Network Mirror
In Case of Slashdotting, Break Mirror



And now a word from our sponsors:


Your Ad Here

(The stuff up here is Network Mirror's)
Contact Privacy FAQ News Home

(The stuff down here is mirrored content)



Wisconsin's Prison-Sentencing Algorithm Challenged in Court - Mon Jun 27 03:34:13 2016

"Do you want a computer to help decide a convict's fate?" asks Engadget, telling the story of a Wisconsin convict who "claims that the justice system relied too heavily on its COMPAS algorithm to determine the likelihood of repeat offenses and sentenced him to six years in prison." Sentencing algorithms have apparently been in use for 10 years. His attorneys claim that the code is "full of holes," including secret criteria and generic decisions that aren't as individually tailored as they have to be. For instance, they'll skew predictions based on your gender or age -- how does that reflect the actual offender...?

[T]he court challenge could force Wisconsin and other states to think about the weight they give to algorithms. While they do hold the promise of both preventing repeat offenses and avoiding excessive sentences for low-threat criminals, the American Civil Liberties Union is worried that they can amplify biases or make mistakes based on imperfect law enforcement data.

The biggest issue seems to be a lack of transparency, which makes it impossible to determine whether convicts actually are receiving fair sentences.



Drivers Prefer Autonomous Cars That Don't Kill Them - Mon Jun 27 01:38:02 2016

"A new study shows that most people prefer that self-driving cars be programmed to save the most people in the event of an accident, even if it kills the driver," reports Information Week. "Unless they are the drivers." Slashdot reader MojoKid quotes an article from Hot Hardware about the new study, which was published by Science magazine. So if there is just one passenger aboard a car, and the lives of 10 pedestrians are at stake, the survey participants were perfectly fine with a self-driving car "killing" its passenger to save many more lives in return. But on the flip side, these same participants said that if they were shopping for a car to purchase or were a passenger, they would prefer to be within a vehicle that would protect their lives by any means necessary. Participants also balked at the notion of the government stepping in to regulate the "morality brain" of self-driving cars.
The article warns about a future where "a harsh AI reality may whittle the worth of our very existence down to simple, unemotional percentages in a computer's brain." MIT's Media Lab is now letting users judge for themselves, in a free online game called "Moral Machine" simulating the difficult decisions that might someday have to be made by an autonomous self-driving car.



Religious Hacker Defaces 111 Escort Sites - Sun Jun 26 23:39:53 2016

An anonymous reader shares this article from Softpedia: A religiously-motivated Moroccan hacker has defaced 111 different web sites promoting escort services since last summer as part of an ongoing protest against the industry. "In January, the hacker defaced 79 escort websites," writes Softpedia. "His actions didn't go unnoticed, and on some online forums where escorts and webmasters of these websites met, his name was brought up in discussions and used to drive each other in implementing better Web security. While some webmasters did their job, some didn't. During the past days, the hacker has been busy defacing a new set of escort websites... Most of these websites bare ElSurveillance's defacement message even today... Most of the websites are from the UK."
His newest round of attacks replace the sites with a pro-Palestine message and a quote from the quran, though in January Softpedia reported the attacker was also stealing data from some of the sites about their users' accounts.



Google and Facebook May Be Suppressing 'Extremist' Speech With Copyright Scanners - Sun Jun 26 22:37:28 2016

An anonymous reader quotes this article from The Verge: The systems that automatically enforce copyright laws on the internet may be expanding to block unfavorable speech. Reuters reports that Facebook, Google, and other companies are exploring automated removal of extremist content, and could be repurposing copyright takedown methods to identify and suppress it. It's unclear where the lines have been drawn, but the systems are likely targeted at radical messages on social networks from enemies of European powers and the United States. Leaders in the US and Europe have increasingly decried radical extremism on the internet and have attempted to enlist internet companies in a fight to suppress it.

Many of those companies have been receptive to the idea and already have procedures to block violent and hateful content. Neither Facebook and Google would confirm automation of these efforts to Reuters, which relied on two anonymous sources who are "familiar with the process"... The secret identification and automated blocking of extremist speech would raise new, serious questions about the cooperation of private corporations with censorious governmental interests.

Reuters calls it "a major step forward for internet companies that are eager to eradicate violent propaganda from their sites and are under pressure to do so from governments around the world as attacks by extremists proliferate, from Syria to Belgium and the United States." They also report that the move follows pressure from an anti-extremism group "founded by, among others, Frances Townsend, who advised former president George W. Bush on homeland security, and Mark Wallace, who was deputy campaign manager for the Bush 2004 re-election campaign."



Is The Future Of Television Watching on Fast-Forward? - Sun Jun 26 21:44:15 2016

The average American watches three hours of TV each day, and researchers have found that most people already prefer listening to accelerated speech. "After watching accelerated video on my computer for a few months, live television began to seem excruciatingly slow..." writes the Washington Post's Jeff Guo. "Movie theaters feel suffocating. I need to be able to fast-forward and rewind and accelerate and slow down, to be able to parcel my attention where it's needed..." Slashdot reader HughPickens.com distills some interesting points from Guo's article: You can play DVDs and iTunes purchases at whatever tempo you like, and a Google engineer has written a popular Chrome extension that accelerates most other Web videos, including on Netflix, Vimeo and Amazon Prime. Over 100,000 people have downloaded that plug-in, and the reviews are ecstatic. "Oh my God! I regret all the wasted time I've lived before finding this gem!!" one user wrote.

According to Guo speeding up video is more than an efficiency hack. "I quickly discovered that acceleration makes viewing more pleasurable. "Modern Family" played at twice the speed is far funnier -- the jokes come faster and they seem to hit harder. I get less frustrated at shows that want to waste my time with filler plots or gratuitous violence. The faster pace makes it easier to appreciate the flow of the plot and the structure of the scenes."

Guo writes that "I've come to believe this is the future of how we will appreciate television and movies. We will interrogate videos in new ways using our powers of time manipulation... we will all be watching on our own terms." Will this eventually become much more common? How many Slashdot readers are already watching speeded-up videos?



As It Searches For Suspects, The FBI May Be Looking At You - Sun Jun 26 20:32:12 2016

schwit1 quotes the MIT Technology Review: The FBI has access to nearly 412 million photos in its facial recognition system—perhaps including the one on your driver's license. But according to a new government watchdog report, the bureau doesn't know how error-prone the system is, or whether it enhances or hinders investigations.

Since 2011, the bureau has quietly been using this system to compare new images, such as those taken from surveillance cameras, against a large set of photos to look for a match. That set of existing images is not limited to the FBI's own database, which includes some 30 million photos. The bureau also has access to face recognition systems used by law enforcement agencies in 16 different states, and it can tap into databases from the Department of State and the Department of Defense. And it is in negotiations with 18 other states to be able to search their databases, too...

Adding to the privacy concerns is another finding in the GAO report: that the FBI has not properly determined how often its system makes errors and has not "taken steps to determine whether face recognition systems used by external partners, such as states and federal agencies, are sufficiently accurate" to support investigations.




New C++ Features Voted In By C++17 Standards Committee - Sun Jun 26 19:39:26 2016

New submitter lefticus writes: The upcoming C++17 standard has reached Committee Draft stage, having been voted on in the standards committee meeting in Oulu, Finland this Saturday. This makes C++17 now feature complete, with many new interesting features such as if initializers and structured bindings having been voted in at this meeting.

An [audio] interview with the C++ committee chair, Herb Sutter, about the status of C++17 has also been posted.




