Senate Votes To Kill FCC's Broadband Privacy Rules

technology - Posted On:2017-03-23 13:45:00 Source: slashdot

The Senate voted 50-48 along party lines Thursday to repeal an Obama-era law that requires internet service providers to obtain permission before tracking what customers look at online and selling that information to other companies. PCWorld adds: The Senate's 50-48 vote Thursday on a resolution of disapproval would roll back Federal Communications Commission rules requiring broadband providers to receive opt-in customer permission to share sensitive personal information, including web-browsing history, geolocation, and financial details with third parties. The FCC approved the regulations just five months ago. Thursday's vote was largely along party lines, with Republicans voting to kill the FCC's privacy rules and Democrats voting to keep them. The Senate's resolution, which now heads to the House of Representatives for consideration, would allow broadband providers to collect and sell a "gold mine of data" about customers, said Senator Bill Nelson, a Florida Democrat. Read more of this story at Slashdot.

Read More

WikiLeaks' New Dump Shows How The CIA Allegedly Hacked Macs and iPhones Almost a Decade Ago

it - Posted On:2017-03-23 12:15:00 Source: slashdot

WikiLeaks said on Thursday morning it will release new documents it claims are from the Central Intelligence Agency which show the CIA had the capability to bug iPhones and Macs even if their operating systems have been deleted and replaced. From a report on Motherboard: "These documents explain the techniques used by CIA to gain 'persistenc'' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware," WikiLeaks stated in a press release. EFI and UEFI is the core firmware for Macs, the Mac equivalent to the Bios for PCs. By targeting the UEFI, hackers can compromise Macs and the infection persists even after the operating system is re-installed. The documents are mostly from last decade, except a couple that are dated 2012 and 2013. While the documents are somewhat dated at this point, they show how the CIA was perhaps ahead of the curve in finding new ways to hacking and compromising Macs, according to Pedro Vilaca, a security researcher who's been studying Apple computers for years. Judging from the documents, Vilaca told Motherboard in an online chat, it "looks like CIA were very early adopters of attacks on EFI." Read more of this story at Slashdot.

Read More

LastPass Bugs Allow Malicious Websites To Steal Passwords

it - Posted On:2017-03-22 20:59:59 Source: slashdot

Earlier this month, a Slashdot reader asked fellow Slashdotters what they recommended regarding the use of password managers. In their post, they voiced their uncertainty with password managers as they have been hacked in the past, citing an incident in early 2016 where LastPass was hacked due to a bug that allowed users to extract passwords stored in the autofill feature. Flash forward to present time and we now have news that three separate bugs "would have allowed a third-party to extract passwords from users visiting a malicious website." An anonymous Slashdot reader writes via BleepingComputer: LastPass patched three bugs that affected the Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. All bugs were reported by Google security researcher Tavis Ormandy, and all allowed the theft of user credentials, one bug affecting the LastPass Chrome extension, while two impacted the LastPass Firefox extension [1, 2]. The exploitation vector was malicious JavaScript code that could be very well hidden in any online website, owned by the attacker or via a compromised legitimate site. Read more of this story at Slashdot.

Read More

GNOME 3.24 Released

technology - Posted On:2017-03-22 18:14:59 Source: slashdot

prisoninmate quotes a report from Softpedia: GNOME 3.24 just finished its six-month development cycle, and it's now the most advanced stable version of the modern and popular desktop environment used by default in numerous GNU/Linux distributions. It was developed since October 2016 under the GNOME 3.23.x umbrella, during which it received numerous improvements. Prominent new features of the GNOME 3.24 desktop environment include a Night Light functionality that promises to automatically shift the colors of your display to the warmer end of the spectrum after sunset, and a brand-new GNOME Control Center with redesigned Users, Keyboard and Mouse, Online Accounts, Bluetooth, and Printer panels. As for the GNOME apps, we can mention that the Nautilus file manager now lets users browse files as root (system administrator), GNOME Photos imitates Darktable's exposure and blacks adjustment tool, GNOME Music comes with ownCloud integration and lets you edit tags, and GNOME Calendar finally brings the Week view. New apps like GNOME Recipes are also part of this release. The full release notes can be viewed here. Softpedia notes in conclusion: "As mentioned before, it will take at least a couple of weeks for the new GNOME 3.24 packages to land on the stable repositories of your favorite distro, which means that you'll most probably be able to upgrade from GNOME 3.22 when the first point release, GNOME 3.24.1, is out on April 12, 2017." Read more of this story at Slashdot.

