China Has Abandoned a Cybersecurity Truce With the US, Report Says
it - Posted On:2019-02-19 21:14:59 Source: slashdot
Cybersecurity firm Crowdstrike says China has largely abandoned a hacking truce negotiated by Barack Obama as President Trump embarked on a trade war with Beijing last year. "A slowdown in Chinese hacking following the cybersecurity agreement Obama's administration secured in 2015 appears to have been reversed, the firm said in a report released Tuesday that reviewed cyber activity by U.S. adversaries in 2018," reports Bloomberg. From the report: The report comes as the Trump administration seeks to reach a trade deal with China, including provisions on intellectual property theft, ahead of a March 1 deadline. Trump has said he may extend that deadline and hold off on increasing tariffs on Chinese imports if there's progress in the talks. China's hacking targets in 2018 included telecommunications systems in the U.S. and Asia, according to Crowdstrike. Groups linked to Iran and Russia also appeared to target telecommunications, a sector that yields "the most bang for your buck" for hackers due to the large number of users that can be accessed after breaching a single network, Meyers said. The findings align with concern in the U.S. about telecommunications security as the country transitions to the next generation of mobile networks and the Trump administration seeks to secure so-called 5G technology from foreign intelligence gathering. The administration has expressed particular concern about the spread of products made by the Chinese firm Huawei Technologies Co. The report also mentions the increased cyber activity in other parts of the world. "Iran focused much of its cyber activity on Middle Eastern and North African countries while Russia engaged in intelligence collection and information operations worldwide," the report says. "North Korea deployed hackers for financial gain and intelligence collection, while China targeted sectors including technology, manufacturing and hospitality." Read more of this story at Slashdot.
'Samsung's One UI Is the Best Software It's Ever Put On a Smartphone'
technology - Posted On:2019-02-19 20:44:58 Source: slashdot
In preparation for the Galaxy S10 launch event tomorrow, The Verge's Dieter Bohn writes about the new "One UI" software that will run on these new phones. After testing the software on a Galaxy S9 for the past week, Bohn says he really likes it, adding that it's better in some ways than the software found on Google's Pixel 3. "If it weren't for the fact that I don't yet trust Samsung to deliver major software updates quickly, I would be shouting about One UI from the rooftops," writes Bohn. "As it is, I just want to point out that it's time for us to stop instinctively turning our noses up at Samsung's version of Android." From the report: I can't go quite so far as to say that everything has changed forever when it comes to Samsung's customizations. There are still multiple versions of some apps because both Google and Samsung insist on having their software present. Samsung phones also have a reputation for getting a little laggy (the technical term is cruft) over time, and I don't know yet whether One UI and Android 9 will suffer the same fate. But I do know that one week in, this OS actually feels intentional and designed instead of just having a bunch of features tacked on. Historically, we've thought of all those customizations as unnecessary add-ons. But that's not quite right anymore -- customizing AOSP is necessary these days. Instead, we should judge a Samsung phone on its own merits as a phone, not as stuff bolted on to some idealized "pure" version of the phone that can't really exist anymore. One UI consists of four key parts. One is the basic update to Android 9 Pie, which means you'll get a ton of small features for free. Second, there is a generalized update to the look and feel -- everything is just a little cleaner and more tasteful than before. Samsung has realized that neon is only cool in small doses. Third, because this is Samsung, there are just a million features hidden in every corner of the OS. Some of them -- like a dark mode -- are genuinely useful. Others will remind people of the bad old days of TouchWiz. But overall Samsung is doing a better job of surfacing them progressively as you use the phone, instead of asking you to wade though arcane and opaquely named settings screens in the first 15 minutes of using the phone. The last big feature to talk about in One UI is the first one most people will notice: big, giant header text inside apps. When you open up an app like Messages or Settings you'll see the name of the app in a field of white (or black, in dark mode) that takes up the entire top half of the screen. When you scroll, though, the giant header shrinks down and you have a full screen of content. The last big feature to talk about in One UI is the first one most people will notice: big, giant header text inside apps. When you open up an app like Messages or Settings you'll see the name of the app in a field of white (or black, in dark mode) that takes up the entire top half of the screen. When you scroll, though, the giant header shrinks down and you have a full screen of content. Read more of this story at Slashdot.
