Linux fréttir

Sanitised browser history sparked another investigation

One of the crew who hacked TalkTalk has been ordered to hand over £400,000 after seizing control of a high-profile Instagram account following a hack on Aussie telco Telstra.…

For the love of Windows, please leave that poor text editor alone

Roundup It's the summer holidays. A good time to do things while nobody's watching. Except The Register, of course. Aside from sneaking Notepad into the store, last week Microsoft gave Insiders a new 2020 Windows 10 build, added features back into Skype, rounded out Azure's persistent disk storage and prepared a Typescript update.…

Is the platform's abuse policy unfair to genuine developers?

Developer Patrick Godeau has claimed his business is under threat after his Google Play Publisher account was terminated without a specific reason given.…

"The U.S. Army, as part of a broad counter-unmanned aerial systems strategy, is pushing forward with the U.S. Air Force to develop a high-powered microwave weapon," reports Popular Mechanics: Microwave radiation can disrupt or destroy electronic equipment exposed to them, "cooking" internal circuits much in the same way a fork or other metal objects placed in a microwave oven will cause the oven's electronics to melt down. Here's 2018 footage of a Raytheon HPM system tested at Fort Sill in 2018. The Pentagon has researched high powered microwave weapons for years, but the threat of drone swarms may have presented it with the perfect threat. The military is preparing for the eventuality of facing swarms of suicide drones on the battlefield, each carrying an explosive payloads or prepared to make a suicide attack. Current anti-drone weapons include jammers, shotguns, nets, and even birds, but many of these weapons are only effective against one or a small number of drones at once, and not the dozens or more drones envisioned in the worst drone swarm scenarios.... Microwave radiation doesn't care about rain and other inclement weather, it doesn't rely on individual shots of ammunition, and as long as the electrical generator powering is powered on, it will continue to "fire"... The weapon's broad firing arc means it could take out many drones at once, defeating enemy drone swarms. The joint Army/Air Force microwave weapon prototype "should be operational by 2022."

Read more of this story at Slashdot.

Spec design flaw stiffs security of gizmos

Roundup Let's run through all the bits and bytes of security news beyond what we've already covered. Also, don't forget our articles from this year's Black Hat, DEF CON, and BSides Las Vegas conferences in the American desert.…

After inaction, technical changes promise better fraud defense

Three years ago, Google software engineer Ali Juma proposed that Chrome should be modified to ignore recently moved iframe elements on web pages as a defense against clickjacking.…

Bill approaching £9m compared to £4.1m for the system in 2016

Concerns have been raised over a key supplier of an e-counting system for the London Mayoral elections in 2020.…

"Earlier this year I gave a talk at FullStack conference in London about making iFrames cool again," writes a lead engineer at PayPal. In a nutshell: iframes let you build user experiences into embeddable 'cross-domain components', which let users interact with other sites without being redirected. There are a metric ton of awesome uses for that other than tracking and advertizing. Nothing else comes close for this purpose; and as a result, I feel we're not using iframes to their full potential. There are big problems, though... My talk went into how at PayPal, we built Zoid to solve some of the major problems with iframes and popups: - Pre-render to avoid the perception of slow rendering - Automatically resize frames to fit child content - Automatically resize frames to fit child content - Pass down any kind of data and functions/callbacks as props (just like React), and avoid the nightmare of cross-domain messaging between windows. - Make iframes and popups feel like first class (cross-domain) components. Zoid goes a long way. But there are certain problems a mere javascript library can not solve. This is my bucket list for browser vendors, to make iframes more of a first class citizen on the web... Because fundamentally: the idea of cross-domain embeddable components is actually pretty useful once you start talking about shareable user experiences, rather than just user-tracking and advertizing which are obviously pills nobody enjoys swallowing. He acknowledges that he "really likes" the work that's been done on Google Chrome's Portals (which he earlier described as "like iframes, but better, and worse.") "I just hope iframes don't get left behind."

Read more of this story at Slashdot.

Screen says 'Data save failed' so it must be true

Who, Me? The weekend is over and that means another tale of reader misdeeds to kick-start your Monday with our regular column, Who, Me?…

Nvidia is pleased with its latest numbers, and more

Roundup Our weekly AI roundup is back from a little summer break, and once again covering bits and pieces from the world of machine learning beyond what's already been reported by Team Register.…

Long-time Slashdot reader StonyCreekBare shared this press release from the Texas Department of Information Resources (Dir) press release as of August 17, 2019, at approximately 5:00 p.m. central time: On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments... At this time, the evidence gathered indicates the attacks came from one single threat actor. Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time. It appears all entities that were actually or potentially impacted have been identified and notified. Twenty-three entities have been confirmed as impacted. Responders are actively working with these entities to bring their systems back online. The State of Texas systems and networks have not been impacted.

