The Org That Doles Out
.Org Websites Just Sold Itself To a For-Profit Company
technology - Posted On:2019-11-15 11:15:00 Source: slashdot
Today, the Public Interest Registry (PIR), which maintains the .org top-level domain, announced that it will be acquired by Ethos Capital, a private equity firm. From a report: This move will make PIR, previously a non-profit domain registry, officially part of a for-profit company -- which certainly seems at odds with what .org might represent to some. Originally, ".org" was an alternative to the ".com" that was earmarked for commercial entities, which lent itself to non-profit use. That's not all: On June 30th, ICANN, the non-profit that oversees all domain names on the internet, agreed to remove price caps on rates for .org domain names -- which were previously pretty cheap. Seems like something a for-profit company might want. Removing price caps wasn't exactly a popular idea when it was first proposed on March 18th. According to Review Signal, only six of the more than 3,000 public comments on the proposal were in favor of the change. Read more of this story at Slashdot.
Google Almost Made 100,000 Chest X-rays Public -- Until it Realized Personal Data Could Be Exposed
technology - Posted On:2019-11-15 10:44:57 Source: slashdot
Two days before Google was set to publicly post more than 100,000 images of human chest X-rays, the tech giant got a call from the National Institutes of Health, which had provided the images: Some of them still contained details that could be used to identify the patients, a potential privacy and legal violation. From a report: Google abruptly canceled its project with NIH, according to emails reviewed by The Washington Post and an interview with a person familiar with the matter who spoke on the condition of anonymity. But the 2017 incident, which has never been reported, highlights the potential pitfalls of the tech giantā(TM)s incursions into the world of sensitive health data. Over the course of planning the X-ray project, Google's researchers didn't obtain any legal agreements covering the privacy of patient information, the person said, adding that the company rushed toward publicly announcing the project without properly vetting the data for privacy concerns. The emails about Google's NIH project were part of records obtained from a Freedom of Information Act request. Google's ability to uphold data privacy is under scrutiny as it increasingly inserts itself into people's medical lives. The Internet giant this week said it has partnered with health-care provider Ascension to collect and store personal data for millions of patients, including full names, dates of birth and clinical histories, in order to make smarter recommendations to physicians. But the project raised privacy concerns in part because it wasn't immediately clear whether patients had consented to have their files transferred from Ascension servers or what Google's intentions were. Read more of this story at Slashdot.
Amazon Appeals Pentagon's Choice of Microsoft For $10 Billion Cloud Contract
technology - Posted On:2019-11-14 20:29:58 Source: slashdot
Amazon is going into battle with the Pentagon over a massive military tech contract awarded to Microsoft. Amazon cited "unmistakable bias" as it prepares to protest the selection in federal court. NPR reports: This begins a new chapter in the protracted and contentious battle over the biggest cloud-computing contract in U.S. history -- called JEDI, for Joint Enterprise Defense Infrastructure -- worth up to $10 billion over 10 years. The Pentagon declared Microsoft the winner of JEDI on Oct. 25, after months of delays, investigations and controversy -- at first, over accusations of a cozy relationship between Amazon and the Department of Defense, and later, over President Trump's public criticism of Amazon. In a statement on Thursday, Amazon's cloud unit argued that "numerous aspects of the JEDI evaluation process contained clear deficiencies, errors, and unmistakable bias -- and it's important that these matters be examined and rectified." The company is appealing the contract at the U.S. Court of Federal Claims. Amazon Web Services spokesperson said the company was "uniquely experienced and qualified" for the job, adding: "We also believe it's critical for our country that the government and its elected leaders administer procurements objectively and in a manner that is free from political influence." Amazon was stunned by its loss of the JEDI contract. Microsoft's cloud business Azure has been a distant second in size to AWS, which also previously won a cloud contract with the CIA. But a former Pentagon official familiar with the JEDI deal previously told NPR that Microsoft's bid "hit the ball out of the park." Read more of this story at Slashdot.
