Linux fréttir

It's 2019 – and you can completely pwn a Qualcomm-powered Android over the air

TheRegister - Tue, 2019-08-06 05:56
Grab security patches now from chip designer, Google

Black Hat It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices.…

Categories: Linux fréttir

PIN the blame on us, says Monzo in mondo security blunder: Bank card codes stored in log files as plain text

TheRegister - Tue, 2019-08-06 05:09
Why bother go for databases when insecure log files appears to be where all the data is at

Trendy online-only Brit bank Monzo is telling hundreds of thousands of its customers to pick a new PIN – after it discovered it was storing their codes as plain-text in log files.…

Categories: Linux fréttir

First Human-Monkey Chimera Raises Concern Among Scientists

Slashdot - Tue, 2019-08-06 03:30
An anonymous reader quotes a report from The Guardian: Efforts to create human-animal chimeras have rebooted an ethical debate after reports emerged that scientists have produced monkey embryos containing human cells. A chimera is an organism whose cells come from two or more "individuals", with recent work looking at combinations from different species. The word comes from a beast from Greek mythology which was said to be part lion, part goat and part snake. The latest report, published in the Spanish newspaper El Pais, claims a team of researchers led by Prof Juan Carlos Izpisua Belmonte from the Salk Institute in the U.S. have produced monkey-human chimeras. The research was conducted in China "to avoid legal issues," according to the report. Chimeras are seen as a potential way to address the lack of organs for transplantation, as well as problems of organ rejection. Scientists believe organs genetically matched to a particular human recipient could one day be grown inside animals. The approach is based on taking cells from an adult human and reprogramming them to become stem cells, which can give rise to any type of cell in the body. They are then introduced into the embryo of another species. Details of the work reported this week are scarce: Izpisua Belmonte and colleagues did not respond to requests for comment. However Alejandro De Los Angeles, from the department of psychiatry at Yale University, said it was likely monkey-human chimeras were being developed to explore how to improve the proportion of human cells in such organisms. De Los Angeles pointed out that, as with previous work in pigs and sheep, the human-monkey chimeras have reportedly only been allowed to develop for a few weeks -- ie before organs actually form. Prof Robin Lovell-Badge, a developmental biologist from London's Francis Crick Institute, agreed with De Los Angeles. "I don't think it is particularly concerning in terms of the ethics, because you are not taking them far enough to have a nervous system or develop in any way -- it's just really a ball of cells," he said. But Lovell-Badge added that if chimeras were allowed to develop further, it could raise concerns. "How do you restrict the contribution of the human cells just to the organ that you want to make?" he said. "If that is a pancreas or a heart or something, or kidney, then that is fine if you manage to do that. [But] if you allow these animals to go all the way through and be born, if you have a big contribution to the central nervous system from the human cells, then that obviously becomes a concern."

Read more of this story at Slashdot.

Categories: Linux fréttir

Libraries Are Fighting To Preserve Your Right To Borrow E-Books

Slashdot - Tue, 2019-08-06 02:02
Librarian Jessamyn West writes for CNN: For the first two months after a Macmillan book is published, a library can only buy one copy, at a discount. After eight weeks, they can purchase "expiring" e-book copies which need to be re-purchased after two years or 52 lends. As publishers struggle with the continuing shake-up of their business models, and work to find practical approaches to managing digital content in a marketplace overwhelmingly dominated by Amazon, libraries are being portrayed as a problem, not a solution. Libraries agree there's a problem -- but we know it's not us. Public libraries in the United States purchase a lot of e-books, and circulate e-books a lot. According to the Public Library Association, electronic material circulation in libraries has been expanding at a rate of 30% per year; and public libraries offered over 391 million e-books to their patrons in 2017. Those library users also buy books; over 60% of frequent library users have also bought a book written by an author they first discovered in a library, according to Pew. Even Macmillan admits that "Library reads are currently 45% of our total digital book reads." But instead of finding a way to work with libraries on an equitable win-win solution, Macmillan implemented a new and confusing model and blamed libraries for being successful at encouraging people to read their books. With print materials, book economics are simple. Once a library buys a book, it can do whatever it wants with it: lend it, sell it, give it away, loan it to another library so they can lend it. We're much more restricted when it comes to e-books. To a patron, an e-book and a print book feel like similar things, just in different formats; to a library they're very different products. There's no inter-library loan for e-books. When an e-book is no longer circulating, we can't sell it at a book sale. When you're spending the public's money, these differences matter. [...] Their solution isn't just unsupportive, it doesn't even make sense. Allowing a library like the Los Angeles Public Library (which serves 18 million people) the same number of initial e-book copies as a rural Vermont library serving 1,200 people smacks of punishment, not support. And Macmillan's statement, saying that people can just borrow e-books from any library, betrays a fundamental misunderstanding of how public libraries work. Macmillan isn't the first of the "big five" publishers to try to tweak their library sales model to try to recoup more revenue, but they are the first to accuse libraries of being a problem for them and not a partner.