A New 'Quake' Episode Appears 20 Years Later - Sun Jun 26 18:36:09 2016

An anonymous reader quotes this report from Motherboard: The months leading up to this year's phenomenal reboot of Doom were stuffed with all kinds of fun developments surrounding the original series, whether it was mods that let you play as Duke Nukem or whole new levels from famed designer John Romero. There's now a new Quake game in the works, and already it appears to be enjoying a similar renaissance. Yesterday MachineGames, the studio behind Wolfenstein: The New Order, released an entirely new episode for the original Quake in celebration of its 20-year anniversary, and you can play it entirely for free.



'Linux vs Windows' Challenge: Phoronix Tests Popular Games - Sun Jun 26 17:32:24 2016

An anonymous reader writes: Michael Larabel at Phoronix has combined their new results from intensive Linux/Windows performance testing for popular games on Intel, AMD, and NVIDIA graphics cards, and at different resolutions. "This makes it easy to see the Linux vs. Windows performance overall or for games where the Linux ports are simply rubbish and performing like crap compared to the native Windows game." The games tested included Xonotic, Tomb Raider, Grid Autosport, Dota 2, Middle-earth: Shadow of Mordor, F1 2015, and Company of Heroes 2 -- and the results were surprising.

Xonotic v0.8 outperformed Windows with a NVIDIA card, but "The poor Xonotic performance on Linux with the Intel driver was one of the biggest surprises from yesterday's article. It's not anything we've seen with the other drivers." And while testing on the Source 2 engine revealed that Valve's Dota 2 "is a quality Linux port," most of the other results were disappointing -- regardless of the graphics card and driver. "Tomb Raider on Linux performs much worse than the Windows build regardless of your driver/graphics card... Shadow of Mordor's relative Linux performance is more decent than many other Linux games albeit still isn't running at the same speeds as the Windows games..."

The article concludes with a note of optimism. "Hopefully in due time with the next generation of games making use of Vulkan...we'll see better performance relative to Windows." Have Slashdot readers seen any performance issues while playing games on Linux?



Remember When You Could Call the Time? - Sun Jun 26 16:39:22 2016

An article on The Atlantic this week takes a stroll down the memory lane. It talks about phone services that people could call for knowing the time. The service, according to the article, was quite popular in 1980s. But many of them don't exist now. For instance, Verizon discontinued the line -- as well as its telephone weather service -- in 2011. But what's fascinating is that some of these services still exist, and are getting more traction than many of us would've imagined. From the article:"We get 3 million calls per year!" said Demetrios Matsakis, the chief scientist for time services at the Naval Observatory. "And there's an interesting sociology to it. They don't call as much on the weekend, and the absolute minimum time they call is Christmas. On big holidays, people don't care about the time. But we get a big flood of calls when we switch to Daylight [saving] time and back." As it turns out, people have been telephoning the time for generations. In the beginning, a telephone-based time service must have seemed like a natural extension of telegraph-based timekeeping -- but it would have been radical in its own way, too, because it represented a key shift to an on-demand service. In the 19th century, big railroad companies had used the telegraph to transmit the time to major railway stations. By the early 20th century, people could simply pick up the telephone and ask a human operator for the time.


IRS Gets Hacked Again, Forced To Scrap Their Entire PIN System - Sun Jun 26 15:36:25 2016

The IRS has abandoned a system of PIN numbers used when filing tax returns online after they detected "automated attacks taking place at an increasing frequency," adding that only "a small number" of taxpayers were affected. An anonymous reader quotes the highlights from Engadget: The IRS chose not to kill the tool back in February, since most commercial tax software products use it... If you'll recall, identity thieves used malware to steal taxpayers' info from other websites, which was then used to generate 100,000 PINs, back in February... This time, the IRS detected "automated attacks taking place at an increasing frequency" thanks to the additional defenses it added after that initial hack... the agency determined that it would be safer to give up on a verification method that's scheduled for the chopping block anyway.



After Death, Hundreds of Genes Spring Back to Life - Sun Jun 26 14:43:31 2016

Two surprising studies reveal new information about what genes do after death. Slashdot reader gurps_npc writes: You think your body stops after death, but up to two days later certain genes may turn on and start doing stuff for another two days before they give up the ghost. We are all zombies for up to four days after death.
Gizmodo reports that in fact "hundreds" of genes apparently spring back to life. "[P]revious work on human cadavers demonstrated that some genes remain active after death, but we had no idea as to the extent of this strange phenomenon."


Axiom Plans A New Private-Sector Outpost in Space - Sun Jun 26 13:39:51 2016

A seed-funded company named Axiom wants to build a private-sector outpost in orbit by launching a new module for the International Space Station, according to an article on Space News. Once on the station, Axiom Space would use it for commercial purposes, ranging from research to tourism. [Former space station manager] Suffredini said that it would also be available for use by NASA when the company is not using it, helping the process of transitioning research done on the International Space Station to future private stations. Research hardware elsewhere in the station could eventually be moved to this module to allow its continued use after the station's retirement.
Slashdot reader MarkWhittington shares an article from Blasting News: In the meantime, Nanoracks, a company that is already handling some of the logistics for the ISS, is proposing a commercial airlock for the ISS. The development of commercial space stations, as well as commercial spacecraft such as the SpaceX Dragon and the Boeing Starliner, constitutes NASA's long-term strategy of handing off low-Earth orbit to the private sector while it concentrates on deep space exploration.



Star Trek Actor's Death Inspires Class Action Against Car Manufacturer - Sun Jun 26 11:31:32 2016

Anton Yelchin, who played Chekov in the new Star Trek movies, was killed Sunday when his own vehicle rolled backwards. Now Slashdot reader ripvlan writes: It has recently emerged that his vehicle was a Jeep. As discussed on Slashdot previously consumers are having a hard time knowing if the vehicle is in "Park." A new class action lawsuit is gaining momentum... Also Maserati has a similar system and can join the class action.
In fact, Maserati "is recalling about 13,000 sedans that have the same sort of gear shifter that was used in the Jeep that killed Yelchin," according to CNN Money, and Chrysler Fiat had in fact already filed a recall notice with federal regulators in April for Yelchin's band of Jeep, "but owners had only received a warning and not an official recall notice at the time of Yelchin's death". The lawsuit claims Chrysler "fraudulently concealed and failed to remedy a gear shifter design defect affecting 811,000 vehicles and linked to driverless rollaway incidents," including 2014-2015 Jeep Grand Cherokees, 2012-2014 Chrysler 300s, and 2012-2014 Dodge Chargers.



Vacationing Security Researcher Exposes Austrian ATM Skimmer - Sun Jun 26 07:40:21 2016

While vacationing with his family in Vienna, Ben Tedesco (from security company Carbon Black) discovered an ATM skimmer "in the wild", perfectly crafted to look like the original card reader. New submitter rmurph04 shares Ben's story: I went to grab some cash from an ATM. Being security paranoid, I repeated my typical habit of checking the card reader with my hand as I have hundreds of times. Today's the day when my security awareness paid off!
Ben's blog post includes a video demonstrating the ATM skimmer, as well as close-ups showing the device had its own control board, strip reader, and even its own battery.