Trump Directs Pentagon To Create Space Force Legislation for Congress
technology - Posted On:2019-02-19 15:00:00 Source: slashdot
President Donald Trump signed a directive on Tuesday that ordered the Department of Defense to create a Space Force as a sixth military branch. From a report: With a directive signed Tuesday, Mr. Trump was positioning the Space Force much as the Marine Corps fits into the Navy, officials said, with the result being lower costs and less bureaucracy. The plan would require congressional approval. Mr. Trump is to propose funding in his proposed 2020 budget, and spell out a goal of eventually establishing the Space Force as a separate military department, a senior administration official said. "Space, that's the next step and we have to be prepared," said Mr. Trump, who added that adversaries were training forces and developing technology. "I think we'll have great support from Congress." The order Mr. Trump signed, Space Policy Directive 4, calls for a legislative proposal by the secretary of defense to establish a chief of staff of the Space Force within the Air Force. That officer would be a member of the Joint Chiefs of Staff, according to an outline. There also be a new under secretary of defense for space to be appointed by the president. The proposal calls for the Space Force to organize, train and equip personnel to defend the U.S. in space, to provide independent military options for "joint and national leadership" and "enable the lethality and effectiveness of the joint force," according to the administration's outline. Read more of this story at Slashdot.
Google's Waymo Risks Repeating Silicon Valley's Most Famous Blunder
technology - Posted On:2019-02-19 14:00:00 Source: slashdot
An anonymous reader shares a report: Everyone in Silicon Valley knows the story of Xerox inventing the modern personal computer in the 1970s and then failing to commercialize it effectively. Yet one of Silicon Valley's most successful companies, Google's Alphabet, appears to be repeating Xerox's mistake with its self-driving car program. Xerox launched its Palo Alto Research Center (PARC) in 1970. By 1975, its researchers had invented a personal computer with a graphical user interface that was almost a decade ahead of its time. Unfortunately, the commercial version of this technology wasn't released until 1981 and proved to be an expensive flop. Two much younger companies -- Apple and Microsoft -- co-opted many of Xerox's ideas and wound up dominating the industry. Google's self-driving car program, created in 2009, appears to be on a similar trajectory. By October 2015, Google was confident enough in its technology to put a blind man into one of its cars for a solo ride in Austin, Texas. But much like Xerox 40 years earlier, Google has struggled to bring its technology to market. The project was rechristened Waymo in 2016, and Waymo was supposed to launch a commercial driverless service by the end of 2018. But the service Waymo launched in December was not driverless and barely commercial. It had a safety driver in every vehicle, and it has only been made available to a few hundred customers. Read more of this story at Slashdot.
Microsoft Releases Windows 10 Timeline Extension For Google Chrome
it - Posted On:2019-02-19 13:15:00 Source: slashdot
Microsoft has released an official Timeline extension for Google Chrome called "Web Activities" that brings Timeline integration to Google's web browser. From a report: Just like with Microsoft Edge, this new extension syncs web browsing activities with the Timeline feature on Windows 10, making it easier to pick up old activities and search through webpages you've visited recently. The extension is available now in the Chrome Web Store, and ties with your Microsoft Account. Read more of this story at Slashdot.
Google Launches New .dev TLD
technology - Posted On:2019-02-19 12:00:00 Source: slashdot
Google Registry today announced .dev, a brand new top-level domain (TLD) that's dedicated to developers and technology. From a report: The new .dev TLD comes after the company launched .app and .page, all are protected by HTTPS. Google has already used the TLD for a few of its own projects, such as web.dev and opensource.dev, but now it is being opened up to a wider audience. If you are interested in securing yourself a .dev domain, you can register through the Early Access Program. Read more of this story at Slashdot.