Over Half of Fortune 500 Exposed To Remote Access Hacking
it - Posted On:2019-11-14 14:00:00 Source: slashdot
Over a two-week period, the computer networks at more than half of the Fortune 500 left a remote access protocol dangerously exposed to the internet, something many experts warn should never happen, according to new research by the security firm Expanse and 451 research. From a report: According to Coveware, more than 60% of ransomware is installed via a Windows remote access feature called Remote Desktop Protocol (RDP). It's a protocol that's fine in secure environments but once exposed to the open internet can, at its best, allow attackers to disrupt access and, at its worst, be vulnerable to hacking itself. RDP is a way of offering virtual access to a single computer. It allows, for example, an IT staffer in one office to provide tech support for a baffled user in a different office. But RDP is best used over a secured network rather than over the open internet. "We compare exposed RDP to leaving a computer attached to your network out on your lawn," Matt Kraning, co-founder and CTO of Expanse, told Axios. Read more of this story at Slashdot.
Google's Rollout of RCS Chat for all Android Users in the US Begins Today
technology - Posted On:2019-11-14 13:30:00 Source: slashdot
Google is announcing that today, a year and a half after it first unveiled RCS chat as Android's primary texting platform, it is actually making RCS chat Android's primary texting platform. That's because it is rolling out availability to any Android user in the US who wants to use it, starting today. From a report: RCS stands for "rich communication services," and it's the successor to SMS. Like other texting services, it supports read receipts, typing indicators, improved group chats, and high-quality images. Unlike several texting apps, like iMessage or Signal, it does not offer end-to-end encryption as an option. RCS is based on your phone number, so when you are texting with somebody who also has it, it should just turn on automatically in your chat. To get RCS, you simply need to use Android Messages as your default texting app on your Android phone. Many Android phones do that already by default, but Samsung users will need to head to the Google Play Store to download it and then switch to it as their default. Further reading: The Four Major Carriers Finally Agree To Replace SMS With a New RCS Standard. Read more of this story at Slashdot.
The USPTO Wants To Know if Artificial Intelligence Can Own the Content it Creates
technology - Posted On:2019-11-14 12:45:00 Source: slashdot
The US office responsible for patents and trademarks is trying to figure out how AI might call for changes to copyright law, and it's asking the public for opinions on the topic. From a report: The United States Patent and Trademark Office (USPTO) published a notice in the Federal Register last month saying it's seeking comments, as spotted by TorrentFreak. The office is gathering information about the impact of artificial intelligence on copyright, trademark, and other intellectual property rights. It outlines thirteen specific questions, ranging from what happens if an AI creates a copyright-infringing work to if it's legal to feed an AI copyrighted material. It starts off by asking if output made by AI without any creative involvement from a human should qualify as a work of authorship that's protectable by US copyright law. If not, then what degree of human involvement "would or should be sufficient so that the work qualifies for copyright protection?" Other questions ask if the company that trains an AI should own the resulting work, and if it's okay to use copyrighted material to train an AI in the first place. "Should authors be recognized for this type of use of their works?" asks the office. "If so, how?" Read more of this story at Slashdot.
Windows and Linux Get Options To Disable Intel TSX To Prevent Zombieload v2 Attacks
technology - Posted On:2019-11-14 12:00:00 Source: slashdot
Both Microsoft and the Linux kernel teams have added ways to disable support for Intel Transactional Synchronization Extensions (TSX). From a report: TSX is the Intel technology that opens the company's CPUs to attacks via the Zombieload v2 vulnerability. Zombieload v2 is the codename of a vulnerability that allows malware or a malicious threat actor to extract information processed inside a CPU, information to which they normally shouldn't be able to access due to the security walls present inside modern-day CPUs. This new vulnerability was disclosed earlier this week. Intel said it would release microcode (CPU firmware) updates -- available on the company's Support & Downloads center. But, the reality of a real-world production environment is that performance matters. Past microcode updates for other attacks, such as Meltdown, Spectre, Foreshadow, Fallout, and Zombieload v1, have been known to introduce performance hits of up to 40%. Seeing that all the CPU attacks listed above are not only theoretical but also hard to pull off, some companies don't see this performance hit as an option. Read more of this story at Slashdot.