UK Tech Sector Reacts To Brexit: Some Anticipate Slow Down, Some Contemplate Relocation - Sun Jun 26 03:39:40 2016

In the aftermath of the United Kingdom voting to leave the European Union, UK's technology industry is reassessing its position, with many of them considering moving to a continental location. According to reports, Samsung, LG, and Acer have noted that the UK leaving the EU will affect their operations. From a BBC report:As news of Brexit broke, tech firms including BT, TalkTalk and software firm Sage reported share price falls. [...] "I have concerns that the local market might slow down," said Drew Benvie, founder of London-based digital agency Battenhall. From a report on The Guardian:Britain's financial technology sector is particularly hard-hit, with the prospect of losing access to European markets an unappealing one. "Fintech" has long been one of the UK's most promising growth areas, in part due to London's position as the financial capital of Europe. [...] Not one of the 14 billion-dollar tech firms based in the UK the Guardian asked said leaving the EU would be good for their business.Toby Coppel, the co-founder of venture capital firm Mosaic, said: "The next entrepreneur who's 22 years old, graduating from a technical university in Germany may, instead of moving to London to do their Fintech startup, decide to go to Berlin instead. I think that's one of the biggest concerns I have about the trajectory of the London technical ecosystem."


ECMAScript 2016: New Version of JavaScript Language Released - Sun Jun 26 01:37:51 2016

An anonymous Slashdot reader writes: Ecma International, the organization in charge of managing the ECMAScript standard, has published the most recent version of the JavaScript language. ECMAScript 2016 (ES7 or JavaScript 7th Edition in the old naming scheme) comes with very few new features. The most important is that JavaScript developers will finally get a "raise to the power" operator, which was mysteriously left out of the standard for 20 years. The operator is **...
It will also become much easier to search for data in a JavaScript array with Array.prototype.includes(), but support for async functions (initially announced for ES2016), has been deferred until next year's release. "From now on, expect smaller changelogs from the ECMAScript team," reports Softpedia, "since this was the plan set out last year. Fewer breaking changes means more time to migrate code, instead of having to rewrite entire applications, as developers did when the mammoth ES6 release came out last year."



Ubuntu-Based Peppermint 7 Released - Sat Jun 25 23:41:53 2016

Softpedia reports on the newest version of Peppermint OS, "a lightweight, stable, elegant, and fast computer operating system based on GNU/Linux and Open Source technologies." An anonymous Slashdot reader quotes their report: It's a bit earlier than expected, but the Peppermint OS 7 GNU/Linux distribution has been officially unveiled...based on the Ubuntu 16.04 LTS (Xenial Xerus) operating system [with] a lot of packages from the Ubuntu 16.04 LTS distro, which means that it will also be a long-term support release.... "Along with the shift to the 16.04 (Xenial) code base, Peppermint 7 continues our policy of choosing the best components from other desktop environments, wherever that may be, and integrating them into a cohesive whole with our own software," reads today's announcement.
"Team Peppermint" says they're switching to Firefox as their default browser for site-specific browser functionality (similar to Chrome's -app mode) after Google dropped their 32-bit version of Chrome and moved to PPAPI plugins "which effectively ends Flash support in 32-bit Chromium"... But you can also still choose Chrome or Chromium for site-specific browsing (and the OS comes in 32-bit and 64-bit editions).



Why Are Hackers Increasingly Targeting the Healthcare Industry? - Sat Jun 25 22:39:01 2016

Slashdot reader Orome1 shares an article by Bitdefender's senior "e-threat analyst," warning about an increasing number of attacks on healthcare providers: In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identity theft. This personal data often contains information regarding a patient's medical history, which could be used in targeted spear-phishing attacks...and hackers are able to access this data via network-connected medical devices, now standard in high-tech hospitals. This is opening up new possibilities for attackers to breach a hospital or a pharmaceutical company's perimeter defenses.

If a device is connected to the internet and left vulnerable to attack, an attacker could remotely connect to it and use it as gateways for attacking network security... The majority of healthcare organizations have often been shown to fail basic security practices, such as disabling concurrent login to multiple devices, enforcing strong authentication and even isolating critical devices and medical data storing servers from a direct internet connection.

The article suggests the possibility of attackers tampering with the equipment that dispenses prescription medications, in which case "it is likely that future cyber-attacks could lead to the loss of human life."



Lenovo Warns Users To Upgrade Pre-Installed Tool With Severe Security Holes - Sat Jun 25 21:34:45 2016

Long-time Slashdot reader itwbennett writes: Lenovo is advising users to upgrade to version 3.3.003 of Lenovo Solution Center (LSC), which includes fixes for two high-severity vulnerabilities in the tool. [The tool] allows users to check their system's virus and firewall status, update their Lenovo software, perform backups, check battery health, get registration and warranty information and run hardware tests.

The CVE-2016-5249 vulnerability allows an attacker who already has control of a limited account on a PC to execute malicious code via the privileged LocalSystem account. And the CVE-2016-5248 vulnerability allows any local user to send a command to LSC.Services.SystemService in order to kill any other process on the system, privileged or not.



Crypto Ransomware Attacks Have Jumped 500% In The Last Year - Sat Jun 25 20:31:53 2016

Kaspersky Lab is reporting that the last year saw a 500% increase in the number of users who encountered crypto ransomware. Trailrunner7 shares an article from On The Wire: Data compiled by Kaspersky researchers from the company's cloud network shows that from April 2015 to March 2016, the volume of crypto ransomware encountered by users leapt from 131,111 to 718,536. That's a massive increase, especially considering the fact that ransomware is a somewhat mature threat. It didn't just burst onto the scene a couple of years ago. Kaspersky's researchers said the spike in crypto ransomware can be attributed to a small group of variants. "Looking at the malware groups that were active in the period covered by this report, it appears that a rather short list of suspects is responsible for most of the trouble caused by crypto-ransomware..."

It's difficult to overstate how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself. The FBI has been warning users about crypto ransomware for some time now, and has consistently advised victims not to pay any ransoms. Security researchers have been publishing decryption tools for specific ransomware variants and law enforcement agencies have had some success in taking down ransomware gangs.

Enterprise targets now account for 13% of ransomware attacks, with attackers typically charging tens of thousands of dollars, the article reports, and "Recent attacks on networks at the University of Calgary and Hollywood Presbyterian Medical Center have demonstrated the brutal effectiveness of this strategy."



Why You Should Stop Using Telegram Right Now - Sat Jun 25 19:40:05 2016

Earlier this week, The Intercept evaluated the best instant messaging clients from the privacy standpoint. The list included Facebook's WhatsApp, Google's Allo, and Signal -- three apps that employ end-to-end encryption. One popular name that was missing from the list was Telegram. A report on Gizmodo sheds further light on the matter, adding that Telegram is riddled with a wide range of security issues, and "doesn't live up to its proclamations as a safe and secure messaging application." Citing many security experts, the report states:One major problem Telegram has is that it doesn't encrypt chats by default, something the FBI has advocated for. "There are many Telegram users who think they are communicating in an encrypted way, when they're not because they don't realize that they have to turn on an additional setting," Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. "Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if it's not turned on by default, it doesn't matter."The other issue that security experts have taken a note of is that Telegram employs its own encryption, which according to them, "is widely considered to be a fatal flaw when developing encrypted messaging apps." The report adds:"They use the MTproto protocol which is effectively homegrown and I've seen no proper proofs of its security," Alan Woodward, professor at the University of Surrey told Gizmodo. Woodward criticized Telegram for their lack of transparency regarding their home cooked encryption protocol. "At present we don't know enough to know if it's secure or insecure. That's the trouble with security by obscurity. It's usual for cryptographers to reveal the algorithms completely, but here we are in the dark. Unless you have considerable experience, you shouldn't write your own crypto. No one really understands why they did that."The list goes on and on.