Android Q May Change the Back Button To a Gesture
technology - Posted On:2019-02-19 11:15:01 Source: slashdot
Android's back button might be going away entirely, replaced with a quick swipe to the left from the home button. From a report: XDA Developers has been digging into a leaked, early set of code from the next version of Android, codenamed Q, and the latest discovery from those forays is this potential demise of the back button, as well as a quicker app-changing animation when you swipe to the right. The way that gestures and buttons work in Android 9 Pie (the current iteration, at least if you're lucky enough to own a phone that runs it) is a little bit split. Google's Pixel has just a home "pill" and then a back button appears only when it's needed. Here's a quick video XDA made showing the gesture system Google is experimenting with in Android Q. It is, as anybody could have predicted, a little messy. For something as core to a phone as "going home" or "going back," the fact that different phones have different methods could be a problem. Read more of this story at Slashdot.
You Have Around 20 Minutes To Contain a Russian APT Attack
it - Posted On:2019-02-19 10:29:56 Source: slashdot
When a Russian nation-state actor attacks a government or a private organization, they have about 20 minutes to detect and contain the attack. From a report: New statistics published today by US cyber-security firm Crowdstrike ranked threat groups based on their "breakout time." "Breakout time" refers to the time a hacker group takes from gaining initial access to a victim's computer to moving laterally through its network. This includes the time the attacker spends scanning the local network and deploying exploits in order to escalate his access to other nearby computers. [...] According to data gathered from 2018 hack investigations, CrowdStrike says Russian hackers (which the company calls internally "Bears") have been the most prolific and efficient hacker groups last year, with an average breakout time of 18 minutes and 49 seconds. Read more of this story at Slashdot.
Chinese and Iranian Hackers Renew Their Attacks on US Companies
technology - Posted On:2019-02-19 03:14:58 Source: slashdot
Businesses and government agencies in the United States have been targeted in aggressive attacks by Iranian and Chinese hackers who security experts believe have been energized by President Trump's withdrawal from the Iran nuclear deal last year and his trade conflicts with China. From a report: Recent Iranian attacks on American banks, businesses and government agencies have been more extensive than previously reported. Dozens of corporations and multiple United States agencies have been hit, according to seven people briefed on the episodes who were not authorized to discuss them publicly. The attacks, attributed to Iran by analysts at the National Security Agency and the private security firm FireEye, prompted an emergency order by the Department of Homeland Security during the government shutdown last month. The Iranian attacks coincide with a renewed Chinese offensive geared toward stealing trade and military secrets from American military contractors and technology companies, according to nine intelligence officials, private security researchers and lawyers familiar with the attacks who discussed them on the condition of anonymity because of confidentiality agreements. A summary of an intelligence briefing read to The New York Times said that Boeing, General Electric Aviation and T-Mobile were among the recent targets of Chinese industrial-espionage efforts. The companies all declined to discuss the threats, and it is not clear if any of the hacks were successful. Read more of this story at Slashdot.
Windows 7 Users: You Need SHA-2 Support or No Windows Updates After July 2019
technology - Posted On:2019-02-18 23:14:58 Source: slashdot
Windows 7 and Windows Server 2008 users need to have SHA-2 code-signing installed by July 16, 2019, in order to continue to get Windows updates after that date. Microsoft issued that warning on February 15 via a Support article. From a report: Windows operating system updates are dual-signed using both the SHA-1 and SHA-2 hash algorithms to prove authenticity. Bug going foward, due to "weaknesses" in SHA-1, Microsoft officials have said previously that Windows updates will be using the more secure SHA-2 algorithm exclusively. Customers running Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 must have SHA-2 code-signing support installed by July 2019, Microsoft officials have said. Read more of this story at Slashdot.
