not visibly do anything, but appears to the victim as a corrupted file. However, in fact it is busy doing its dirty work in the background. This includes deleting the Windows Volume Shadow Copy so the encrypted files cannot be recovered and the ransomware is set to run every time Windows starts up so it can capture any new information." "It's a little bit unusual to see an actual piece of ransomware powered by a scripting language," one security executive tells the magazine, which suggests disabling e-mail attachments that contain a JavaScript file.

Read more of this story at Slashdot.

Will Self-Driving Cars Destroy the Auto Insurance Industry?

6/19/2016 3:37pm
An anonymous reader quotes an article from the Bay Area News Group: Imagine your fully autonomous self-driving car totals a minivan. Who pays for the damages? "There wouldn't be any liability on you, because you're just like a passenger in a taxi," says Santa Clara University law professor Robert Peterson. Instead, the manufacturer of your car or its software would probably be on the hook... Virtually everything around car insurance is expected to change, from who owns the vehicles to who must carry insurance to who -- or what -- is held responsible for causing damage, injuries and death in an accident." Ironically, if you're only driving a semi-autonomous car, "you could end up in court fighting to prove the car did wrong, not you," according to the article. Will human drivers be considered a liability -- by insurers, and even by car owners? The article notes that Google is already testing a car with no user-controlled brake pedal or steering wheel. Of course, one consumer analyst warns the newspaper that "hackers will remain a risk, necessitating insurance coverage for hostile takeover of automated systems..."

Read more of this story at Slashdot.

Ethereum Debate Marred By Second Digital Currency Heist

6/19/2016 2:38pm
Thursday's news of a $50 million heist of digital currency at Ethereum. was followed today by reports of a second heist from the DAO, according to the Bitcoin News Service -- this one for just 22 Ether. "It appears this is just someone who wanted to test the exploit and see if they could use it to their advantage... " Slashdot reader Patrick O'Neill writes: The currency's community is currently debating a course forward for a currency who is built on the idea that it is governed by software and not human beings. One option is to fork the code, another is to do absolutely nothing at all." Vitalik Buterin, the co-founder of Ethereum, posted Sunday that "Over the last day with the community's help we have crowdsourced a list of all of the major bugs with smart contracts on Ethereum so far, including both the DAO as well as various smaller 100-10000 ETH thefts and losses in games and token contracts." The list begins by including "The DAO (obviously)," but is followed by a warning that "progress in smart contract safety is necessarily going to be layered, incremental, and necessarily dependent on defense-in-depth. There will be further bugs, and we will learn further lessons; there will not be a single magic technology that solves everything." The Daily Dot wrote Friday that "Because of the way the code in question is written, Etherum's developers and community have 27 days to decide what to do before the hackers are able to move the money and cash out... What's happening now amounts to a political campaign. But the debate is far from over. The clock is ticking now, the world is watching, and the next step of the cryptocurrency experiment is unfolding under a spotlight burning hotter every day."

Read more of this story at Slashdot.

Slashdot Asks: Does Your Company Have A Breach Response Team?

6/19/2016 1:35pm
This week HelpNetSecurity reported on a study that found that "the average data breach cost has grown to $4 million, representing a 29 percent increase since 2013.. 'The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don't have a plan in place to deal with this process efficiently," said Caleb Barlow, Vice President, of IBM Security." But the most stunning part of the study was that each compromised record costs a company $158 (on average), and up to $355 per record in more highly-regulated industries like healthcare, according to the study -- $100 more than in 2013. And yet it also found that having an "incident response team" greatly reduces the cost of a data breach. So I'd be curious how many Slashdot readers work for a company that actually has a team in place to handle data breaches. Leave your answers in the comments. Does your company have an incident response team ?

Read more of this story at Slashdot.

Big Tech Squashes New York's 'Right To Repair' Bill

6/19/2016 12:30pm
Damon Beres, writing for The Huffington Post: Major tech companies like Apple have trampled legislation that would have helped consumers and small businesses fix broken gadgets. New York state legislation that would have required manufacturers to provide information about how to repair devices like the iPhone failed to get a vote, ending any chance of passage this legislative session. Similar measures have met the same fate in Minnesota, Nebraska, Massachusetts and, yes, even previously in New York. Essentially, politicians never get to vote on so-called right to repair legislation because groups petitioning on behalf of the electronics industry gum up the proceedings. "We were disappointed that it wasn't brought to the floor, but we were successful in bringing more attention to the issue," New York state Sen. Phil Boyle (R), a sponsor of the bill, told The Huffington Post.