Austin Is Conducting Sting Operations Against Ride-Sharing Drivers - Sat Jun 25 18:48:16 2016

Since the Uber and Lyft ride-sharing apps stopped service in Austin, drunk driving has increased, riders are hunting for alternatives, and the police are conducting undercover sting operations against unauthorized ride-sharing drivers. With Chicago also considering new restrictions on ride-sharing apps, Slashdot reader MarkWhittington shares this report from Austin: With thousands of drivers and tens of thousands of riders who once depended on ride-sharing services in a lurch, a group called Arcade City has tried to fill the void with a person-to-person site to link up drivers and riders who then negotiate a fare. Of course, according to a story on KVUE, the Austin city government, and the police are on the case. The Austin Police Department has diverted detectives and resources to conduct sting operations on ride-sharing drivers who attempt to operate without official sanction. Undercover operatives will arrange for a ride with an Arcade City driver and then bust them, impounding their vehicle and imposing a fine.
"The first Friday and Saturday after Uber was gone, we were joking that it was like the zombie apocalypse of drunk people," one former ride-sharing driver told Vocative.com. Earlier this month the site compared this year's drunk driving arrests to last years -- and discovered that in the three weeks since Uber and Lyft left Austin, 7.5% more people have been arrested for drunk driving.



Artificially Intelligent Russian Robot Escapes...Again - Sat Jun 25 17:39:25 2016

Slashdot reader Taco Cowboy brings a new report about Russian robot IR77, which has escaped from its research lab again... The story goes that an engineer working at Promobot Laboratories, in the Russian city of Perm, had left a gate open. Out trundled Promobot, traveling some 150 feet into the city before running out of juice. There it sat, batteries mostly dead, in the middle of a Perm street for 40 minutes, slowing cars to a halt and puzzling traffic cops

A researcher at Promobot's facility in Russia said that the runaway robot was designed to interact with human beings, learn from experiences, and remember places and the faces of everyone it meets. Other versions of the Promobot have been docile, but this one just can't seem to fall in line, even after the researchers reprogrammed it twice. Despite several rewrites of Promobot's artificial intelligence, the robot continued to move toward exits. "We have changed the AI system twice," Kivokurtsev said. "So now I think we might have to dismantle it".

Fans of the robot are pushing for a reprieve, according to an article titled 'Don't kill it!': Runaway robot IR77 could be de-activated because of 'love for freedom'



Web Petition For 2nd EU Referendum Draws Huge Interest - Sat Jun 25 16:36:26 2016

From an Associated Press report:An online petition seeking a second referendum on a British exit from the Europe Union has drawn more than 1.6 million names, a measure of the extraordinary divisiveness of Thursday's vote to leave the 28-nation bloc. The online petition site hosted by the House of Commons website even crashed Friday under the weight of the activity as officials said they'd seen unprecedented interest in the measure, which calls on the government to implement a rule that stating if that if "remain" or "leave" camps won less than 60 percent of the vote with less than a 75 percent turnout "there should be another referendum."According to reports, this is the biggest surge of support Parliament's website has ever seen. Looking at the keywords people were hitting up on Google after the news first broke, it was clear that a considerable portion of the population was clueless about the whole situation.



Java, PHP, NodeJS, and Ruby Tools Compromised By Severe Swagger Vulnerability - Sat Jun 25 15:34:41 2016

"Researchers have discovered a vulnerability within the Swagger specification which may place tools based on NodeJS, PHP, Ruby, and Java at risk of exploit," warns ZDNet's blog Zero Day, adding "the severe flaw allows attackers to remotely execute code." Slashdot reader msm1267 writes: A serious parameter injection vulnerability exists in the Swagger Code Generator that could allow an attacker to embed executable code in a Swagger JSON file. The flaw affects NodeJS, Ruby, PHP, Java and likely other programming languages. Researchers at Rapid7 who found the flaw disclosed details...as well as a Metasploit module and a proposed patch for the specification. The matter was privately disclosed in April, but Rapid7 said it never heard a response from Swagger's maintainers.

Swagger produces and consumes RESTful web services APIs; Swagger docs can be consumed to automatically generate client-server code. As of January 1, the Swagger specification was donated to the Open API Initiative and became the foundation for the OpenAPI Specification. The vulnerability lies in the Swagger Code Generator, and specifically in that parsers for Swagger documents (written in JSON) don't properly sanitize input. Therefore, an attacker can abuse a developer's trust in Swagger to include executable code that will run once it's in the development environment.




From File-Sharing To Prison: The Story of a Jailed Megaupload Programmer - Sat Jun 25 14:42:14 2016

An anonymous reader writes: "I had to be made an example of as a warning to all IT people," says former Megaupload programmer Andrew Nomm, one of seven Megaupload employees arrested in 2012. Friday his recent interview with an Estonian journalist was republished in English by Ars Technica (which notes that at one point the 50 million users on Megaupload's file-sharing site created 4% of the world's internet traffic). The 37-year-old programmer pleaded guilty to felony copyright infringement in exchange for a one-year-and-one-day sentence in a U.S. federal prison, which the U.S. Attorney General's office called "a significant step forward in the largest criminal copyright case in US history."

"It turned out that I was the only defendant in the last 29 years to voluntarily go from the Netherlands to the USA..." Nomm tells the interviewer, adding "I'll never get back the $40,000 that was seized by the USA." He describes his experience in the U.S. prison system after saying good-bye to his wife and 13-year-old son, adding that now "I have less trust in all sorts of state affairs, especially big countries. I saw the dark side of the American dream in all its glory..."

In U.S. court documents Nomm "acknowledged" that the financial harm to copyright holders "exceeded $400 million."



Snowden Finally Identified As Target of Investigation That Ended Lavabit - Sat Jun 25 13:38:20 2016

An anonymous reader quotes a report from The Washington Times: Three years after a government investigation forced the shuttering of Lavabit, a Texas-based email provider, its CEO revealed Friday that an account belonging to Edward Snowden spurred the probe that put his company out of business. "Ladar Levison shut down his encrypted webmail service in August 2013 amid an FBI investigation focused on one of his company's nearly half-a-million customers," reports The Washington Times. "A gag-order that has just recently been vacated in federal has legally prevented him up until now from confirming the account in question was registered to none other than the NSA contractor attributed with one of the largest intelligence leaks in U.S. history. U.S. District Judge Claude Hilton nullified the mandatory non-disclosure orders in a June 13 court filing that went unnoticed until Lavabit released a statement Friday. Officially, the consent order approved by Judge Hilton in the Eastern District of Virginia earlier this month removes all gag-orders concerning Lavabit and Mr. Levison with regards to a grand jury investigation that led the FBI to Mr. Snowdenâ(TM)s email account. 'While Iâ(TM)m pleased that I can finally speak freely about the target of the investigation, I also know the fight to protect our collective freedom is far from over,' Mr. Levison said in a statement. He said he plans to discuss the case further during the DefCon security conference in Las Vegas this summer."