Stop Saying, 'We Take Your Privacy and Security Seriously'
it - Posted On:2019-02-18 19:44:59 Source: slashdot
Security reporter Zack Whittaker writes: In my years covering cybersecurity, there's one variation of the same lie that floats above the rest. "We take your privacy and security seriously." You might have heard the phrase here and there. It's a common trope used by companies in the wake of a data breach -- either in a "mea culpa" email to their customers or a statement on their website to tell you that they care about your data, even though in the next sentence they all too often admit to misusing or losing it. The truth is, most companies don't care about the privacy or security of your data. They care about having to explain to their customers that their data was stolen. I've never understood exactly what it means when a company says it values my privacy. If that were the case, data hungry companies like Google and Facebook, which sell data about you to advertisers, wouldn't even exist. I was curious how often this go-to one liner was used. I scraped every reported notification to the California attorney general, a requirement under state law in the event of a breach or security lapse, stitched them together, and converted it into machine-readable text. About one-third of all 285 data breach notifications had some variation of the line. It doesn't show that companies care about your data. It shows that they don't know what to do next. Read more of this story at Slashdot.
The Weird Rise of Cyber Funerals
technology - Posted On:2019-02-18 11:15:01 Source: slashdot
Thanks to recent changes to privacy legislation in Europe and South Korea aimed at protecting the living, we now have more power than ever over our personal information -- even from beyond the grave. While this may have felt like a gimmick in the past, cyber funerals -- where our personal data is removed from the web posthumously -- are slowly becoming a viable option. From a report: Digital undertaking is the act of erasing and tidying up your public data after you die. It's a relatively new idea, but one that's already taking off in South Korea, according to the Korean Employment Information Service. Think of it as a ghoulish version of the European Union's right to be forgotten legislation. For most digital undertakers, the tricky task is to contact the social media companies, search engines or even media companies who publish personal information, and request for it to be deleted when their client dies. If that doesn't work, then companies -- be they in South Korea, the USA or UK -- can bury search engine results by flooding Google with new, conflicting data about the deceased. Santa Cruise, a company based in Seoul, was one of the first in South Korea to take on the task of digital undertaking. Founded in 2008, it was originally an agency for entertainment figures but now specializes in removing personal data from the internet for clients both dead and alive. The company's scope includes digital undertaking and even "reputation management" for those who have been victims of revenge porn. Read more of this story at Slashdot.
'No, You Can't Ignore Email. It's Rude.'
it - Posted On:2019-02-17 22:44:58 Source: slashdot
Yes, we're all overwhelmed with email. One recent survey suggested that the average American's inbox has 199 unread messages. But volume isn't an excuse for not replying. Ignoring email is an act of incivility, reads an opinion piece. From the story: "I'm too busy to answer your email" really means "Your email is not a priority for me right now." That's a popular justification for neglecting your inbox: It's full of other people's priorities. But there's a growing body of evidence that if you care about being good at your job, your inbox should be a priority. When researchers compiled a huge database of the digital habits of teams at Microsoft, they found that the clearest warning sign of an ineffective manager was being slow to answer emails. Responding in a timely manner shows that you are conscientious -- organized, dependable and hardworking. And that matters. In a comprehensive analysis of people in hundreds of occupations, conscientiousness was the single best personality predictor of job performance. (It turns out that people who are rude online tend to be rude offline, too.) I'm not saying you have to answer every email. Your brain is not just sitting there waiting to be picked. If senders aren't considerate enough to do their homework and ask a question you're qualified to answer, you don't owe them anything back. How do you know if an email you've received -- or even more important, one you're considering writing -- doesn't deserve a response? After all, sending an inappropriate email can be as rude as ignoring a polite one. [...] Whatever boundaries you choose, don't abandon your inbox altogether. Not answering emails today is like refusing to take phone calls in the 1990s or ignoring letters in the 1950s. Email is not household clutter and you're not Marie Kondo. Ping! Read more of this story at Slashdot.
Germany Sees Big Rise in Security Problems Affecting Infrastructure
technology - Posted On:2019-02-17 13:15:00 Source: slashdot
Germany has experienced a big increase in the number of security incidents hitting critical infrastructure such as power grids and water suppliers, the BSI cybersecurity agency said on Sunday, adding however that they were not all due to hacking. From a report: The Welt am Sonntag weekly had reported on Sunday that Germany had learned of 157 hacker attacks on critical infrastructure companies in the second half of 2018 compared to 145 attacks in the whole of the previous year. "The number of reports of IT security incidents has increased but it is not to be equated with the number of cyber attacks," tweeted the BSI in response to the newspaper report. Read more of this story at Slashdot.