Read more of this story at Slashdot.

To address the affects of global warming, a team of designers "propose building ice-making submarines that would ply polar waters and pop out icebergs to replace melting floes," reports NBC News: "Sea level rise due to melting ice should not only be responded [to] with defensive solutions," the designers of the submersible iceberg factory said in an animated video describing the vessel, which took second place in a recent design competition held by the Association of Siamese Architects. The video shows the proposed submarine dipping slowly beneath the ocean surface to allow seawater to fill its large hexagonal well. When the vessel surfaces, an onboard desalination system removes the salt from the water and a "giant freezing machine" and chilly ambient temperatures freeze the fresh water to create the six-sided bergs. These float away when the vessel resubmerges and starts the process all over again. A fleet of the ice-making subs, operating continuously, could create enough of the 25-meter-wide "ice babies" to make a larger ice sheet, according to the designers. Faris Rajak Kotahatuhaha, an architect in Jakarta and the leader of the project, said he sees the design as a complement to ongoing efforts to curb emissions. "Experts praised the designers' vision but cast doubt on the project's feasibility."

Read more of this story at Slashdot.

Stack Overflow shares a new tool from a team of researchers that "takes the description of a programming task as a query and then provides relevant, comprehensive programming solutions containing both code snippets and their succinct explanations" -- the Crowd Knowledge Answer Generator (or CROKAGE): In order to reduce the gap between the queries and solutions, the team trained a word-embedding model with FastText, using millions of Q&A threads from Stack Overflow as the training corpus. CROKAGE also expanded the natural language query (task description) to include unique open source software library and function terms, carefully mined from Stack Overflow. The team of researchers combined four weighted factors to rank the candidate answers... In particular, they collected the programming functions that potentially implement the target programming task (the query), and then promoted the candidate answers containing such functions. They hypothesized that an answer containing a code snippet that uses the relevant functions and is complemented with a succinct explanation is a strong candidate for a solution. To ensure that the written explanation was succinct and valuable, the team made use of natural language processing on the answers, ranking them most relevant by the four weighted factors. They selected programming solutions containing both code snippets and code explanations, unlike earlier studies. The team also discarded trivial sentences from the explanations... The team analyzed the results of 48 programming queries processed by CROKAGE. The results outperformed six baselines, including the state-of-art research tool, BIKER. Furthermore, the team surveyed 29 developers across 24 coding queries. Their responses confirm that CROKAGE produces better results than that of the state-of-art tool in terms of relevance of the suggested code examples, benefit of the code explanations, and the overall solution quality (code + explanation). The tool is still being refined, but it's "experimentally available" -- although "It's limited to Java queries for now, but the creators hope to have an expanded version open to the public soon." It will probably be more useful than Stack Roboflow, a site that uses a neural network to synthesize fake Stack Overflow questions.

Read more of this story at Slashdot.

"As someone who studies cybersecurity and information warfare, I'm concerned that a cyberattack with widespread impact, an intrusion in one area that spreads to others or a combination of lots of smaller attacks, could cause significant damage, including mass injury and death rivaling the death toll of a nuclear weapon," warns an assistant Professor of Computer Science, North Dakota State University: Unlike a nuclear weapon, which would vaporize people within 100 feet and kill almost everyone within a half-mile, the death toll from most cyberattacks would be slower. People might die from a lack of food, power or gas for heat or from car crashes resulting from a corrupted traffic light system. This could happen over a wide area, resulting in mass injury and even deaths... The FBI has even warned that hackers are targeting nuclear facilities. A compromised nuclear facility could result in the discharge of radioactive material, chemicals or even possibly a reactor meltdown. A cyberattack could cause an event similar to the incident in Chernobyl. That explosion, caused by inadvertent error, resulted in 50 deaths and evacuation of 120,000 and has left parts of the region uninhabitable for thousands of years into the future. My concern is not intended to downplay the devastating and immediate effects of a nuclear attack. Rather, it's to point out that some of the international protections against nuclear conflicts don't exist for cyberattacks... Critical systems, like those at public utilities, transportation companies and firms that use hazardous chemicals, need to be much more secure... But all those systems can't be protected without skilled cybersecurity staffs to handle the work. At present, nearly a quarter of all cybersecurity jobs in the US are vacant, with more positions opening up than there are people to fill them. One recruiter has expressed concern that even some of the jobs that are filled are held by people who aren't qualified to do them. The solution is more training and education, to teach people the skills they need to do cybersecurity work, and to keep existing workers up to date on the latest threats and defense strategies.