NASA Approves Five More Years For Hubble Space Telescope - Sat Jun 25 10:07:43 2016

An anonymous reader quotes a report from New Scientist: NASA has announced plans to extend operations of the famous space telescope for another five years, through to June 2021. That means it will still be on the job when its successor, the James Webb Space Telescope (JWST) launches in 2018, giving astronomers a dual view of the universe. "Hubble is expected to continue to provide valuable data into the 2020s, securing its place in history as an outstanding general-purpose observatory in areas ranging from our solar system to the distant universe," said a NASA statement. Squeezing more life out of Hubble means it will overlap with NASA's next big telescope, JWST when it launches in 2018. While Hubble sees the cosmos in visible and ultraviolet light, JWST operates in the infrared. The various wavelengths can reveal different aspects of stars and galaxies, so using the scopes in tandem will enable astronomers to study the heavens in even greater detail.



Sweden Tests World's First Electric Road For Trucks - Sat Jun 25 07:07:34 2016

Kristine Lofgren writes: Electric vehicles are cool, but for industrial vehicles it can be a challenge to get very far on just electric power. That's why Sweden is testing out an electric road where e-vehicles can jump on, get juiced while they travel, and get back on the road. The country just opened a two kilometer test stretch in Sandviken on the E16 where electric vehicles can connect to an overhead system that is very similar to light rail. It's another exciting step towards a fossil fuel-free Sweden. Trucks can use the electric power while riding on the special electric road system -- on regular roads they operate as hybrid vehicles. The testing is scheduled to take place until 2018, which should give the country enough time to see how the technology functions in the real world. Sweden's energy and sustainable growth agencies will fund the project in addition to the transport administration.



New Apps Let Women Obtain Birth Control Without Visiting a Doctor - Sat Jun 25 03:37:43 2016

HughPickens.com writes: With nearly 40 percent of all pregnancies in the United States unintended, birth control is a critical public health issue. For short-term methods, visiting the doctor for a prescription can be time-consuming and sometimes costly and for some, like teenagers, it can be intimidating or embarrassing. Now Pam Belluck reports at the NYT that a growing assortment of new apps and websites now make it possible to get prescription contraceptives without going to the doctor as public health experts hope the new apps will encourage more women to start, or restart, using contraception and help reduce the country's stubbornly high rate of unintended pregnancies, as well as the rate of abortions. At least six digital ventures, by private companies and nonprofits, including Planned Parenthood, now provide prescriptions written by clinicians after women answer questions about their health online or by video. All prescribe birth control pills, and some prescribe patches, rings and morning-after pills and some ship contraceptives directly to women's doors. "At first I didn't believe it," said Susan Hashem, who wanted to restart birth control pills without missing work for a doctor's appointment. Hashem used an app called Lemonaid and paid $15 for a doctor to review her medical information and send a pill prescription to a local pharmacy. "I thought it was just a setup to get money," Hashem said. But after she answered the health questions one evening, "a doctor actually contacted me after office hours," and the next morning, she picked up three months' worth of pills.


Robot Pizza Company 'Zume' Wants To Be 'Amazon of Food' - Sat Jun 25 01:30:12 2016

kheldan writes: Do you want robots making your pizza? Alex Garden, co-founder and executive chairman of Mountain View startup Zume, is betting you will. Garden, the former president of Zynga Studios, was previously a general manager of Microsoft's Xbox Live. Garden launched Zume in stealth mode last June, when he began quietly recruiting engineers under a pseudonym and building his patented trucks in an unmarked Mountain View garage. In September, he brought on Julia Collins, a 37-year-old restaurant veteran. She became chief executive officer and a co-founder. Collins was previously the vice president and CEO of Harlem Jazz Enterprises, the holding company for Minton's, a historic Harlem eatery. The company consists of an army of robot sauce-spreaders and trucks packed full of ovens. "In the back of Mountain View's newest pizzeria, Marta works tirelessly, spreading marinara sauce on uncooked pies. She doesn't complain, takes no breaks, and has never needed a sick day. She works for free." The pie then "travels on a conveyer belt to human employees who add cheese and toppings." From there, "The decorated pies are then scooped off the belt by a 5-foot tall grey automation, Bruno, who places each in a 850-degree oven. For now, the pizzas are fully cooked and delivered to customers in branded Fiats painted with slogans, including: 'You want a piece of this?' and 'Not part of the sharing economy.'" Garden says, "We are going to be the Amazon of food. [...] Just imagine Domino's without the labor component. You can start to see how incredibly profitable that can be."



Scientists Force Computer To Binge On TV Shows and Predict What Humans Will Do - Sat Jun 25 00:56:04 2016

An anonymous reader quotes a report from GeekWire: Researchers have taught a computer to do a better-than-expected job of predicting what characters on TV shows will do, just by forcing the machine to study 600 hours' worth of YouTube videos. The researchers developed predictive-vision software that uses machine learning to anticipate what actions should follow a given set of video frames. They grabbed thousands of videos showing humans greeting each other, and fed those videos into the algorithm. To test how much the machine was learning about human behavior, the researchers presented the computer with single frames that showed meet-ups between characters on TV sitcoms it had never seen, including "The Big Bang Theory," "Desperate Housewives" and "The Office." Then they asked whether the characters would be hugging, kissing, shaking hands or exchanging high-fives one second afterward. The computer's success rate was 43 percent. That doesn't match a human's predictive ability (72 percent), but it's way better than random (25 percent) as well as the researchers' benchmark predictive-vision programs (30 to 36 percent). The point of the research is to create robots that do a better job of anticipating what humans will do. MIT's Carl Vondrick and his colleagues are due to present the results of their experiment next week at the International Conference on Computer Vision and Pattern Recognition in Las Vegas. "[The research] could help a robot move more fluidly through your living space," Vondrick told The Associated Press. "The robot won't want to start pouring milk if it thinks you're about to pull the glass away." You can watch their YouTube video to learn more about the experiment.



NASCAR Team Pays Ransomware Fee To Recover Files Worth $2 Million - Sat Jun 25 00:14:20 2016

An anonymous reader writes: "NASCAR team Circle Sport-Leavine Family Racing (CSLFR) revealed today it faced a ransomware infection this past April when it almost lost access to crucial files worth nearly $2 million, containing car parts lists and custom high-profile simulations that would have taken 1,500 man-hours to replicate," reports Softpedia. "The infection took place on the computer belonging to CSLFR's crew chief. Winston's staff detected the infection when encrypted files from Winston's computer began syncing to their joint Dropbox account." It was later discovered that he was infected with the TeslaCrypt ransomware. Because the team had no backups of the crucial data, they eventually paid the ransom (around $500). This happened before TeslaCrypt's authors decided to shut down their operations and release free decryption keys.



You Could Be Paid To Post Snapchat Selfies With Products, Patent Filing Suggests - Fri Jun 24 23:21:20 2016

An anonymous reader writes: According to Snapchat's latest patent filings, the company could begin paying users to post photos and videos. Los Angeles Times reports: "The filings reveal that Snapchat automatically could analyze annotations on an image, including text and digital stickers, to prompt users to place their image in a collective gallery. In other words, people who type some variation of 'Clippers!!!' on top of their photo during a Clippers basketball game would have access to a library of images related to the game. Especially intriguing, the company could use computer vision technology to identify objects in an image -- say, a Coke bottle -- to encourage a user to share the shot in a Coca-Cola-sponsored story. Contributors could walk away with cash through a flat fee or some other deal based on views or sales generated by the story. The idea in the patent filing also would give advertisers an official way to compensate people for creative posts, compared with the usual strategy of paying top users to turn their personal accounts into an ad. Other types of automatically generated galleries mentioned in the patent application include stories based on a time stamp, temperature or movement. People could definite their own categories too. Curation of the galleries could be optional, with object recognition and text analysis as potential ways to filter inappropriate submissions. Users who get into audio timeline could get paid too, the patent filing states."