Google Backtracks on Chrome Modifications That Would Have Crippled Ad Blockers
technology - Posted On:2019-02-17 09:14:56 Source: slashdot
Google has changed its stance on upcoming Chrome Manifest V3 changes as benchmark shows they lied about performance hit. Catalin Cimpanu, writing for ZDNet: A study analyzing the performance of Chrome ad blocker extensions published on Friday has proven wrong claims made by Google developers last month, when a controversy broke out surrounding their decision to modify the Chrome browser in such a way that would have eventually killed off ad blockers and many other extensions. The study, carried out by the team behind the Ghostery ad blocker, found that ad blockers had sub-millisecond impact on Chrome's network requests that could hardly be called a performance hit. Hours after the Ghostery team published its study and benchmark results, the Chrome team backtracked on their planned modifications. At the root of Ghostery's benchmark into ad blocker performance stands Manifest V3, a new standard for developing Chrome extensions that Google announced last October. Read more of this story at Slashdot.
Facebook Becomes 'A Haven For the Anti-Vaccination Movement'
technology - Posted On:2019-02-16 21:44:59 Source: slashdot
"As a disturbing number of measles outbreaks crop up around the United States, Facebook is facing challenges combating widespread misinformation about vaccinations on its platform," reported the Washington Post Wednesday, saying Facebook "has become a haven for the anti-vaccination movement" and that "the rise of 'anti-vaxx' Facebook groups is overlapping with a resurgence of measles" in the U.S. Facebook has publicly declared that fighting misinformation is one of its top priorities. But when it comes to policing misleading content about vaccinations, the site faces a thorny challenge. The bulk of anti-vaccination content doesn't violate Facebook's community guidelines for inciting "real-world harm," according to a spokesperson, and the site's algorithms often promote unscientific pages or posts about the issue... Wendy Sue Swanson, a pediatrician at Seattle Children's Hospital and spokeswoman for the American Academy of Pediatrics, recently met with Facebook strategists about dealing with public health issues, including misinformation about vaccines, on the platform... "Facebook isn't responsible for changing quacks but they do have an opportunity to change the way information is served up." But Facebook's algorithms often promote anti-vaccination content over widely accepted, scientifically backed posts or pages about vaccinations. A recent investigation from the Guardian found that Facebook search results regarding vaccines were "dominated by anti-vaccination propaganda...." Facebook also accepted advertising revenue from Vax Truther, Anti-Vaxxer, Vaccines Revealed and Michigan for Vaccine Choice, among others, according to another investigation from the Guardian [which found Facebook even offers the ability to target 900,000 users that Facebook has helpfully identified as interested in "vaccine controversies."] Last month YouTube promised to stop recommending videos that "could misinform users in harmful ways," and later told the Guardian that that would include anti-vaccine videos. The Guardian also noted this week that one anti-vaccination group on Facebook has over 150,000 members. But Facebook told the Post Wednesday that by not deleting the pseudoscience, they're actually giving their users an opportunity to speak up on their own and share factual counter-arguments themselves. By Thursday Facebook added that it was "exploring" additional steps, including "reducing or removing this type of content from recommendations, including 'Groups You Should Join,' and demoting it in search results, while also ensuring that higher quality and more authoritative information is available." Read more of this story at Slashdot.
After Calls For an Edit Button, Twitter Says it is Considering a 'Clarification' Feature
technology - Posted On:2019-02-15 09:59:56 Source: slashdot
Despite years-long calls from power users for an "edit" button, Twitter is considering how it could enable 'clarifications' of tweets, CEO Jack Dorsey said Thursday at Goldman Sachs' tech conference in San Francisco. From a report: "One of the concepts we're thinking about is clarifications," Dorsey said, saying that it could function similarly to a quote tweet. "Kind of like retweet with comment.. to add some context and some color on what they might have tweeted, or what they might have meant." People already often use the quote tweet option for this kind of thing, but the two tweets may not always have the same reach, Dorsey noted. But if the person had opted to "clarify" that tweet, then the original tweet could always appear with the subsequent clarification. Dorsey cautioned that the feature is still just something the company is thinking about, not necessarily something that would launch. But he said such a feature could help people feel more comfortable with Twitter. Read more of this story at Slashdot.