Read more of this story at Slashdot.

KDE Bug Fixed After 13 Years

6/19/2016 11:30am
About 50 KDE developers met this week in the Swiss Alps for the annual Randa Meetings, "seven days of intense in-person work, pushing KDE technologies forward and discussing how to address the next-generation demands for software systems." Christoph Cullmann, who maintains the Kate editor, blogs that during this year's sprint, they finally fixed a 13-year-old bug. He'd filed the bug report himself -- back in 2003 -- and writes that over the next 13 years, no one ever found the time to fix it. (Even though the bug received 333 "importance" votes...) After finally being marked Resolved, the bug's tracking page at KDE.org began receiving additional comments marveling at how much time had passed. Just think, when this bug was first reported: -- The current Linux Kernel was 2.6.31... -- Windows XP was the most current desktop verison. Vista was still 3 years away. -- Top 2 Linux verions? Mandrake and Redhat (Fedora wouldn't be released for another 2 months, Ubuntu's first was more than a year away.)

Read more of this story at Slashdot.

South Australia Refuses To Stop Using An Expired, MS-DOS-Based Health Software

6/19/2016 10:30am
jaa101 writes: The Australian state of South Australia is being sued for refusing to stop using CHIRON, an MS-DOS-based software from the '90s that stores patient records. Their license expired in March of 2015, but they claim it would be risky to stop using it. CHIRON's vendor, Working Systems, says SA Health has been the only user of CHIRON since 2008 when they declined to migrate to the successor product MasterCare ePAS. SA Health has 64 sites across South Australia -- all of which are apparently still using the MS-DOS-based health software from the 1990s.

Read more of this story at Slashdot.

Mattel Sells Out Of 'Game Developer Barbie'

6/19/2016 9:30am
Long-time Slashdot reader sandbagger writes: The Mattel people have released a new Barbie doll figurine touted as Game Developer Barbie. Dressed in jeans and a t-shirt, she was apparently designed by a game developer. It's already sold out on Mattel's web site, with CNET saying it provides a better role model than a 2014 book In which "computer engineer" Barbie designed a cute game about puppies, then admitted "I'll need Steven's and Brian's help to turn it into a real game," before her laptop crashed with a virus. Mattel says that with this new doll, "young techies can play out the creative fun of this exciting profession," and the doll even comes with a laptop showing an IDE on the screen. Sandbagger's original submission ended with a question. Do Slashdot readers think this will inspire a new generation of programmers to stay up late writing code?

Read more of this story at Slashdot.

The Geek Behind Google's Takeover of the Map

6/19/2016 7:30am
tedlistens writes: Google's map isn't just a map. It's a living, complex manifestation of the data that billions of users and a team of thousands of engineers and designers feed it every day. The public face of the company's mapping effort is Ed Parsons, a gregarious Briton and geographer who as Google's Geospatial Technologist evangelizes for its mission of organizing the world's geographic information. He also works on building the trust the company needs to make Google Maps and Google Earth more detailed, useful, and increasingly, 3-D and interactive -- what he describes as "a selfie for the planet." The terrain isn't easy: that mission faces challenges from cartographical purists, hoping to preserve the art of cartography, and the democratic mappers of OpenStreetMap ("it's become almost a parody"); from governments seeking to police sensitive borders; from a host of tech companies fighting over the map business; and from privacy defenders concerned about what Google does with that data. "We're kind of looking at what to do with it. We've got a very rich source of data there, but also one that we have to be very careful of," he says. "Your location on the planet is one of the most sensitive pieces of information that anyone can hold on you."

Read more of this story at Slashdot.