Read more of this story at Slashdot.

Categories: Linux fréttir

Microsoft's New Windows Terminal Update Is Out and It's 'Huge'

Slashdot - Tue, 2019-08-06 01:25
Microsoft has released Windows Terminal Preview version 0.3, the recently launched command-line interface, which it wants to be the newest and best experience for developers who use Windows Command Prompt and PowerShell. ZDNet reports: It launched in June amid concern that it might replace the familiar Command Prompt and PowerShell. Microsoft is allowing Windows Terminal to co-exist with Windows Console but it believes Terminal will become the favored tool among those who need command-line apps. The latest version of the Terminal app is available from the Microsoft Store but it's also available on Microsoft's Releases page on GitHub. Among the improvements in v0.3 is that the interface can now be dragged regardless of where the mouse pointer is positioned on the title bar. The title bar itself has also been updated with a resized dropdown button with new colors and stays to the right of the last opened tab. There are also new colors for the minimize, maximize, and close buttons. Terminal is inheriting some accessibility features that allow tools like Windows Narrator "to interrogate, navigate, and read" the Terminal's user interface controls and text content, according to Kayla Cinnamon, program manager for Windows Terminal, Console and Command-Line. Terminal users can now define the tab title of each profile within settings, which takes priority over the shell-provided tab and should make it easier to tell the difference between profiles. There are now more choices for configuring the background image, with an option to add a background image on an acrylic background, as well as position the background anywhere on the screen. Additionally, Terminal users can now connect to the in-browser command-line called Azure-hosted Cloud Shell, which provides shell access to Azure. Kayla Cinnamon, program manager for Windows Terminal, Console and Command-Line, calls the update "HUGE," noting that the new accessibility features are still a work in progress.

Read more of this story at Slashdot.

Categories: Linux fréttir

Amazon Is Coaching Cops On How To Obtain Surveillance Footage Without a Warrant

Slashdot - Tue, 2019-08-06 00:45
popcornfan679 shares a report from Motherboard: When police partner with Ring, Amazon's home surveillance camera company, they get access to the "Law Enforcement Neighborhood Portal," an interactive map that allows officers to request footage directly from camera owners. Police don't need a warrant to request this footage, but they do need permission from camera owners. Emails and documents obtained by Motherboard reveal that people aren't always willing to provide police with their Ring camera footage. However, Ring works with law enforcement and gives them advice on how to persuade people to give them footage. Emails obtained from police department in Maywood, NJ -- and emails from the police department of Bloomfield, NJ, which were also posted by Wired -- show that Ring coaches police on how to obtain footage. The company provides cops with templates for requesting footage, which they do not need a court warrant to do. Ring suggests cops post often on Neighbors, Ring's free "neighborhood watch" app, where Ring camera owners have the option of sharing their camera footage. As reported by GovTech on Friday, police can request Ring camera footage directly from Amazon, even if a Ring customer denies to provide police with the footage. It's a workaround that allows police to essentially "subpoena" anything captured on Ring cameras. Last week, Motherboard also found that at least 200 law enforcement agencies around the country have entered into partnerships with Amazon's home surveillance company Ring.

Read more of this story at Slashdot.

Categories: Linux fréttir

Jeff Bezos feels a tap on the shoulder. Ahem, Mr Amazon, care to explain how Capital One's AWS S3 buckets got hacked?