Read more of this story at Slashdot.

In just 16 days XKCD author Randall Munroe releases a new book titled How To: Absurd Scientific Advice for Common Real-World Problems. He's just released an excerpt from the chapter "How to Catch a Drone," in which he actually enlisted the assistance of tennis star Serena Williams. An anonymous reader writes: Serena and her husband Alexis just happened to have a DJI Mavic Pro 2 with a broken camera -- and Munroe asked her to try to smash it with tennis balls. "My tentative guess was that a champion player would have an accuracy ratio around 50 when serving, and take 5-7 tries to hit a drone from 40 feet. (Would a tennis ball even knock down a drone? Maybe it would just ricochet off and cause the drone to wobble! I had so many questions.) "Alexis flew the drone over the net and hovered there, while Serena served from the baseline..." His blog has the rest of the story, and Munroe has even illustrated the experiment, promising that the book also contains additional anti-drone strategies, an analysis of other sports projectiles, and "a discussion with a robot ethicist about whether hitting a drone with a tennis ball is wrong."

Read more of this story at Slashdot.

It's an unexpected surprise that's been popping up "all over the country," according to the Better Business Bureau. People are receiving boxes of unordered merchandise from Amazon. The companies, usually foreign, third-party sellers that are sending the items are simply using your address and your Amazon information. Their intention is to make it appear as though you wrote a glowing online review of their merchandise, and that you are a verified buyer of that merchandise. They then post a fake, positive review to improve their products' ratings, which means more sales for them. The payoff is highly profitable from their perspective... The fake online review angle is only one way they benefit...they also are increasing their sales numbers. After all, they aren't really purchasing the items since the payment goes right back to them.... Then there is the "porch pirate" angle. There have been instances where thieves used other people's mailing addresses and accounts, then watched for the delivery of the package so they can steal it from your door before you get it... The fact that someone was able to have the items sent to you as if you purchased them indicates that they probably have some of your Amazon account information. Certainly, they have your name and address and possibly, your phone number and a password. The company either hacked your account themselves or purchased the information from a hacker. The BBB notes that although it's strange to receive boxes of unordered merchandise, "You are allowed to keep it. The Federal Trade Commission says you have a legal right to keep unordered merchandise." "The bigger issue is: What do you do about your information having been obtained by crooks?"

Read more of this story at Slashdot.

"Don't ask your smart device to look up a phone number, because it may accidentally point you to a scam," warn the consumer watchdogs at the Better Business Bureau: You need the phone number for a company, so you ask your home's smart device -- such as Google Home, Siri, or Alexa -- to find and dial it for you. But when the company's "representative" answers, the conversation takes a strange turn. This representative has some odd advice! They may insist on your paying by wire transfer or prepaid debit card. In other cases, they may demand remote access to your computer or point you to an unfamiliar website. Turns out, that this "representative" isn't from the company at all. Scammers create fake customer service numbers and bump them to the top of search results, often by paying for ads. When Siri, Alexa, or another device does a voice search, the algorithm may accidentally pick a scam number. One recent victim told BBB.org/ScamTracker that she used voice search to find and call customer service for a major airline. She wanted to change her seat on an upcoming flight, but the scammer tried to trick her into paying $400 in pre-paid gift cards by insisting the airline was running a special promotion. In another report, a consumer used Siri to call what he thought was the support number for his printer. Instead, he found himself in a tech support scam. People put their faith in voice assistants, even when they're just parroting the results from search engines, the BBB warns. The end result? "Using voice search to find a number can make it harder to tell a phony listing from the real one."

Read more of this story at Slashdot.