Instagram Tests Hiding Like Counts Globally
technology - Posted On:2019-11-14 11:15:00 Source: slashdot
Instagram is making Like counts private for some users everywhere. From a report: Instagram tells TechCrunch the hidden Likes test is expanding to a subset of users globally. Users will have to decide for themselves if something is worth Liking rather than judging by the herd. The change could make users more comfortable sharing what's important to them without the fear of people seeing them receive an embarrassingly small number of likes. Instagram began hiding Likes in April in Canada and then brought the test to Ireland, Italy, Japan, Brazil, Australia and New Zealand in July. Facebook started a similar experiment in Australia in September. Instagram said last week the test would expand to the US, but now it's running everywhere to a small percentage of users in each country. Read more of this story at Slashdot.
John Carmack Stepping Down As CTO of Oculus To Work On AI
technology - Posted On:2019-11-13 20:44:59 Source: slashdot
Oculus CTO John Carmack announced Wednesday that he is stepping down from the augmented-reality company to focus his time on artificial general intelligence. The Verge reports: Carmack will remain in a "consulting CTO" position at Oculus, where he will "still have a voice" in the development work at the company, he wrote. Recent comments from Carmack suggest he may have soured on VR. Carmack was a champion of phone-based VR for years at Oculus, but in October, he delivered a "eulogy" for Oculus' phone-based Gear VR. And in a video for receiving a lifetime achievement award this week at the VR Awards, he said that "I really haven't been satisfied with the pace of progress that we've been making" in VR. Read more of this story at Slashdot.
Facebook Says Government Demands For User Data Are at a Record High
technology - Posted On:2019-11-13 16:44:59 Source: slashdot
Facebook's latest transparency report is out. The social media giant said the number of government demands for user data increased by 16% to 128,617 demands during the first-half of this year compared to the second-half of last year. From a report: That's the highest number of government demands its received in any reporting period since it published its first transparency report in 2013. The U.S. government led the way with the most number of requests -- 50,741 demands for user data resulting in some account or user data given to authorities in 88% of cases. Facebook said two-thirds of all of the U.S. government's requests came with a gag order, preventing the company from telling the user about the request for their data. But Facebook said it was able to release details of 11 so-called national security letters (NSLs) for the first time after their gag provisions were lifted during the period. National security letters can compel companies to turn over non-content data at the request of the FBI. These letters are not approved by a judge, and often come with a gag order preventing their disclosure. But since the Freedom Act passed in 2015, companies have been allowed to request the lifting of those gag orders. Read more of this story at Slashdot.
TPM-FAIL Vulnerabilities Impact TPM Chips In Desktops, Laptops, Servers
it - Posted On:2019-11-13 14:00:00 Source: slashdot
An anonymous reader writes: A team of academics has disclosed today two vulnerabilities known collectively as TPM-FAIL that could allow an attacker to retrieve cryptographic keys stored inside TPMs. The first vulnerability is CVE-2019-11090 and impacts Intel's Platform Trust Technology (PTT). Intel PTT is Intel's fTPM software-based TPM solution and is widely used on servers, desktops, and laptops, being supported on all Intel CPUs released since 2013, starting with the Haswell generation. The second is CVE-2019-16863 and impacts the ST33 TPM chip made by STMicroelectronics. This chip is incredibly popular and is used on a wide array of devices ranging from networking equipment to cloud servers, being one of the few chips that received a CommonCriteria (CC) EAL 4+ classification — which implies it comes with built-in protection against side-channel attacks like the ones discovered by the research team. Unlike most TPM attacks, these ones were deemed practical. A local adversary can recover the ECDSA key from Intel fTPM in 4-20 minutes depending on the access level. We even show that these attacks can be performed remotely on fast networks, by recovering the authentication key of a virtual private network (VPN) server in 5 hours. Read more of this story at Slashdot.