Read More

Nintendo Is Repairing Left Joy-Cons With ... a Piece of Foam?

it - Posted On:2017-03-22 16:44:59 Source: slashdot

While Nintendo remains silent on the issue of some left Joy-Con controllers becoming desynced from the Switch console, it appears it has a solution for those affected. No, it's not avoidance of aquariums or all other wireless devices; instead, it's apparently as simple as a foam sticker placed in the right spot. From a report: Early reviews and, later, actual retail units of the Nintendo Switch highlighted an apparent hardware flaw in the design of the left Joy-Con controller. In certain scenarios -- like when played some distance from the console using the Joy-Con Grip -- some left Joy-Cons could lose sync and players would find themselves unable to accurately control what's happening on the screen. While a day one console update fixed this issue for some, it's remained for others and Nintendo has done little to assuage would-be consumers that it's solved the issue for good. But, a Joy-Con sent in for repair by CNET's Sean Hollister was returned with one small enhancement a week later and -- lo and behold -- it works. That enhancement: A small piece of conductive foam. Read more of this story at Slashdot.

Read More

Plans For London-Paris Electric Flight in 'Next Decade' Unveiled

technology - Posted On:2017-03-22 16:15:00 Source: slashdot

A start-up has unveiled ambitious plans to offer an electric-powered commercial flight between London and Paris in the next ten years. From a report: Wright Electric believes the proposed low-emission electric plane would offer a cheaper alternative to jet fuel for airlines and consumers. However, the start-up's bid to revolutionize short-haul flights relies on the continued advancement of battery technology. The company, who pitched to investors this week, would be forced to switch to a hybrid of aviation fuel and electricity if the advances in battery technology fail to materialise. Read more of this story at Slashdot.

Read More

Ebay Asks Users To Downgrade Security

it - Posted On:2017-03-22 15:30:00 Source: slashdot

Ebay has started to inform customers who use a hardware key fob when logging into the site to switch to receiving a one-time code sent via text message. The move from the company, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is "a downgrade to a less-secure option," say security reporter Brian Kerbs. He writes: In early 2007, PayPal (then part of the same company as Ebay) began offering its hardware token for a one-time $5 fee, and at the time the company was among very few that were pushing this second-factor (something you have) in addition to passwords for user authentication. I've still got the same hardware token I ordered when writing about that offering, and it's been working well for the past decade. Now, Ebay is asking me to switch from the key fob to text messages, the latter being a form of authentication that security experts say is less secure than other forms of two-factor authentication (2FA). The move by Ebay comes just months after the National Institute for Standards and Technology (NIST) released a draft of new authentication guidelines that appear to be phasing out the use of SMS-based two-factor authentication. Read more of this story at Slashdot.

Read More

Cord-Cutting Isn't Nearly as Significant as Cable Providers Make It Out To Be

technology - Posted On:2017-03-22 14:15:00 Source: slashdot

From a report on CNBC: Despite legacy media's anxieties about cord-cutting, data suggest that the phenomenon isn't nearly as significant as cable providers make it out to be. In its 11th annual "Digital Democracy Survey," Deloitte found that the percentage of American households that subscribe to paid television services has remained relatively stable since 2012, even as adoption of streaming services has accelerated. In its survey of 2,131 consumers, Deloitte said two-thirds of respondents reported they have kept their TV subscriptions because they're bundled with their internet plan. Kevin Westcott, vice chairman and U.S. media and entertainment leader at Deloitte, told CNBC that bundling seems to be a huge deterrent for cord cutting. Read more of this story at Slashdot.