Oculus Ditches DRM Hurdle, Allows HTC Vive Games On Rift Again - Fri Jun 24 22:50:08 2016

An anonymous reader writes: After changing its DRM to exclude ReVive last month, Oculus has changed its mind again and is now allowing HTC Vive games to play on the Oculus Rift. "We continually revise our entitlement and anti-piracy systems, and in the June update we've removed the check for Rift hardware from the entitlement check. We won't use hardware checks as part of DRM on PC in the future," Oculus VR said. "We believe protecting developer content is critical to the long-term success of the VR industry, and we'll continue taking steps in the future to ensure that VR developers can keep investing in ground-breaking new VR content." VentureBeat reports: "ReVive developers have acted quickly following the removal of the check. An update to the software has been posted on GitHub to bring it back in line, meaning you'll now be able to access the games that were previously available without jumping through extra hoops. Perhaps even more games might work going forward. CrossVR, one of the system's developers, took to Reddit to thank Oculus for the decision. 'I'm delighted to see this change and I hope it can generate a lot of goodwill for Oculus.' CrossVR said."



Surface 3 Stocks Dwindling As Microsoft Plans System's Demise - Fri Jun 24 22:07:48 2016

An anonymous reader writes: Microsoft's Surface 3 may be coming to an end. Brad Sams at Thurrott.com reports that many versions of the Surface 3 are listed as being out of stock in Microsoft's online store, with no expected availability. He notes that the only version in stock online is the version with 2GB RAM/64GB storage/LTE. There's more availability in-store, but stock appears to be limited overall. What this generally means is that manufacturing is slowing down or going to stop entirely. In a statement, Microsoft said: "Since launching Surface 3 over a year ago, we have seen strong demand and satisfaction amongst our customers. Inventory is now limited and by the end of December 2016, we will no longer manufacture Surface 3 devices." It's possible a Surface 3 successor is right around the corner, although Ars Technica notes "there hasn't even been the merest hint of a rumor about such a device." The Surface 3 is being powered by a Cherry Trail Atom processor, which hasn't seen a major upgrade or replacement since they were released in the first quarter of 2015. "Without new processors, there's little reason to update the Surface 3 line," writes Ars. Microsoft could equip the Surface 3 successor with a Core M processor, but the implications of that decision would likely cause the device's price to shoot up or cause the device's quality to significantly decrease. Microsoft may simply abandon the segment entirely and focus strictly on the Surface Pro line.



Valve Faces Lawsuit Over Video Game Gambling - Fri Jun 24 21:24:30 2016

An anonymous reader writes from a report via Bloomberg: Valve's Counterstrike: Global Offensive game is being sued for its role in the multibillion-dollar gambling economy that has fueled the game's popularity. Michael John McLeod filed a lawsuit Thursday in the U.S. District Court in Connecticut alleging that Valve violated gambling laws and engaged in racketeering with a handful of off-shore gambling companies. McLeod, who has been gambling on CS:GO since 2014, is asking for class-action status for the suit. The suit was first reported by Polygon and doesn't give a specific request for damages, nor does it say how much money he lost by betting on the site. According to Bloomberg: "Valve provided for money, technical support, and advice to such websites as CSGO Lounge and Diamonds, which take bets, and OPSkins, which runs a market where virtual goods are traded and can be redeemed for cash." Valve has yet to respond to the suit.



Apple Won't Collect Your Data For Its AI Services Unless You Let It - Fri Jun 24 20:49:46 2016

Apple doesn't like collecting your data. This is one of iPhone maker's biggest selling points. But this approach has arguably acted as a major roadblock for Apple in its AI and bots efforts. With iOS 10, the latest version of company's mobile operating system, Apple announced that it will begin collecting a range of new information as it seeks to make Siri and iPhone as well as other apps and services better at predicting the information its owner might want at a given time. Apple announced that it will be collecting data employing something called differential privacy. The company wasn't very clear at the event, which caused confusion among many as to what data Apple is exactly collecting. But now it is offering more explanation. Recode reports:As for what data is being collected, Apple says that differential privacy will initially be limited to four specific use cases: New words that users add to their local dictionaries, emojis typed by the user (so that Apple can suggest emoji replacements), deep links used inside apps (provided they are marked for public indexing) and lookup hints within notes. Apple will also continue to do a lot of its predictive work on the device, something it started with the proactive features in iOS 9. This work doesn't tap the cloud for analysis, nor is the data shared using differential privacy.Additionally, Recode adds that Apple hasn't yet begun collecting data, and it will ask for a user's consent before doing so. The company adds that it is not using a users' cloud-stored photos to power its image recognition feature.



Netflix to Soon Let Users Download Videos, Says Report - Fri Jun 24 20:06:46 2016

Karl Bode, writing for DSLReport:Netflix will soon let users download and store videos locally, according to Penthera (a Pittsburgh-based firm that focuses on delivery of HD media to mobile devices by storing content on the recipient device) COO Dan Taitz and a report over at Light Reading. Taitz told the outlet that it shouldn't be long before the feature arrives. Netflix has been working harder to help consumers manage broadband caps, and being able to download a video on Wi-Fi for later viewing would go a long way in helping users (especially on wireless networks) that consistently find themselves hamstrung by their monthly usage allotments. "We know from our sources within the industry that Netflix is going to launch this product," Taitz tells the outlet. "My expectation is that by the end of the year Netflix will be launching download-to-go as an option for their customers."Bold move, if it does happen.



Piracy Phishing Scam Targets US ISPs and Subscribers - Fri Jun 24 19:23:12 2016

According to a report on TorrentFreak, an elaborate piracy phishing operating is tageting US ISPs and subscribers. Scammers are reportedly masquerading as anti-piracy company IP-Echelon and rightholders such as Lionsgate to send fake DMCA notices and settlement demands to ISPs. From the report:TorrentFreak was alerted to a takedown notice Lionsgate purportedly sent to a Cox subscriber, for allegedly downloading a pirated copy of the movie Allegiant. Under threat of a lawsuit, the subscriber was asked to pay a $150 settlement fee. This request is unique as neither Lionsgate nor its tracking company IP-Echelon is known to engage in this practice. When we contacted IP-Echelon about Lionsgate's supposed settlement offer, we heard to our surprise that these emails are part of a large phishing scam, which has at least one large ISPs fooled. "The notices are fake and not sent by us. It's a phishing scam," IP-Echelon informed TorrentFreak. For a phishing scam the fake DMCA notice does its job well. At first sight the email appears to be legit, and for Cox Communications it was real enough to forward it to their customers.U.S. law enforcement has been notified and is currently investigating the matter.



Russia Lawmakers Pass Spying Law That Requires Encryption Backdoors, Call Surveillance - Fri Jun 24 18:40:57 2016

A bill that was proposed recently in the Russian Duma to make cryptographic backdoors mandatory in all messaging apps, has passed. Patrick Howell O'Neill, reports for DailyDot:A massive surveillance bill is now on its way to becoming law in Russia. The "anti-terrorism" legislation includes a vast data-eavesdropping and -retention program so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost. Additionally, all internet firms have to provide mandatory backdoor access into encrypted communications for the FSB, the Russian intelligence agency and successor to the KGB. The bill, with support from the ruling United Russia party, passed Friday in the Duma, Russia's lower legislative house, with 277 votes for, 148 against, and one abstaining. It now moves to Russia's Federal Council and the Kremlin, where it's expected to pass into law.