Next in Google's Quest for Consumer Dominance -- Banking
technology - Posted On:2019-11-13 09:44:57 Source: slashdot
Google will soon offer checking accounts to consumers, becoming the latest Silicon Valley heavyweight to push into finance. The Wall Street Journal: The project, code-named Cache, is expected to launch next year with accounts run by Citigroup and a credit union at Stanford University, a tiny lender in Google's backyard. Big tech companies see financial services as a way to get closer to users and glean valuable data. Apple introduced a credit card this summer. Amazon.com has talked to banks about offering checking accounts. Facebook is working on a digital currency it hopes will upend global payments. Their ambitions could challenge incumbent financial-services firms, which fear losing their primacy and customers. They are also likely to stoke a reaction in Washington, where regulators are already investigating whether large technology companies have too much clout. The tie-ups between banking and technology have sometimes been fraught. Apple irked its credit-card partner, Goldman Sachs Group, by running ads that said the card was "designed by Apple, not a bank." Major financial companies dropped out of Facebook's crypto project after a regulatory backlash. Google's approach seems designed to make allies, rather than enemies, in both camps. The financial institutions' brands, not Google's, will be front-and-center on the accounts, an executive told The Wall Street Journal. And Google will leave the financial plumbing and compliance to the banks -- activities it couldn't do without a license anyway. Read more of this story at Slashdot.
Dutch Court Orders Facebook To Ban Celebrity Crypto Scam Ads
technology - Posted On:2019-11-13 08:14:57 Source: slashdot
An anonymous reader quotes a report from TechCrunch: A Dutch court has ruled that Facebook can be required to use filter technologies to identify and preemptively take down fake ads linked to crypto currency scams that carry the image of a media personality, John de Mol, and other well known celebrities. The Dutch celerity filed a lawsuit against Facebook in April over the misappropriation of his and other celebrities' likeness to shill Bitcoin scams via fake ads run on its platform. In an immediately enforceable preliminary judgement today the court has ordered Facebook to remove all offending ads within five days, and provide data on the accounts running them within a week. Per the judgement, victims of the crypto scams had reported a total of ~$1.8M in damages to the Dutch government at the time of the court summons. It's not yet clear whether the company will appeal but in the wake of the ruling Facebook has said it will bring the scam ads report button to the Dutch market early next month. Read more of this story at Slashdot.
Tesla's European Gigafactory Will Be Built In Berlin
technology - Posted On:2019-11-12 18:29:59 Source: slashdot
Tesla's European gigafactory will be built in the Berlin area, Elon Musk said Tuesday during an awards ceremony in Germany. TechCrunch reports: Musk was onstage to receive a Golden Steering Wheel Award given by BILD. "There's not enough time tonight to tell all the details," Musk said during an onstage interview with Volkswagen Group CEO Herbert Diess. "But it's in the Berlin area, and it's near the new airport." Tesla is also going to create an engineering and design center in Berlin because "I think Berlin has some of the best art in the world," Musk said. Diess thanked Musk while onstage for "pushing us" toward electrification. Diess later said that Musk and Telsa are demonstrating that moving toward electrification works. "I don't think Germany is that far behind," Musk said when asked about why German automakers were behind in electric vehicles. He later added that some of the best cars in the world are made in Germany. "Everyone knows that German engineering is outstanding and that's part of the reason we're locating our Gigafactory Europe in Germany," Musk said. On Twitter, Musk said the Berlin-based gigafactory "Will build batteries, powertrains & vehicles, starting with Model Y." Read more of this story at Slashdot.
Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago
it - Posted On:2019-11-12 17:59:59 Source: slashdot
An anonymous reader quotes a report from The New York Times: Last May, when Intel released a patch for a group of security vulnerabilities researchers had found in the company's computer processors, Intel implied that all the problems were solved. But that wasn't entirely true, according to Dutch researchers at Vrije Universiteit Amsterdam who discovered the vulnerabilities and first reported them to the tech giant in September 2018. The software patch meant to fix the processor problem addressed only some of the issues the researchers had found. It would be another six months before a second patch, publicly disclosed by the company on Tuesday, would fix all of the vulnerabilities Intel indicated were fixed in May, the researchers said in a recent interview. The public message from Intel was "everything is fixed," said Cristiano Giuffrida, a professor of computer science at Vrije Universiteit Amsterdam and one of the researchers who reported the vulnerabilities. "And we knew that was not accurate." While many researchers give companies time to fix problems before the researchers disclose them publicly, the tech firms can be slow to patch the flaws and attempt to muzzle researchers who want to inform the public about the security issues. Researchers often agree to disclose vulnerabilities privately to tech companies and stay quiet about them until the company can release a patch. Typically, the researchers and companies coordinate on a public announcement of the fix. But the Dutch researchers say Intel has been abusing the process. Now the Dutch researchers claim Intel is doing the same thing again. They said the new patch issued on Tuesday still doesn't fix another flaw they provided Intel in May. The Intel flaws, like other high-profile vulnerabilities the computer security community has recently discovered in computer chips, allowed an attacker to extract passwords, encryption keys and other sensitive data from processors in desktop computers, laptops and cloud-computing servers. Intel says the patches "greatly reduce" the risk of attack, but don't completely fix everything the researchers submitted. The company's spokeswoman Leigh Rosenwald said Intel was publishing a timeline with Tuesday's patch for the sake of transparency. "This is not something that is normal practice of ours, but we realized this is a complicated issue. We definitely want to be transparent about that," she said. "While we may not agree with some of the assertions made by the researchers, those disagreements aside, we value our relationship with them." Read more of this story at Slashdot.
Microsoft Starts Rolling Out Windows 10 November 2019 Update
technology - Posted On:2019-11-12 17:14:59 Source: slashdot
Microsoft today started rolling out the free Windows 10 November 2019 Update. For those keeping track, this update is Windows 10 build 18363 and will bring Windows 10 to version 1909. From a report: The Windows 10 November 2019 Update (version 1909) is odd because it shares the same Cumulative Update packages as the Windows 10 May 2019 Update (version 1903). That means version 1909 will be delivered more quickly to version 1903 users -- it will install like a monthly security update. The build number will barely change: from build 18362 to build 18363. If two computers have the same servicing content, the build revision number should match: 18362.xxx and 18363.xxx. For developers, this means a new Windows SDK will not be issued in conjunction with this version of Windows (there arenā(TM)t any new APIs). Again, the Windows 10 November 2019 Update is not a typical release. It's a much smaller update, though it is still worth getting. Windows 10 version 1909 brings improvements to Windows containers, inking latency, and password recovery. User-facing features include letting third-party digital assistants to voice activate above the Lock screen, being able to create events straight from the Calendar flyout on the Taskbar, and displaying OneDrive content in the File Explorer search box. You may also notice some changes to notification management, better performance and reliability on certain CPUs, and battery life and power efficiency improvements. Read more of this story at Slashdot.