Facebook Settlement With FTC Could Run Into the Billions
technology - Posted On:2019-02-15 08:14:56 Source: slashdot
An anonymous reader quotes a report from The New York Times: Facebook and the Federal Trade Commission are discussing a settlement over privacy violations that could amount to a record, multibillion-dollar fine, according to three people with knowledge of the talks. The company and the F.T.C.'s consumer protection and enforcement staff have been in negotiations over a financial penalty for claims that Facebook violated a 2011 privacy consent decree with the agency, said the people, who spoke on the condition of anonymity because the investigation is private. In 2011, Facebook promised a series of measures to protect user privacy after an investigation found it had harmed consumers with its handling of user data. The current talks have not yet reached the F.T.C.'s five commissioners for a vote and it is unclear how close the two sides are to wrapping up the nearly 11-month investigation. The commissioners met in mid-December and were updated by staff members that they had at that point found considerable evidence of violations of the 2011 consent decree. The FTC investigation into Facebook began after it was reported that the information of 87 million users had been harvested by a British political consulting firm, Cambridge Analytica, without their permission. The agency could seek up to $41,000 for each violation found. Read more of this story at Slashdot.
8-Character Windows NTLM Passwords Can Be Cracked In Under 2.5 Hours
it - Posted On:2019-02-15 05:29:57 Source: slashdot
HashCat, an open-source password recovery tool, can now crack an eight-character Windows NTLM password hash in less than 2.5 hours. "Current password cracking benchmarks show that the minimum eight character password, no matter how complex, can be cracked in less than 2.5 hours" using a hardware rig that utilizes eight Nvidia GTX 2080Ti GPUs, explained a hacker who goes by the pseudonym Tinker on Twitter in a DM conversation with The Register. "The eight character password is dead." From the report: It's dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos. According to Tinker, it's still used for storing Windows passwords locally or in the NTDS.dit file in Active Directory Domain Controllers. It's dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos. According to Tinker, it's still used for storing Windows passwords locally or in the NTDS.dit file in Active Directory Domain Controllers. Tinker estimates that buying the GPU power described would require about $10,000; others have claimed the necessary computer power to crack an eight-character NTLM password hash can be rented in Amazon's cloud for just $25. NIST's latest guidelines say passwords should be at least eight characters long. Some online service providers don't even demand that much. When security researcher Troy Hunt examined the minimum password lengths at various websites last year, he found that while Google, Microsoft and Yahoo set the bar at eight, Facebook, LinkedIn and Twitter only required six. Tinker said the eight character password was used as a benchmark because it's what many organizations recommend as the minimum password length and many corporate IT policies reflect that guidance. So how long is long enough to sleep soundly until the next technical advance changes everything? Tinker recommends a random five-word passphrase, something along the lines of the four-word example popularized by online comic XKCD, "correcthorsebatterystaple." That or whatever maximum length random password via a password management app, with two-factor authentication enabled in either case. Read more of this story at Slashdot.
James Cameron's Alita: Battle Angel Released After Sixteen Years
technology - Posted On:2019-02-15 02:14:57 Source: slashdot
Slashdot reader Drakster writes: Hollywood producer and writer James Cameron, who is best known for his first two Terminator films, Titanic, Avatar, and Aliens, has released his most recent film this week, Alita: Battle Angel, to mostly mixed to positive reviews. First announced in 2003, based on Yukito Kishiro's Gunnm manga series, it was stuck in development for several years, finally starting production in 2008. Slashdot last discussed this fifteen years ago, so now that it's finally here. For those who have seen it, what did you think? Met or surpassed your expectations, or not worth the wait? Read more of this story at Slashdot.