Net Neutrality Advocates To FCC: Put the Kibosh On Internet Freebies - Fri Jun 24 18:09:32 2016

An anonymous reader cites a CNET report:Net neutrality advocates demand action. Representatives from Fight the Future, the Center for Media Justice and Free Press on Friday hand-delivered a 6-foot tall package containing 100,000 letters of complaint to the Federal Communications Commission. They ask the agency to take action against AT&T, Comcast, T-Mobile and Verizon for violating the agency's Open Internet order by offering so-called zero-rating service plans. While the practice offers some benefits to customers, critics say it violates the agency's Net neutrality principles, which requires all services on the internet be treated the same. They claim it puts smaller competitors at a disadvantage and highlights the fact that data caps are unnecessary. Carriers say they are simply experimenting with new business models that will make their service more affordable for consumers.



In the Aftermath Of Brexit, British Google About Irish Passport, Meaning Of EU, and Why it All Happened - Fri Jun 24 17:36:37 2016

As the world makes peace with the news that the United Kingdom has voted to leave the European Union, people in the UK are increasingly trying to figure out what this means. Google noted on Twitter late Thursday that "What is the EU?" was the second top UK question on the EU since the news broke, with "Why did Britain leave the EU?" being the first. The questions also speak volume about the awareness of the issue among them. Understandably, some people also resorted to the search engine to look for Irish passports. "Getting an Irish passport" keywords saw a 100% surge.


FBI Is Classifying Its Tor Browser Exploit Because 'National Security' - Fri Jun 24 16:42:51 2016

Joseph Cox, reporting for Motherboard:Defense teams across the US have been trying to get access to a piece of malware the FBI used to hack visitors of a child pornography site. None have been successful at obtaining all of the malware's code, and the government appears to have no intention of handing it over. Now, the FBI is classifying the Tor Browser exploit for reasons of national security, despite the exploit already being used in normal criminal investigations well over a year ago. Experts say it indicates a lack of organization or technical capabilities within the FBI. "The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide," government attorneys wrote in a filing earlier this month. It came in response to the defense of Gerald Andrew Darby, who is charged with child pornography offenses.



Chrome Bug Makes It Easy To Download Movies From Netflix and Amazon Prime - Fri Jun 24 16:10:20 2016

A vulnerability found in Chrome by researchers allows people to save copies of movies and TV shows from streaming websites such as Netflix and Amazon Prime. From a Gizmodo report:The vulnerability, first reported by Wired (Editor's note: Wired blocks adblockers), takes advantage of the Widevine EME/CDM technology that Chrome uses to stream encrypted video from content providers. Researchers David Livshits from the Cyber Security Research Center at Ben-Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories discovered a way to hijack streaming video from the decryption module in the Chrome browser after content has been sent from services like Netflix or Amazon Prime. The researchers created a proof-of-concept (which is currently the only evidence of the exploit) to show how easily they could illegally download streaming video once CDM technology has decrypted it.Google was notified of the bug last month but is yet to patch it.


$4 Android Smartphone From India To Begin Shipping Next Week - Fri Jun 24 15:38:01 2016

Earlier this year, an Indian smartphone company called Ringing Bells unveiled the Freedom 251, an entry-level Android smartphone that was priced at Rs. 251 (roughly $3.7 USD). It didn't take long for the company to stir controversy -- soon after media got the device, they learned that Ringing Bells had disguised Adcom Ikon 4s (retail price: $60) as the Freedom 251 smartphone for marketing and media reviewing purposes. The company at the time noted that it was just a sample device. Furthermore, it was clear that components in the sample device alone would cost more than Rs. 2,000 ($30). Ringing Bells, standing by its earlier commitment, has now announced that it will begin shipping the Freedom 251 handset starting next week.

The Freedom 251 unit which will ship to consumers reportedly features dual-SIM capability, 1GB of RAM, a 1.3GHz SoC from an unnamed chipset maker, 8GB of internal storage, an 8-megapixel rear camera, 3.2-megapixel front-facing shooter and a 1,800mAh battery. How did the company manage to get the price of the handset this cheap? In a separate interview with Times of India, the company noted that it has partnered with a number of software firms to pre-install their apps on the phone.



'Godless' Apps, Some Found In Google Play, Root 90% Of Android Phones - Fri Jun 24 14:50:33 2016

Dan Goodin, reporting for ArsTechnica:Researchers have detected a family of malicious apps, some that were available in Google Play, that contain malicious code capable of secretly rooting an estimated 90 percent of all Android phones. In a recently published blog post, antivirus provider Trend Micro said that Godless, as the malware family has been dubbed, contains a collection of rooting exploits that works against virtually any device running Android 5.1 or earlier. That accounts for an estimated 90 percent of all Android devices. Members of the family have been found in a variety of app stores, including Google Play, and have been installed on more than 850,000 devices worldwide. Godless has struck hardest at users in India, Indonesia, and Thailand, but so far less than 2 percent of those infected are in the US. Once an app with the malicious code is installed, it has the ability to pull from a vast repository of exploits to root the particular device it's running on. In that respect, the app functions something like the many available exploit kits that cause hacked websites to identify specific vulnerabilities in individual visitors' browsers and serve drive-by exploits.Affected apps that have been spotted in Google Play, Android's marquee app store, are largely flashlight, Wi-Fi apps, as well as copies of popular games.



Malware Can Use Fan Noise To Steal Data From Air-Gapped Systems - Fri Jun 24 14:19:00 2016

Reader Orome1 writes: For the last few years, researchers from Ben-Gurion University of the Negev have been testing up new ways to exfiltrate data from air-gapped computers: via mobile phones, using radio frequencies ("AirHopper"); using heat ("BitWhisper"), using rogue software ("GSMem") that modulates and transmits electromagnetic signals at cellular frequencies. The latest version of the data-exfiltration attack against air-gapped computers involves the machine's fans. Dubbed "Fansmitter," the attack can come handy when the computer does not have speakers, and so attackers can't use acoustic channels to get the info.An anonymous reader adds:Malicious applications use the noise emanated by a computer fan's speed to relay information to a nearby recording device and steal data from air-gapped, isolated systems. The attack relies on selecting a fan speed to represent binary "1" and another for binary "0". A specially crafted malware can alter the CPU, GPU or chassis fan speed between these two frequencies and provide a method to relay data from infected systems. Attackers can then place microphones or smartphones to record the sound coming from the infected machine and steal the data. The attack works for distances of one to four meters, and operates in the 100-600 Hz frequency that can be picked up by the human year. Choosing smaller fan speeds or fan speeds that are closer together can make the attack harder to pick up by a human, but also makes it susceptible to background noise.



Study Finds Password Misuse In Hospitals Is 'Endemic' - Fri Jun 24 13:04:35 2016

chicksdaddy writes from a report via The Security Ledger: Hospitals are pretty hygienic places -- except when it comes to passwords, it seems. That's the conclusion of a recent study by researchers at Dartmouth College, the University of Pennsylvania and USC, which found that efforts to circumvent password protections are "endemic" in healthcare environments and mostly go unnoticed by hospital IT staff. The report describes what can only be described as wholesale abandonment of security best practices at hospitals and other clinical environments -- with the bad behavior being driven by necessity rather than malice. "In hospital after hospital and clinic after clinic, we find users write down passwords everywhere," the report reads. "Sticky notes form sticky stalagmites on medical devices and in medication preparation rooms. We've observed entire hospital units share a password to a medical device, where the password is taped onto the device. We found emergency room supply rooms with locked doors where the lock code was written on the door -- no one wanted to prevent a clinician from obtaining emergency supplies because they didn't remember the code." Competing priorities of clinical staff and information technology staff bear much of the blame. Specifically: IT staff and management are often focused on regulatory compliance and securing healthcare environments. They are excoriated for lapses in security that result in the theft or loss of data. Clinical staff, on the other hand, are focused on patient care and ensuring good health outcomes, said Ross Koppel, one of the authors of the report, who told The Security Ledger. Those two competing goals often clash. "IT want to be good guys. They're not out to make life miserable for the clinical staff, but they often do," he said.