Bill Gates' Donation of Thousands of Chickens Rejected by Bolivia

6/19/2016 3:30am
HughPickens.com shares an article from The Verge: Bill Gates' philanthropic efforts are usually greeted with near-universal praise, but a recent attempt by the US billionaire to donate 100,000 chickens ruffled some feathers. The leftist government of Bolivia...has refused the donation, describing Gates' gift as "offensive." "He does not know Bolivia's reality to think we are living 500 years ago, in the middle of the jungle not knowing how to produce," said Cesar Cocarico [Bolivia's minister of land and rural development]... "Respectfully, he should stop talking about Bolivia, and once he knows more, apologize to us." Gates' "Coop Dreams" initiative partnered with Heifer International, a group which fights poverty by delivering livestock and agricultural training, to deliver 100,000 chickens around the world, mostly to sub-Saharan Africa, as a way to improve the lives of people making $2 a day. In a blog post Gates noted that chickens are cheap and easy to take care, while selling flocks of chickens can be a profitable business, and raising chickens offers other benefits to children and families. "Our foundation is betting on chickens..." Gates writes, adding "if I were in their shoes, that's what I would do -- I would raise chickens."

Read more of this story at Slashdot.

Open and Rich Co-exist But Don't Mingle So Much

6/18/2016 11:30pm
In an interview with The Atlantic, Ev Williams, best known for co-founding Blogger, Twitter, and Medium, says the web is about money now -- and not creativity. According to him, the burst of creativity has repeatedly been followed by big companies showing up and locking it down. From the article: But the thing about dreaming up a future, and making it real, is then you have to live in it. Back in San Francisco, coming out of the BART station on Market Street, he admits that the web game has changed since he came up. [Editor's note: he is talking about web services that allow you to book a taxi with an app, pay for stuff you purchase with your phone]. "There were always ecommerce startups," he says. "I was never part of that world, and we kind of looked down on them when the whole boom was happening. We were creating businesses, but ours had more creativity, ours weren't just for the money. Or maybe ours were even for utility but not just money, whereas clearly there are ways for both." He laughs. "Even the Google guys -- they were trying to create something really useful and good for the world, and they made all the money." Software developer and writer Dave Winer disagrees. He believes that not all technologies are money-driven -- at least when you look at it from a different perspective. He writes: The fun is over. Now it's about money. I guess that's what you see from his perspective. And from Facebook, Apple and Google, and maybe Oracle and Salesforce, and a few others. But there are technologies that went a different way. My favorite example is Manhattan's relationship to Central Park. The apartment buildings around the park are the money, and the creativity is in the park. The buildings are exclusive, the most expensive real estate in the world. The park is open to anyone, rich or poor, from anywhere in the world. The park is the engine of renewal. It's where the new stuff comes from. The buildings are where the money is parked. In the interview Williams did with the Atlantic, in NYC, they looked into the park from a nearby hotel. That's one valid perspective of course. Or you could go for a walk and see wha''s happening inside the park. You can see a great concert at Lincoln Center or Carnegie Hall, but there's great music in the park too. It's different. But it's good music. And the price is right.

Read more of this story at Slashdot.

Political Party's Videoconference System Hacked, Allowed Spying On Demand

6/18/2016 9:30pm
The political party heading the Quebec parliament "had its internal videoconference system hacked in what seems to be a default password hack," writes Slashdot reader courteaudotbiz , citing reports in a Canadian newspaper. "Quebec Liberals got a lesson in how not to use the internet," joked one Quebec news station, writing that the security flaw "allowed anyone to gain access to strategy meetings and watch any of the party's live video conferences; and at least one person did... According to the source it was as easy as using a commonly used password, that is often the default code that never gets changed." While the default password has since been changed, it represents the second high-profile Canadian password screw-up, since last week in Winnipeg, "Two 14-year-old high school students managed to hack into a Bank of Montreal ATM at a super market during their lunch break using an operator's manual they found online... They notified a nearby BMO branch manager, who was nice enough to write the pair notes for being absent from school as they showed security personnel how they did it."

Read more of this story at Slashdot.

Delete Or Update All Adobe Flash Player Instances, Experts Warn

6/18/2016 7:33pm
An anonymous reader quotes an article from BankInfoSecurity: Security experts are once again warning enterprises to immediately update -- or delete -- all instances of the Adobe Flash Player they may have installed on any system in the wake of reports that a zero-day flaw in the web browser plug-in is being targeted by an advanced persistent threat group.... The bug exists in Adobe Flash Player 21.0.0.242 and earlier versions -- running on Windows, Mac, Linux, and Chrome OS -- and "successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system." Thursday Adobe released an updated version of Flash patching 36 separate vulnerabilities, including the critical vulnerability which "if exploited would allow malicious native-code to execute, potentially without a user being aware." While applauding Adobe's quick response, researchers at Kaspersky Lab say it's already been exploited in Russia, Nepal, South Korea, China, India, Kuwait and Romania, and BankInfoSecurity writes that "The latest warning over this campaign reinforces just how often APT attackers target Flash, thus making a potential business case for banning it for inside the enterprise."

