Linux fréttir

A backdoor, or simply throwing all the doors open?

If the Australian government was hoping its encryption legislation would have a smooth run, it'll probably be disappointed. Not only has the exposure draft landed with a political storm, reactions from technologists range from guarded to sharply critical.…

Los Angeles officials announced Tuesday that the city's subway will become the first mass transit system in the U.S. to install body scanners that screen passengers for weapons and explosives. "The deployment of the portable scanners, which project waves to do full-body screenings of passengers walking through a station without slowing them down, will happen in the coming months, said Alex Wiggins, who runs the Los Angeles County Metropolitan Transportation Authority's law enforcement division," reports the Associated Press reports: The machines scan for metallic and non-metallic objects on a person's body, can detect suspicious items from 30 feet (9 meters) away and have the capability of scanning more than 2,000 passengers per hour. On Tuesday, Pekoske and other officials demonstrated the new machines, which are being purchased from Thruvision, which is headquartered in the United Kingdom. In addition to the Thruvision scanners, the agency is also planning to purchase other body scanners -- which resemble white television cameras on tripods -- that have the ability to move around and hone in on specific people and angles, Wiggins said. Signs will be posted at stations warning passengers they are subject to body scanner screening. The screening process is voluntary, Wiggins said, but customers who choose not be screened won't be able to ride on the subway.

Read more of this story at Slashdot.

Former network engineer gets 18 months in the clink

A former Microsoft network engineer will be spending a sojourn behind bars after pleading guilty to conspiracy to commit money laundering.…

An anonymous reader quotes a report from Motherboard: A new survey by Consumer Reports once again highlights how consumers are responding positively to [community-run broadband networks]. The organization surveyed 176,000 Consumer Reports readers on their experience with their pay TV and broadband providers, and found that the lion's share of Americans remain completely disgusted with most large, incumbent operators. The full ratings are paywalled but available here to those with a Consumer Reports subscription. All the usual suspects including Comcast, Charter (Spectrum), AT&T, Verizon, and Optimum once again fell toward the bottom of the barrel in terms of overall satisfaction, reliability, and value, largely mirroring similar studies from the American Customer Satisfaction Index. One of the lone bright spots for broadband providers was Chattanooga's EPB, a city-owned and utility operated broadband provider we profiled several years back as an example of community broadband done well. The outfit, which Comcast attempted unsuccessfully to sue into oblivion, was the only ISP included in the study that received positive ratings for value. "EPB was the top internet service provider in our telecom ratings two times in the past three years," Christopher Raymond, electronics editor at Consumer Reports told Motherboard. "Consumer Reports members have given it high marks for not only reliability and speed, but also overall value -- and that's a rare distinction in an arena dominated by the major cable companies," he said.

Read more of this story at Slashdot.

According to a report from the Sacramento Bee, officials in Sacramento County have been accessing license plate reader data to track welfare recipients suspected of fraud. The practice dates back to 2016. Gizmodo reports: Sacramento County Department of Human Assistance Director Ann Edwards confirmed to the paper that welfare fraud investigators working under the DHA have used the data for two years on a "case-by-case" basis. Edwards said the DHA pays about $5,000 annually for access to the database. Abbreviated LPR, license plate readers are essentially cameras that upload photographs to a searchable database of images of license plates. If a driver passed by an LPR four times throughout a city, an officer with access would know where and at what time of day. Anyone with access to that data could use it track where someone drove and when, provided they were scanned by the LPR. It's not immediately clear how travel patterns might reveal welfare fraud. As noted by the Electronic Frontier Foundation, welfare fraud is statistically speaking, extremely rare. In 2012, the DHA found only 500 cases of fraud among Sacramento's 193,000 recipients. Following an inquiry from the EFF, the DHA has instituted a privacy policy (one that didn't exist before their initial inquiry) requiring investigators to justify each request for LPR data. The Sacramento Bee reports the DHA accessed the data over a thousand times in two years.

Read more of this story at Slashdot.

Summertiiiiiime, and the hacking is easy

Microsoft and Adobe have teamed up to deliver more than 70 patches with this month's Patch Tuesday scheduled release.…

theodp writes: "Long before phone addiction panic gripped the masses and before screen time became a facet of our wellness and digital detoxes," begins Katie Reid's article, How the Shared Family Computer Protected Us from Our Worst Selves, "there was one good and wise piece of technology that served our families. Maybe it was in the family room or in the kitchen. It could have been a Mac or PC. Chances are it had a totally mesmerizing screensaver. It was the shared family desktop." She continues: "I can still see the Dell I grew up using as clear as day, like I just connected to NetZero yesterday. It sat in my eldest sister's room, which was just off the kitchen. Depending on when you peeked into the room, you might have found my dad playing Solitaire, my sister downloading songs from Napster, or me playing Wheel of Fortune or writing my name in Microsoft Paint. The rules for using the family desktop were pretty simple: homework trumped games; Dad trumped all. Like the other shared equipment in our house, its usefulness was focused and direct: it was a tool that the whole family used, and it was our portal to the wild, weird, wonderful internet. As such, we adored it." Did you have a shared family computer growing up? Can you relate to any of the experiences Katie mentioned in her article? Please share your thoughts in a comment below.