BlackBerry Remains Committed To Smartphone Business, Despite $670M Net Loss In Last Three Months - Fri Jun 24 10:03:38 2016

AchilleTalon writes: BlackBerry CEO John Chen refuses to give up on the company's hardware business despite lackluster sales of its first Android-powered smartphone, the Priv. The Canadian smartphone maker reported a $670 million net loss in the first quarter of its 2017 financial year, but said its recovery plan for the year remains on track. Chen, who has stated the company's No. 1 goal is to make its smartphone device business profitable this fiscal year, said he expects the company's new mobility solutions segment to break even or record a slight profit during the third quarter, which ends Nov. 30, 2016. During BlackBerry's first quarter -- second full quarter to include Priv sales -- the company sold roughly 500,000 devices at an average price of $290 each, he said, which is about 100,000 smartphones fewer than the previous quarter and about 200,000 fewer than two quarters earlier. Previously, the company said it needs to sell about three million phones at an average of $300 each to break even, though Chen indicated that may change as the software licensing business starts to contribute to revenue.



BBC: UK Votes To Leave The European Union - Fri Jun 24 09:52:06 2016

An anonymous reader quotes a report from the BBC: The UK has voted by 52% to 48% to leave the European Union after 43 years in a historic referendum, a BBC forecast suggests. London and Scotland voted strongly to stay in the EU but the remain vote has been undermined by poor results in the north of England. Voters in Wales and the English shires have backed Brexit in large numbers. The referendum turnout was 71.8% -- with more than 30 million people voting -- the highest turnout since 1992. London has voted to stay in the EU by around 60% to 40%. However, no other region of England has voted in favor of remaining. Britain would be the first country to leave the EU since its formation -- but a leave vote will not immediately mean Britain ceases to be a member of the 28-nation bloc. That process could take a minimum of two years, with Leave campaigners suggesting during the referendum campaign that it should not be completed until 2020 -- the date of the next scheduled general election. The prime minister will have to decide when to trigger Article 50 of the Lisbon Treaty, which would give the UK two years to negotiate its withdrawal. Once Article 50 has been triggered a country can not rejoin without the consent of all member states. British Prime Minister David Cameron is under pressure to resign as a result of the decision. UK Independence Party (UKIP) leader Nigel Farage called on him to quit "immediately." One labor source said, "If we vote to leave, Cameron should seriously consider his position." Several pro-Leave Conservatives including Boris Johnson and Michael Gove have signed a letter to Mr. Cameron urging him to stay no matter the decision. Mr. Cameron did say he would trigger Article 50 as soon as possible after a leave vote.

Update 6/24 09:33 GMT: David Cameron has resigned.



BBC: UK Votes To Leave The European Union - Fri Jun 24 09:38:49 2016

An anonymous reader quotes a report from the BBC: The UK has voted by 52% to 48% to leave the European Union after 43 years in a historic referendum, a BBC forecast suggests. London and Scotland voted strongly to stay in the EU but the remain vote has been undermined by poor results in the north of England. Voters in Wales and the English shires have backed Brexit in large numbers. The referendum turnout was 71.8% -- with more than 30 million people voting -- the highest turnout since 1992. London has voted to stay in the EU by around 60% to 40%. However, no other region of England has voted in favor of remaining. Britain would be the first country to leave the EU since its formation -- but a leave vote will not immediately mean Britain ceases to be a member of the 28-nation bloc. That process could take a minimum of two years, with Leave campaigners suggesting during the referendum campaign that it should not be completed until 2020 -- the date of the next scheduled general election. The prime minister will have to decide when to trigger Article 50 of the Lisbon Treaty, which would give the UK two years to negotiate its withdrawal. Once Article 50 has been triggered a country can not rejoin without the consent of all member states. British Prime Minister David Cameron is under pressure to resign as a result of the decision. UK Independence Party (UKIP) leader Nigel Farage called on him to quit "immediately." One labor source said, "If we vote to leave, Cameron should seriously consider his position." Several pro-Leave Conservatives including Boris Johnson and Michael Gove have signed a letter to Mr. Cameron urging him to stay no matter the decision. Mr. Cameron did say he would trigger Article 50 as soon as possible after a leave vote.

Update 09:33 GMT June 24th: David Cameron has resigned.



BBC: UK Votes To Leave The European Union - Fri Jun 24 06:06:36 2016

An anonymous reader quotes a report from the BBC: The UK has voted by 52% to 48% to leave the European Union after 43 years in a historic referendum, a BBC forecast suggests. London and Scotland voted strongly to stay in the EU but the remain vote has been undermined by poor results in the north of England. Voters in Wales and the English shires have backed Brexit in large numbers. The referendum turnout was 71.8% -- with more than 30 million people voting -- the highest turnout since 1992. London has voted to stay in the EU by around 60% to 40%. However, no other region of England has voted in favor of remaining. Britain would be the first country to leave the EU since its formation -- but a leave vote will not immediately mean Britain ceases to be a member of the 28-nation bloc. That process could take a minimum of two years, with Leave campaigners suggesting during the referendum campaign that it should not be completed until 2020 -- the date of the next scheduled general election. The prime minister will have to decide when to trigger Article 50 of the Lisbon Treaty, which would give the UK two years to negotiate its withdrawal. Once Article 50 has been triggered a country can not rejoin without the consent of all member states. British Prime Minister David Cameron is under pressure to resign as a result of the decision. UK Independence Party (UKIP) leader Nigel Farage called on him to quit "immediately." One labor source said, "If we vote to leave, Cameron should seriously consider his position." Several pro-Leave Conservatives including Boris Johnson and Michael Gove have signed a letter to Mr. Cameron urging him to stay no matter the decision. Mr. Cameron did say he would trigger Article 50 as soon as possible after a leave vote.



Apple Discontinues Thunderbolt Display - Fri Jun 24 03:36:04 2016

An anonymous reader writes: Apple has officially told several news sites that it plans to discontinue the Thunderbolt Display, which has been available online and in Apple retail stores since it was first introduced in 2011. "We're discontinuing the Apple Thunderbolt Display. It will be available through Apple.com, Apple's retail stores and Apple Authorized Resellers while supplies last. There are a number of great third-party options available for Mac users," said an Apple spokesperson. Rumors suggest that Apple will launch a new version of its Thunderbolt monitor later this year, featuring an upgraded 5K resolution and discrete GPU. The new Thunderbolt Display may even launch alongside next-generation Skylake Retina MacBook Pros, which too are rumored to be released later this year. fyngyrz writes: So, bought into the whole Thunderbolt monitor thing from Apple? Might want to collect a few right now, while you still can. It appears that the Thunderbolt monitor is going the way of the analog [headphone] jack over at Apple. Isn't it fun to be part of an unsuccessful experiment?