Read More

Google Contemplating Removing Chrome 'Close Other Tabs' and 'Close Tabs to the Right' Options

technology - Posted On:2017-03-22 13:30:00 Source: slashdot

An anonymous reader shares a report: Chrome engineers are planning to remove two options from Chrome that allow users to quickly close a large number of tabs with just a few clicks. The options, named "Close other tabs" and "Close tabs to the right" reside in the menu that appears when a user right-clicks on a Chrome tab. According to an issue on the Chromium project spotted yesterday by a Reddit user, Google engineers planned to remove to menu options for many years even before opening the Chromium issue, dated itself to July 31, 2015. After several years of inactivity and no decision, things started to move again in September 2016, when usage statistics confirmed that Chrome users rarely used the two options they initially wanted to remove. Seeing no new discussions past this point, Chromium engineers assigned the issue in February, meaning engineers are getting ready to remove the two menu options it in future Chromium builds. Read more of this story at Slashdot.

Read More

Reddit To Transform Into a Social Network With New Profile Pages

technology - Posted On:2017-03-22 09:14:56 Source: slashdot

An anonymous reader quotes a report from Digital Journal: Reddit has announced it has begun trialling a radical new profile page design that's reminiscent of Facebook and Twitter. It will evolve the discussion board site towards being a social network by enabling users to post directly to their new profile page. At present, posts on Reddit have to be directed into a specific sub-Reddit community. You can't simply write a post and have it appear across the network which can make it difficult to get your voice heard. Unless you've got some reputation in a relevant sub-Reddit, your posts may end up going unnoticed. That could soon change. Last night, Reddit announced it's working on a drastic revision of its user profile page experience. The site has commenced testing of an early version of the design. According to a report from Reuters, just three "high-profile" users currently have access to the feature. When the new pages are eventually opened up to all, they'll showcase the user's profile picture and description. Below the header, posts from the user will be publicly displayed. The user will be able to add new posts to their page, without submitting to a sub-Reddit. Users will be able to follow each other to stay informed of new posts, effectively creating a social network atmosphere above the discussion boards. Read more of this story at Slashdot.

Read More

Microsoft's Edge Was Most Hacked Browser At Pwn2Own 2017, While Chrome Remained Unhackable

technology - Posted On:2017-03-21 21:00:00 Source: slashdot

At the Pwn2Own 2017 hacking event, Microsoft's Edge browser proved itself to be the least secure browser at the event, after it was hacked no less than five times. Google's Chrome browser, on the other hand, remained unhackable during the contest. Tom's Hardware reports: On the first day, Team Ether (Tencent Security) was the first to hack Edge through an arbitrary write in the Chakra JavaScript engine. The team also used a logic bug in the sandbox to escape that, as well. The team got an $80,000 prize for this exploit. On the second day, the Edge browser was attacked fast and furious by multiple teams. However, one was disqualified for using a vulnerability that was disclosed the previous day. (The teams at Pwn2Own are supposed to only use zero-day vulnerabilities that are unknown to the vendor. Two other teams withdrew their entries against Edge. However, Team Lance (Tencent Security) successfully exploited Microsoft's browser using a use-after-free (UAF) vulnerability in Chakra, and then another UAF bug in the Windows kernel to elevate system privileges. The exploit got the team $55,000. Team Sniper (Tencent Security) also exploited Edge and the Windows kernel using similar techniques, which gained this team the same amount of money, as well. The most impressive exploit by far, and also a first for Pwn2Own, was a virtual machine escape through an Edge flaw by a security team from "360 Security." The team leveraged a heap overflow bug in Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape. The team hacked its way in via the Edge browser, through the guest Windows OS, through the VM, all the way to the host operating system. This impressive chained-exploit gained the 360 Security team $105,000. The fifth exploit against Edge was done by Richard Zhu, who used two UAF bugs--one in Edge and one in a Windows kernel buffer overflow--to complete the hack. The attack gained Zhu $55,000. At last year's Pwn2Own 2016, Edge proved to be more secure than Internet Explorer and Safari, but it still ended up getting hacked twice. Chrome was only partially hacked once, notes Tom's Hardware. Read more of this story at Slashdot.