TheRegister - Tue, 2019-08-06 00:27
Senator Wyden fears tech may be insecure by design, urges billionaire to answer a few Qs

After last week's revelations that a hacker stole the personal details of 106 million Capital One credit card applicants from its Amazon-hosted cloud storage, a US Senator has demanded Amazon CEO Jeff Bezos explain what exactly what went wrong.…

Categories: Linux fréttir

Amazon Squeezes Sellers That Offer Better Prices On Walmart

Slashdot - Tue, 2019-08-06 00:03
An anonymous reader quotes a report from Bloomberg: Amazon's determination to offer shoppers the best deals is prompting merchants selling products on its marketplace to raise their prices on competing websites, a testament to the company's growing influence over the e-commerce market. Amazon constantly scans rivals' prices to see if they're lower. When it discovers a product is cheaper on, say, Walmart.com, Amazon alerts the company selling the item and then makes the product harder to find and buy on its own marketplace -- effectively penalizing the merchant. In many cases, the merchant opts to raise the price on the rival site rather than risk losing sales on Amazon. Pricing alerts reviewed by Bloomberg show Amazon doesn't explicitly tell sellers to raise prices on other sites, and the goal may be to push them to lower their prices on Amazon. But in interviews, merchants say they're so hemmed in by rising costs levied by Amazon and reliant on sales on its marketplace, that they're more likely to raise their prices elsewhere. The Amazon policy is likely to attract scrutiny from Congress and the FTC for fitting the definition of antitrust behavior. "Monopolization charges are always about business conduct that causes harm in a market," said Jennifer Rie, an analyst at Bloomberg Intelligence who specializes in antitrust litigation. "It could end up being considered illegal conduct because people who prefer to shop on Walmart end up having to pay a higher price."

Read more of this story at Slashdot.

Categories: Linux fréttir

E3 Accidentally Doxxed Over 2,000 Journalists, YouTubers, and Streamers

Slashdot - Mon, 2019-08-05 23:20
The Entertainment Software Association, which runs the E3 video game expo, accidentally made phone numbers, emails, names, and addresses of over 2,000 attendees public on their website. "A copy of the list was archived on several popular message boards for trolls, and includes the home addresses of many reporters," reports BuzzFeed News. From the report: The leaked list was discovered by journalist and YouTube creator Sophia Narwitz. Narwitz made a video about the database, titled "The Entertainment Software Association just doxxed over 2000 journalists and content creators," last week. Narwitz told BuzzFeed News that some members of the media criticized her following her video, accusing her of drawing attention to the list. Making Narwitz's role in this more complicated is her history with the pro-GamerGate subreddit, r/KotakuInAction. She's currently arguing publicly with members of the gaming site Kotaku. Based on screenshots Narwitz tweeted, however, she did attempt to notify ESA about the leak before making her video about it. "I think this whole event shows a stunning level of incompetence on the ESA's part. The file wasn't password protected, it was just in the open for anyone to download with a single click," she said. Harassment against those included on the list appears to have already begun. "ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public," the ESA wrote in a statement provided to Kotaku. "Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this occurrence and have put measures in place to ensure it will not occur again."

Read more of this story at Slashdot.

Categories: Linux fréttir

F-B-Yikes! FBI bod allegedly hid spy camera under desk to snap coworker's upskirt pics

TheRegister - Mon, 2019-08-05 23:15
Of all the places to allegedly try this, the J Edgar Hoover HQ ain't one. In fact, no, no building is good. None of them

An FBI contractor has pleaded not guilty to charges that he installed a camera under a coworker's desk to satisfy his "voyeur" fetish.…