As 5G Rolls Out, Troubling New Security Flaws Emerge
technology - Posted On:2019-11-12 14:00:00 Source: slashdot
It's not yet prime time for 5G networks, which still face logistical and technical hurdles, but they're increasingly coming online in major cities worldwide. Which is why it's especially worrying that new 5G vulnerabilities are being discovered almost by the dozen. From a report: At the Association for Computing Machinery's Conference on Computer and Communications Security in London today researchers are presenting new findings that the 5G specification still has vulnerabilities. And with 5G increasingly becoming a reality, time is running out to catch these flaws. The researchers from Purdue University and the University of Iowa are detailing 11 new design issues in 5G protocols that could expose your location, downgrade your service to old mobile data networks, run up your wireless bills, or even track when you make calls, text, or browse the web. They also found five additional 5G vulnerabilities that carried over from 3G and 4G. They identified all of those flaws with a new custom tool called 5GReasoner. One purported benefit of 5G is that it protects phone identifiers, like your device's "international mobile subscriber identity," to help prevent tracking or targeted attacks. But downgrade attacks like the ones the researchers found can bump your device down to 4G, or put it into limited service mode, then force it to send its IMSI number unencrypted. Increasingly, networks use an alternative ID called a Temporary Mobile Subscriber Identity that refreshes periodically to stymie tracking. But the researchers also found flaws that could allow them to override TMSI resets, or correlate a device's old and new TMSI, to track devices. Mounting those attacks takes only software-defined radios that cost a few hundred dollars. The 5GReasoner tool also found issues with the part of the 5G standard that governs things like initial device registration, deregistration, and paging, which notifies your phone about incoming calls and texts. Depending on how a carrier implements the standard, attackers could mount "replay" attacks to run up a target's mobile bill by repeatedly sending the same message or command. It's an instance of vague wording in the 5G standard that could cause carriers to implement it weakly. Read more of this story at Slashdot.
Facebook Bug Has Camera Activated While People Are Using the App
technology - Posted On:2019-11-12 12:00:00 Source: slashdot
When you're scrolling through Facebook's app, the social network could be watching you back, in more ways than just your data, concerned users have found. Multiple people have found and reported that their iPhone cameras were turned on in the background while looking at their feed. From a report: The issue came to light with several posts on Twitter, showing that their cameras were activated behind Facebook's app as they were watching videos or looking at photos on the social network. After clicking on the video to full screen, returning it back to normal would create a bug where Facebook's mobile layout was slightly shifted to the right. With the open space on the left, you could now see the phone's camera activated in the background. This was documented in multiple cases, with the earliest incident on November 2. Read more of this story at Slashdot.
Instagram Is Coming for TikTok's Head By Copying Its Best Features
technology - Posted On:2019-11-12 10:29:57 Source: slashdot
First, Instagram killed Snapchat when it cribbed its Stories feature. Now, the social media platform is reportedly gunning for TikTok with a new format called Reels. From a report: Reels is currently being rolled out in Brazil. Available on both iOS and Android, the feature lets users record 15-second clips that can then be set to music. Users can adjust speed, as well as borrow audio from other videos to remix and riff content. It also appears Instagram is adding video editing tools, like the ability to add timed captions and ghost overlays for transitions. Once a user is finished editing, the video can then be posted to their Stories -- and may also be shared to a new "Top Reels" section in the Explore tab. At the moment, there's no concrete timeline for when we might see Reels stateside. An Instagram spokesperson told Gizmodo that the company is simply excited to test the feature in Brazil for now, and "incorporate learnings and feed back from the community as [it] goes." Read more of this story at Slashdot.
Pentagon Gets a Fix for F-35 Bug in $400,000 Pilot Helmets
technology - Posted On:2019-11-12 09:59:56 Source: slashdot
The U.S. military may have finally found a way to fix a glitch with the world's most high-tech helmet used by pilots flying the most expensive fighter jet in history. From a report: A bug in the $400,000 helmet display screen used by F-35 aviators caused a green glow when flying in very low-light conditions and is now expected to be overcome by using a different type of semiconductor illumination. The distracting green glow was deemed so critical that restrictions were imposed on some night landings on aircraft carriers, and the fault was classified as a "Priority One" fix by the Pentagon's test office. Jittery lines were also visible to some pilots. Defense giant Lockheed Martin has been contracted by the F-35 Joint Program Office for the redesign, modifying headpieces by installing new organic light-emitting diodes to replace traditional liquid crystal displays. "In partnership with the F-35 Joint Program Office and our U.S. Navy customer, we've been working to transition the helmet technology from a traditional LCD to an Organic LED system," Program Manager Jim Gigliotti said by email. Lockheed Martin did not provide a figure for the number of helmets requiring modification or the upgrade cost. Read more of this story at Slashdot.