Read More

Walmart Unveils 'Store No. 8' Tech Incubator In Silicon Valley

technology - Posted On:2017-03-21 20:15:00 Source: slashdot

An anonymous reader quotes a report from Bloomberg: Wal-Mart Stores Inc. is creating a technology-startup incubator in Silicon Valley to identify changes that will reshape the retail experience, including virtual reality, autonomous vehicle and drone delivery and personalized shopping. The incubator will be called Store No. 8, a reference to a Wal-Mart location where the company experimented with new store layouts. Marc Lore, chief executive officer of Wal-Mart's e-commerce operations, announced the incubator Monday at the ShopTalk conference in Las Vegas. The world's biggest retailer has been overhauling its online team to better challenge Amazon.com Inc. with greater selection and lower prices. Lore founded Jet.com, which Wal-Mart purchased in September for about $3.3 billion in pursuit of Amazon in the e-commerce race. Lore said Wal-Mart has an advantage over "pure play" e-commerce companies because of its large network of stores that attract shoppers for such items as fresh food. The incubator will partner with startups, venture capitalists and academics to promote innovation in robotics, virtual and augmented reality, machine learning and artificial intelligence, according to Wal-Mart. The goal is to have a fast-moving, separate entity to identify emerging technologies that can be developed and used across Wal-Mart. Read more of this story at Slashdot.

Read More

Burglars Can Easily Make Google Nest Security Cameras Stop Recording

technology - Posted On:2017-03-21 18:44:59 Source: slashdot

Orome1 quotes a report from Help Net Security: Google Nest's Dropcam, Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor security cameras can be easily disabled by an attacker that's in their Bluetooth range. The vulnerabilities are present in the latest firmware version running on the devices (v5.2.1). They were discovered by researcher Jason Doyle last fall, and their existence responsibly disclosed to Google, but have still not been patched. The first two flaws can be triggered and lead to a buffer overflow condition if the attacker sends to the camera a too-long Wi-Fi SSID parameter or a long encrypted password parameter, respectively. Triggering one of these flaws will make the devices crash and reboot. The third flaw is a bit more serious, as it allows the attacker to force the camera to temporarily disconnect from the wireless network to which it is connected by supplying it a new SSID to connect to. If that particular SSID does not exist, the camera drops its attempt to associate with it and return to the original Wi-Fi network, but the whole process can last from 60 to 90 seconds, during which the camera won't be recording. Nest has apparently already prepared a patch but hasn't pushed it out yet. (It should be rolling out "in the coming days.") Read more of this story at Slashdot.

Read More

Who's Liable For Decisions AI and Robotics Make?

technology - Posted On:2017-03-21 16:44:59 Source: slashdot

An anonymous reader shares a BetaNews article: Reuters news agency reported on February 16 that "European lawmakers called [...] for EU-wide legislation to regulate the rise of robots, including an ethical framework for their development and deployment and the establishment of liability for the actions of robots including self-driving cars." The question of determining "liability" for decision making achieved by robots or artificial intelligence is an interesting and important subject as the implementation of this technology increases in industry, and starts to more directly impact our day to day lives. Indeed, as application of Artificial Intelligence and machine learning technology grows, we are likely to witness how it changes the nature of work, businesses, industries and society. And yet, although it has the power to disrupt and drive greater efficiencies, AI has its obstacles: the issue of "who is liable when something goes awry" being one of them. Like many protagonists in industry, Members of the European Parliament (MEPs) are trying to tackle this liability question. Many of them are calling for new laws on artificial intelligence and robotics to address the legal and insurance liability issues. They also want researchers to adopt some common ethical standards in order to "respect human dignity." Read more of this story at Slashdot.

Read More

AMD Confirms It's Issuing a Fix To Stop New Ryzen Processors From Crashing Desktops

technology - Posted On:2017-03-21 16:15:00 Source: slashdot

AMD says the company has been able to figure out why FMA3 code is causing system hangs on PCs using a new Ryzen desktop processor. From a report: Although AMD didn't provide a detailed report on the problem's root cause, the company said that BIOS changes will be distributed to motherboard manufacturers to resolve the issue. Customers are encouraged to keep an eye on their motherboard vendor's website for an update. "We are aware of select instances where FMA code can result in a system hang," the company said. "We have identified the root cause." AMD released three Ryzen-branded desktop processors at the beginning of March that plug into motherboards based on AMD's new AM4 socket. The trio of processors include the Ryzen 7 1800X, the Ryzen 7 1700X, and the Ryzen 7 1700. However, all three reportedly cause a hard system lock when running certain FMA3 workloads. The problem was replicated across all three processors and a variety of motherboards. Read more of this story at Slashdot.