Categories: Linux fréttir

Google Employee Alleges Discrimination Against Pregnant Women In Viral Memo

Slashdot - Mon, 2019-08-05 22:40
A Google employee has written a memo accusing the company of discriminating and retaliating against her for being pregnant. According to Motherboard, the memo has been seen by more than 10,000 employees. From the report: Last week, the woman posted the memo, titled "I'm Not Returning to Google After Maternity Leave, and Here is Why," to an internal company message board for expecting and new mothers. The memo was reposted to other internal message boards and has since gone viral, multiple current Google employees in different parts of the company have told Motherboard. Since then, employees have been posting memes that have gathered thousands of likes. The memes were made in support of the woman on an internal message board called "Memegen." In the memo, which is more than 2,300 words long, the woman says that her manager made discriminatory remarks about pregnant women. She says she reported the manager to human resources, which she alleges spurred retaliation. The woman, who was also a manager, says she eventually joined another team, but wasn't allowed to manage anyone on that team until she returned from maternity leave; she claims she was told that her maternity leave might "stress the team" and "rock the boat." She says that she and her baby had potentially life-threatening complications toward the end of her pregnancy, and that she would need to go on maternity leave earlier than expected. "During one conversation with my new manager in which I reiterated an early leave and upcoming bedrest, she told me that she had just listened to an NPR segment that debunked the benefits of bedrest," she wrote. "She also shared that her doctor had ordered her to take bedrest, but that she ignored the order and worked up until the day before she delivered her son via cesarean section. My manager then emphasized in this same meeting that a management role was no longer guaranteed upon my return from maternity leave, and that she supported my interviewing for other roles at Google." In response, a Google spokesperson sent this statement: "We prohibit retaliation in the workplace and publicly share our very clear policy. To make sure that no complaint raised goes unheard at Google, we give employees multiple channels to report concerns, including anonymously, and investigate all allegations of retaliation."

Read more of this story at Slashdot.

Categories: Linux fréttir

Proposed Bill Would Make Monopolies Pay 'Serious' Fines

Slashdot - Mon, 2019-08-05 22:02
An anonymous reader quotes a report from Ars Technica: The Federal Trade Commission's recent $5 billion settlement with Facebook largely drew two responses. One holds that $5 billion is objectively a large sum of money, while the other holds that, against Facebook's $55 billion 2018 revenue, the penalty amounts to mere drops in the ocean that will go completely unnoticed within the mammoth company. Both takes are true: a fine can be both a very large amount of money and yet also not "enough." The FTC's ability to penalize businesses, though, is limited under existing law. And so a group of Democratic senators has introduced a bill that could change the law in order to let the FTC fine a bad actor big bucks. The proposed law basically seeks to deter anticompetitive and monopolistic behavior by charging great gobs of money against the companies that get caught doing it. Businesses found to be in violation of certain antitrust laws would owe the greater of either 15% of their annual U.S. revenue or 30% of all revenue over the period of time the unlawful behavior took place. Senators Amy Klobuchar (D-Minn.) and Richard Blumenthal (D-Conn.) introduced the bill, which was also cosponsored by senators Dianne Feinstein (D-Calif.) and Ed Markey (D-Mass.).

Read more of this story at Slashdot.

Categories: Linux fréttir

Choc-blocked: AWS sues sales exec for legging it to Google Cloud. Yup, another bitter battle over non-compete clauses

TheRegister - Mon, 2019-08-05 21:54
Amazon demands restraining order preventing bod from jumping ship to Chocolate Factory

Amazon is suing a former AWS sales exec in the US after he suddenly jumped ship to rival Google Cloud, contrary to the non-compete clause in his contract.…

Categories: Linux fréttir

Turkey Moves To Oversee All Online Content, Raises Concerns Over Censorship

Slashdot - Mon, 2019-08-05 21:25
stikves writes: Turkey has granted its radio and television watchdog sweeping oversight over all online content, including streaming platforms like Netflix and online news outlets, in a move that raised concerns over possible censorship. The move was initially approved by Turkey's parliament in March last year, with support from President Tayyip Erdogan's ruling AK Party and its nationalist ally. The regulation, published in Turkey's Official Gazette on Thursday, mandates all online content providers to obtain broadcasting licenses from RTUK, which will then supervise the content put out by the providers. Aside from streaming giant Netflix, other platforms like local streaming websites PuhuTV and BluTV, which in recent years have produced popular shows, will be subject to supervision and potential fines or loss of their license. In addition to subscription services like Netflix, free online news outlets which rely on advertising for their revenues will also be subject to the same measures.

Read more of this story at Slashdot.

Categories: Linux fréttir

Google Pledges Carbon-Neutral Shipping, Recycled Plastic For All Devices

Slashdot - Mon, 2019-08-05 20:45
Alphabet's Google on Monday announced that it would neutralize carbon emissions from delivering consumer hardware by next year and include recycled plastic in each of its products by 2022. From a report: The new commitments step up the competition among tech companies aiming to show consumers and governments that they are curbing the environmental toll from their widening arrays of gadgets. Anna Meegan, head of sustainability for Google's devices and services unit, said in an interview that the company's transport-related carbon emissions per unit fell 40% last year compared to 2017 by relying more on ships instead of planes to move phones, speakers, laptops and other gadgets from factories to customers across the world. The company will offset remaining emissions by purchasing carbon credits, Meegan said.