Google has made a proposal to the unofficial cert industry group that "would cut lifespan of SSL certificates from 825 days to 397 days," reports ZDNet. No vote was held on the proposal; however, most browser vendors expressed their support for the new SSL certificate lifespan. On the other side, certificate authorities were not too happy, to say the least. In the last decade and a half, browser makers have chipped away at the lifespan of SSL certificates, cutting it down from eight years to five, then to three, and then to two. The last change occured in March 2018, when browser makers tried to reduce SSL certificate lifespans from three years to one, but compromised for two years after pushback from certificate authorities. Now, barely two years later after the last change, certificate authorities feel bullied by browser makers into accepting their original plan, regardless of the 2018 vote... This fight between CAs and browser makers has been happening in the shadows for years. As HashedOut, a blog dedicated to HTTPS-related news, points out, this proposal is much more about proving who controls the HTTPS landscape than everything. "If the CAs vote this measure down, there's a chance the browsers could act unilaterally and just force the change anyway," HashedOut said. "That's not without precendent, but it's also never happened on an issue that is traditionally as collegial as this. "If it does, it becomes fair to ask what the point of the CA/B Forum even is. Because at that point the browsers would basically be ruling by decree and the entire exercise would just be a farce." Security researcher Scott Helme "claims that this process is broken and that bad SSL certificates continue to live on for years after being mississued and revoked -- hence the reason he argued way back in early 2018 that a shorter lifespan for SSL certificates would fix this problem because bad SSL certs would be phased out faster." But the article also notes that Timothy Hollebeek, DigiCert's representative at the CA/B Forum argues that the proposed change "has absolutely no effect on malicious websites, which operate for very short time periods, from a few days to a week or two at most. After that, the domain has been added to various blacklists, and the attacker moves on to a new domain and acquires new certificates."

Read more of this story at Slashdot.

The New York Times explains a new issue by describing what happened when Xavier Einaudi tried to close his Wells Fargo checking account. For weeks after the date the bank said the accounts would be closed, it kept some of them active. Payments to his insurer, to Google for online advertising and to a provider of project management software were paid out of the empty accounts in July. Each time, the bank charged Einaudi a $35 overdraft fee... By the middle of July, he owed the bank nearly $1,500. "I don't even know what happened," he said. Current and former bank employees said Einaudi was charged because of the way Wells Fargo's computer system handles closed accounts: An account the customer believes to be closed can stay open if it has a balance, even one below zero. And each time a transaction is processed for an overdrawn account, Wells Fargo tacks on a fee. The problem has gone unaddressed by the bank despite complaints from customers and employees, including one in the bank's debt-collection department who grew concerned after taking in an estimated $100,000 in overdraft fees over eight months... Most banks program their systems to stop honoring transactions on the specified date, but Wells Fargo allows accounts to remain open for two more months, according to current and former employees. Customers usually learn what happened only after their overdrawn accounts are sent to Wells Fargo's collections department. If the customers do not pay the overdraft fees, they are reported to a national database like Early Warning Services, which compiles names of delinquent bank customers. That often means a customer cannot open a new bank account anywhere, and getting removed from the lists can take hours' worth of phone calls.

Read more of this story at Slashdot.

Open floor plans create "a minefield of distractions," writes CNBC. But now they're being countered by a new trend that one office interior company's owner says "started with tech companies and the need for privacy." They're called "office pods..." They provide a quiet space for employees to conduct important phone calls, focus on their work or take a quick break. "We are seeing a large trend, a shift to having independent, self-contained enclosures," said Caitlin Turner, a designer at the global design and urban planning firm HoK. She said the growing demand for pods is a direct result of employees expressing their need for privacy... Prices can range anywhere from $3,495 for a single-user pod from ROOM to $15,995 for an executive suite from ZenBooth. Pod manufacturers are expanding rapidly. In addition to Zenbooth and ROOM, there are TalkBox, PoppinPod, Spaceworx and Framery. Pod sizes also vary to include individual booths designed for a single user, medium-sized pods for small gatherings of two to three people and larger executive spaces that could host up to four to six people. Sam Johnson, the founder of Zenbooth, said the idea for pods came from his experience working in the tech industry, where he quickly became disillusioned by the open floor plan. It was an "unsolved problem" that prompted him to quit his job and found ZenBooth, a pod company based in the Bay Area, in 2016. He said the company is a "privacy solutions provider" that offers "psychological safety" via a peaceful space to work and think. "We've had customers say to us that we literally couldn't do our job without your product," Johnson said. The company now counts Samsung, Intel, Capital One and Pandora, among others, as clients, as it works in tech hubs including Boston, the Bay Area, New York and Seattle. Its biggest customer, Lyft, has 35 to 40 booths at its facilities. "In 2014, 70% of companies had an open floor plan, according to the International Facility Management Association," the article points out -- though one Queensland University of Technology study found 90% of employees in open floor plan offices actually experienced more stress and conflict, along with higher blood pressure and increased turnover.

Read more of this story at Slashdot.