Read More

Microsoft Outlook, Skype, OneDrive Hit By Another Authentication Issue

technology - Posted On:2017-03-21 15:30:00 Source: slashdot

Two weeks after a widespread authentication issue hit Outlook, Skype, OneDrive, Xbox and other Microsoft services, it's happening again. From a report: On March 21, users across the world began reporting via Twitter that they couldn't sign into Outlook.com, OneDrive and Skype, (and possibly more). I, myself, am unable to sign into Outlook.com, OneDrive or Skype at 2:30 pm ET today, but my Office 365 Mail account is working fine. (Knock wood.) I believe the issue started about an hour ago, or 1:30 p.m. ET or so. MSA is Microsoft's single sign-on service which authenticates users so they can log into their various Microsoft services. As happened two weeks ago, Skype Heartbeat site, has posted a message noting that users may be experiencing problems sending messages and signing in. Read more of this story at Slashdot.

Read More

Android O First Developer Preview Featuring Notification Channels, Background Limits Now Available

technology - Posted On:2017-03-21 14:45:00 Source: slashdot

A year after Google released the Android N Developer Preview, the company has made available the developer preview of the next major version of Android, "Android O." You will not want to put it on your primary Android smartphone as the preview is likely to have rough edges. Google says as much. "it's early days, there are more features coming, and there's still plenty of stabilization and performance work ahead of us. But it's booting :)." The company is using the developer preview to give beta testers a sneak peek into some new features, such as "notification channels," which will offer users the ability to group notifications. There is also Picture in Picture, which will enable you to have a video appear in a small window on top of homescreen or any application. Google is also adding "multi-display support" and improved "keyboard navigation." Your guess is as good as mine as to what these features will actually do. There's also better "background limits" which will supposedly help save battery, and wider Wi-Fi support to include things like Neighborhood Aware Networking (NAN). No word on what "O" in Android O stands for. Read more of this story at Slashdot.

Read More

Microsoft Just Showed Off Exactly What Salesforce Was Worried About

technology - Posted On:2017-03-21 13:30:00 Source: slashdot

Microsoft just took a direct swipe at Salesforce with a new enterprise-ready version of LinkedIn's customer relationship management product called Sales Navigator. From a report on CNBC: "Today's announcements take Sales Navigator to the next level," Doug Camplejohn, LinkedIn sales solutions head of product, said in a blog. The new product steps up competition with arch rival Salesforce. Microsoft beat out Salesforce to acquire Linkedin for $26.2 billion -- by far the company's largest acquisition to date -- in June. Salesforce CEO Marc Benioff was so concerned, he accused the company of "anti-competitive behavior" and urged regulators to investigate. Flash-forward less than a year and Microsoft's new Sales Navigator Enterprise Edition incorporates many features aimed at turning LinkedIn into a must-have tool for sales teams at big companies. Read more of this story at Slashdot.

Read More

Google To Revamp Policies, Hire Staff After UK Ad Scandal

technology - Posted On:2017-03-21 10:59:56 Source: slashdot

Google vowed on Tuesday to police its websites better by ramping up staff numbers and overhauling its policies after several companies deserted the internet giant for failing to keep their adverts off hate-filled videos. From a report on Reuters: Google has found itself at the center of a British storm in recent days after major companies from supermarkets to banks and consumer groups pulled their adverts from its YouTube site after they appeared alongside videos carrying homophobic and anti-Semitic messages. Alphabet's Google launched a review of the problem on Friday, apologized on Monday and said on Tuesday it had revamped its policies to give advertisers more control. Read more of this story at Slashdot.

Read More

New Technology Combines Lip Motion and Passwords For User Authentication

it - Posted On:2017-03-21 06:14:57 Source: slashdot

An anonymous reader writes: "Scientists from the Hong Kong Baptist University (HKBU) have developed a new user authentication system that relies on reading lip motions while the user speaks a password out loud," reports BleepingComputer. Called "lip password" the system combines the best parts of classic password-based systems with the good parts of biometrics. The system relies on the uniqueness of someone's lips, such as shape, texture, and lip motions, but also allows someone to change the lip motion (password), in case the system ever gets compromised. Other biometric solutions, such as fingerprints, iris scans, and facial features, become eternally useless once compromised. Read more of this story at Slashdot.

Read More