Read more of this story at Slashdot.

New Algorithm Could Help Predict Future ISIS Attacks

6/18/2016 5:26pm
An anonymous reader writes: Researchers have developed a new algorithm which may help law enforcement agencies predict potential terror attacks. The computer model has a particular focus on the behavioral patterns associated with Islamic State (ISIS) supporters... For eight months in 2015, the researchers tracked 108,086 individual followers on ISIS-related social media pages, noting that sudden increases in the number of pages "preceded the onset of violence in a way that would not have been detected by looking at social media references to ISIS alone." According to The Stack, the University of Miami team "used a mathematical equation typically applied in physics and chemistry to monitor the development and growth of pro-ISIS groups. 'It was like watching crystals forming. We were able to see how people were materializing around certain social groups; they were discussing and sharing information -- all in real-time... This removes the guess work. With that road map, law enforcement can better navigate what is going on, who is doing what, while state security agencies can better monitor what might be developing,..."

Read more of this story at Slashdot.

Fedora QA Lead Pans Canonical 'Propaganda' On Snap Apps

6/18/2016 4:30pm
Long-time Slashdot reader JImbob0i0 shares a scathing article by Red Hat's Fedora QA "community monkey"/senior QA engineer on Canonical's announcement about their application delivery mechanism "snap"... ...and how it's going to unite all distributions and kill apt and rpm! This is, to put it diplomatically, a heaping pile of steaming bullshit... The press release and the stories together give you the strong impression that this thing called Snappy is going to be the cross-distribution future of application delivery, and it's all ready for use today and lots of major distributions are buying into it... The stories have headlines like "Adios apt and yum? Ubuntu's snap apps are coming to distros everywhere" and "Snap Packages Become Universal Binary Format for All GNU/Linux Distributions"... Now, does Snappy actually have the cross-distribution buy-in that the press release claims (but never outright states) that it has? No... The sum total of communication between Canonical and Fedora before the release of this press release was that they mailed us asking about the process of packaging snappy for Fedora, and we told them about the main packaging process and COPR. They certainly did not in any way inform Fedora that they were going to send out a press release strongly implying that Fedora, along with every other distro in the world, was now a happy traveler on the Snappy bandwagon... They just decided to send out a wildly misleading press release and actively encourage the specialist press to report that Snappy was all set to take over the world and everyone was super happy with that.

Read more of this story at Slashdot.

Ask Slashdot: Should You Store Medical Details In The Cloud?

6/18/2016 3:30pm
"Paper forms are a security risk", warns the web site for CareMonkey, which maintains digital and up-to-date medical information in the cloud "for any organization with a duty of care". This is raising concerns for long-time Slashdot reader rolandw, who says he's being asked by his daughter's school to approve using the site to store "her full medical details". CareMonkey say that this data is stored on AWS and their security page says that it is secured by every protocol ever claimed by AWS (apparently). As a sysadmin and developer who has used AWS extensively for non-secure information my alarm bells are sounding. Should he ignore those alarm bells and approve the storage of his daughter's medical history in the cloud? And if not, what specific reason would you give for refusing?

Read more of this story at Slashdot.

Court Slams Record Companies in New Vimeo/DMCA Ruling

6/18/2016 2:30pm
Remember when Capitol Records sued Vimeo over copyright-violating videos? They just lost in court again, when an Appeals court overruled three lower court decisions. Slashdot reader NewYorkCountryLawyer shares the specifics of the Appeals court's findings: [T]he Copyright Office was dead wrong in concluding that pre-1972 sound recordings aren't covered by the DMCA... the judge was wrong to think that Vimeo employees' merely viewing infringing videos was sufficient evidence of "red flag knowledge"... a few sporadic instances of employees being cavalier about copyright law did not amount to a "policy of willful blindness" on the part of the company. "The decision once again affirms that the DMCA extends immunity to a service provider for the infringement of their customers if the service provider removes material at the request of the right holder," writes Ars Technica.

Read more of this story at Slashdot.

novalug.com