Read more of this story at Slashdot.

But efforts to target boss Ajit Pai are misguided partisanship

Analysis The debacle surrounding a false cyberattack on US federal regulator the FCC is heading to Congress, with politicians accusing its chairman of a "dereliction of duty."…

An anonymous reader quotes a report from TechCrunch: A group of Tinder founders and executives has filed a lawsuit against parent company Match Group and its controlling shareholder IAC. The plaintiffs in the suit include Tinder co-founders Sean Rad, Justin Mateen and Jonathan Badeen -- Badeen still works at Tinder, as do plaintiffs James Kim (the company's vice president of finance) and Rosette Pambakian (its vice president of marketing and communications). The suit alleges that IAC and Match Group manipulated financial data in order to create "a fake lowball valuation" (to quote the plaintiffs' press release), then stripped Rad, Mateen, Badeen and others of their stock options. It points to the removal of Rad as CEO, as well as other management changes, as moves designed "to allow Defendants to control the valuation of Tinder and deprive Tinder optionholders of their right to participate in the company's future success." The lawsuit also alleges that Greg Blatt, the Match CEO who became CEO of Tinder, groped and sexually harassed Pambakian at the company's 2016 holiday party, supposedly leading the company to "whitewash" his actions long enough for him to complete the valuation of Tinder and its merger with Match Group, and then to announce his departure. In response, the plaintiffs are asking for "compensatory damages in an amount to be determined at trial, but not less than $2,000,000,000." IAC and Match Group issued a statement denying the allegations: "...Match Group and the plaintiffs went through a rigorous, contractually-defined valuation process involving two independent global investment banks, and Mr. Rad and his merry band of plaintiffs did not like the outcome. Mr. Rad (who was dismissed from the Company a year ago) and Mr. Mateen (who has not been with the Company in years) may not like the fact that Tinder has experienced enormous success following their respective departures, but sour grapes alone do not a lawsuit make. Mr. Rad has a rich history of outlandish public statements, and this lawsuit contains just another series of them. We look forward to defending our position in court."

Read more of this story at Slashdot.

Vaping can damage vital immune system cells and may be more harmful than previously thought, a study suggests. Researchers found e-cigarette vapour disabled important immune cells in the lung and boosted inflammation. From a report: The researchers "caution against the widely held opinion that e-cigarettes are safe." However, Public Health England advises they are much less harmful than smoking and people should not hesitate to use them as an aid to giving up cigarettes. The small experimental study, led by Prof David Thickett, at the University of Birmingham, is published online in the journal Thorax. Previous studies have focused on the chemical composition of e-cigarette liquid before it is vaped. In this study, the researchers devised a mechanical procedure to mimic vaping in the laboratory, using lung tissue samples provided by eight non-smokers. They found vapour caused inflammation and impaired the activity of alveolar macrophages, cells that remove potentially damaging dust particles, bacteria and allergens.

Read more of this story at Slashdot.

If you happen to have a box of spaghetti in your pantry, try this experiment: Pull out a single spaghetti stick and hold it at both ends. Now bend it until it breaks. How many fragments did you make? If the answer is three or more, pull out another stick and try again. Can you break the noodle in two? If not, you're in very good company. From a report: The spaghetti challenge has flummoxed even the likes of famed physicist Richard Feynman '39, who once spent a good portion of an evening breaking pasta and looking for a theoretical explanation for why the sticks refused to snap in two. Feynman's kitchen experiment remained unresolved until 2005, when physicists from France pieced together a theory to describe the forces at work when spaghetti -- and any long, thin rod -- is bent. They found that when a stick is bent evenly from both ends, it will break near the center, where it is most curved. This initial break triggers a "snap-back" effect and a bending wave, or vibration, that further fractures the stick. Their theory, which won the 2006 Ig Nobel Prize, seemed to solve Feynman's puzzle. But a question remained: Could spaghetti ever be coerced to break in two? The answer, according to a new MIT study, is yes -- with a twist. In a paper published this week in the Proceedings of the National Academy of Sciences, researchers report that they have found a way to break spaghetti in two, by both bending and twisting the dry noodles. They carried out experiments with hundreds of spaghetti sticks, bending and twisting them with an apparatus they built specifically for the task. The team found that if a stick is twisted past a certain critical degree, then slowly bent in half, it will, against all odds, break in two. The researchers say the results may have applications beyond culinary curiosities, such as enhancing the understanding of crack formation and how to control fractures in other rod-like materials such as multifiber structures, engineered nanotubes, or even microtubules in cells.