Read more of this story at Slashdot.

Categories: Linux fréttir

Googlers hate it! This one weird trick lets websites dodge Chrome 76's defenses, detect you're in Incognito mode

TheRegister - Mon, 2019-08-05 20:27
Three key words: File, write, benchmark

A week ago, Google released Chrome 76, which included a change intended to prevent websites from detecting when browser users have activated Incognito mode.…

Categories: Linux fréttir

'There is No Evil Like reCAPTCHA (v3)'

Slashdot - Mon, 2019-08-05 20:05
An anonymous reader shares a post: Like many things that starts out as a mere annoyance, though eventually growing into somewhat of an affliction. One particularly dark and insidious thing has more than reared its ugly head in recent years, and now far more accurately described as an epidemic disease. I'm talking about the filth that is reCAPTCHA. Yes that seemingly harmless question of "Are you a human?" Truly I wish all this called for were sarcastic puns of 'The Matrix' variety but the matter is far more serious. Google describes reCAPTCHA as: "[reCAPTCHA] is a free security service that protects your websites from spam and abuse." However, this couldn't be further from the truth, as reCAPTCHA is actually something that causes abuse. In fact, I would go so far as to say that being subjected to constant reCAPTCHAs is actually an act of human torture and disregard for a person's human right of mental comfort. The author goes on to make several points.

Read more of this story at Slashdot.

Categories: Linux fréttir

Microsoft Launches Azure Security Lab, Doubles Top Bug Bounty To $40,000

Slashdot - Mon, 2019-08-05 19:25
At Black Hat 2019 today, Microsoft announced the Azure Security Lab, a sandbox-like environment for security researchers to test its cloud security. The company also doubled the top Azure bug bounty to $40,000. From a report: Bug bounty programs are a great complement to existing internal security programs. They help motivate individuals and groups of hackers to not only find flaws but disclose them properly, instead of using them maliciously or selling them to parties that will. Microsoft shared today that it has issued $4.4 million in bounty rewards over the past 12 months. The Azure Security Lab takes the idea to the next level. It's essentially a set of dedicated cloud hosts isolated from Azure customers so security researchers can test attacks against cloud scenarios. The isolation means researchers can not only research vulnerabilities in Azure, they can attempt to exploit them.

Read more of this story at Slashdot.

Categories: Linux fréttir

How to avoid getting burned at Black Hat, destroyed at DEF CON or blindsided by Bsides

TheRegister - Mon, 2019-08-05 19:07
The noob's guide to Hacker Summer Camp in Las Vegas

Black Hat It's that time of year again and the world's white, grey and the occasional black-hat hackers descends into the fetid hell that is Las Vegas in August for a week of conferences, community conflabs and catching up with old friends.…

Categories: Linux fréttir

The Beauty of Japan's Lonely Vending Machines

Slashdot - Mon, 2019-08-05 18:46
Jacopo Prisco, writing for CNN: Vending machines are a mainstay of Japanese culture. There are over 5.5 million in the country -- one for every 23 people, the highest ratio in the world. They're ubiquitous and almost always outdoors, making them immediately stand out to anyone visiting Japan. They sell nearly everything -- including some rather peculiar items. Most are stocked with hot and cold drinks. Some have funny English names, like "Pocari Sweat" or "Calpis Water." At night, rather than switching off, the machines come to life with vibrant colors and bright lights. Photographer Eiji Ohashi has spent years photographing them across Japan in the dead of the night, and now he has brought the images together in a book titled "Roadside Lights." For Ohashi, the machines once served as beacons: "I started this project nine years ago, when I noticed a shiny vending machine near my home as I was coming back from my night shift," he said in an email interview. "At the time, I was living in a town in the north of Japan that would get hit by terrible blizzards during the winter months. I'd drive my car in (these) conditions and use the light of the vending machines to guide me."

Read more of this story at Slashdot.

Categories: Linux fréttir

Pages

Subscribe to netserv.is aggregator - Linux fréttir