Read more of this story at Slashdot.

Security is a process that requires hitting people over the head with their errors

Building warnings into crypto libraries that alert developers to unsafe coding practices turns out to be an effective way to improve the security of applications.…

Intel on Tuesday disclosed three more possible flaws in some of its microprocessors that can be exploited to gain access to certain data from computer memory. From a report: Its commonly used Core and Xeon processors were among the products that were affected, the company said. "We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," the company said in a blog post. Intel also released updates to address the issue and said new updates coupled those released earlier in the year will reduce the risk for users, including personal computer clients and data centres. In January, the company came under scrutiny after security researchers disclosed flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel, Advanced Micro Devices and ARM.

Read more of this story at Slashdot.

But it requires custom hardware, firmware and access to your Wi-Fi

DEF CON Hackers have managed to hack Amazon's Echo digital assistant and effectively turn it into a listening device, albeit through a complex and hard-to-reproduce approach.…

From border crossings to hacking conferences, that Bitcoin or political sticker may be worth leaving on a case at home. From a report: Plenty of hackers, journalists, and technologists love to cover their laptop in all manner of stickers. Maybe one shows off their employer, another flaunts that local cryptoparty they attended, or others may display the laptop owner's interest in Bitcoin. That's all well and good, but a laptop lid full of stickers also arguably provides something of a red flag to authorities or hackers who may want to access sensitive information stored on that computer, or otherwise cause the owner hassle. "Conferences, border crossing[s], airports, public places -- stickers will/can get you targeted for opposition research, industrial espionage, legal or investigative scrutiny," Matt Mitchell, director of digital safety and privacy for technology and activism group Tactical Tech, told Motherboard in an online chat. Mitchell said political stickers, for instance, can land you in secondary search or result in being detained while crossing a border. In one case, Mitchell said a hacker friend ended up missing a flight over stickers.

Read more of this story at Slashdot.

Flaw in House Larry's flagship product allows 'complete compromise' of servers

Oracle is advising customers to update their database software following the discovery and disclosure of a critical remote code execution vulnerability.…

Hackers can falsify patients' vitals by emulating data sent from medical equipment clients to central monitoring systems, a McAfee security researcher revealed over the weekend at the DEF CON 26 security conference. BleepingComputer: The research, available here, takes advantage of a weak communications protocol used by some patient monitoring equipment to send data to a central monitoring station. McAfee security researcher Douglas McKee says he was able to reverse engineer this protocol, create a device that emulates patients vitals, and send incorrect information to a central monitoring station. This attack required physical access to the patient, as the attacker needed to disconnect the patient monitoring client and replace it with his own device that feeds incorrect patient vitals to the central station monitored by medical professionals. But McKee also devised another method of feeding central monitoring stations without needing to disconnect the patient monitoring client.

Read more of this story at Slashdot.

secwatcher writes: Google has started rolling out support for built-in lazy loading inside Chrome. Currently, support for image and iframe lazy loading is only available in Chrome Canary, the Chrome version that Google uses to test new features. Two flags are now available in the chrome://flags section of Chrome Canary. They are: chrome://flags/#enable-lazy-image-loading, chrome://flags/#enable-lazy-frame-loading. Enabling these two flags will activate a new type of content loading behavior inside the Chrome browser. The two flags have been available in Chrome Canary for a few days, since v70.0.3521.0.

Read more of this story at Slashdot.

A number of people have reported having their Instagram accounts hacked this month, Mashable reports, and many of these hacks appear to have taken the same approach. From a report: Users suddenly find themselves logged out of their accounts and when they try to log back in, they discover that their handle, profile image, contact info and bios have all been changed. Often the profile image has been changed to a Disney or Pixar character and the email address connected to the account is changed to one with a .ru Russian domain, according to Mashable. Some even had their two-factor authentication turned off by hackers. A handful of Instagram users reported the same details to Mashable as have hundreds of others who have taken to Twitter and Reddit to report hacks of their accounts.

Read more of this story at Slashdot.

Lenovo beefs up beefy desktop replacements - and one is almost Apple-like

Lenovo unloads most of its annual ThinkPad line onto the world at CES in January, for a spring launch. (Here is this year’s.) But the Beijing firm saves one or two surprises for later in the year. And here’s one.…