Two and a half months after a federal jury concluded that Google's Android operating system does not infringe Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use," Oracle's attorney says her client missed a crucial detail in the trial, adding that this detail could change everything. ArsTechnica reports: Oracle lawyers argued in federal court today that their copyright trial loss against Google should be thrown out because they were denied key evidence in discovery. Oracle attorney Annette Hurst said that the launch of Google Play on Chrome OS, which happened in the middle of the trial, showed that Google was trying to break into the market for Java SE on desktops. In her view, that move dramatically changes the amount of market harm that Oracle experienced, and the evidence should have been shared with the jury. "This is a game-changer," Hurst told U.S. District Judge William Alsup, who oversaw the trial. "The whole foundation for their case is gone. [Android] isn't 'transformative'; it's on desktops and laptops." Google argued that its use of Java APIs was "fair use" for several reasons, including the fact that Android, which was built for smartphones, didn't compete with Java SE, which is used on desktops and laptops. During the post-trial hearing today, Hurst argued that it's clear that Google intends to use Android smartphones as a "leading wedge" and has plans to "suck in the entire Java SE market. [...] Android is doing this using Java code," said Hurst. "That's outrageous, under copyright law. This verdict is tainted by the jury's inability to hear this evidence. Viewing the smartphone in isolation is a Google-gerrymandered story."In the meanwhile, Google attorney said Oracle was aware of Google's intentions of porting Android to laptops and desktops, and that if Oracle wanted to use this piece of information, it could have.

MojoKid writes: Intel CEO Bryan Krzanich took to the stage at the Moscone Center in San Francisco today to kick off this year's Intel Developers Forum. Kyrzanich unveiled a number of new projects and products including a product code-named "Project Alloy." The device is an un-tethered, merged reality Head Mounted Device (HMD) that combines compute, graphics, multiple RealSense modules, various sensors, and batteries into a self-contained headset that offers a full six degrees of freedom. Unlike the Oculus Rift and HTC Vive, Project Alloy does not need to be wired to a PC or other device and it does not require externally mounted sensors to define a virtual space. Instead, it uses RealSense cameras to map the actual physical world you're in while wearing the HMD. The RealSense cameras also allow the device to bring real-world objects into the virtual world, or vice versa. The cameras and sensors used in Project Alloy offer full depth sensing, so obstacles can be mapped, and people and objects within camera range -- like your hand, for example -- can be brought into the virtual world and accurately tracked. During a live, on-stage demo performed by Intel's Craig Raymond, Craig's hand was tracked and all five digits, complete with accurate bones and joint locations, were brought into the the VR/AR experience. Project Alloy will be supported by Microsoft's Windows Holographics Shell framework.

An anonymous reader writes from a report via VentureBeat: The Amazon-owned, game-streaming site Twitch has announced today that it has acquired Curse, a company that creates programs like voice clients, databases, and mod managers for PC games for some 30 million users. Twitch did not disclose how much they paid for Curse. VentureBeat reports: "Twitch has more than 100 million users a month, and it has helped to popularize new trends gaming like esports and the rise of influencers and personalities who create fanbases that watch them (and donate money to them) while they play. Curse has over 30 million users a month across its website, social media channels, and desktop applications. The company hosts popular websites for hit PC games like Hearthpwn for Hearthstone: Heroes of Warcraft and MMO Champion for World of Warcraft. Outside of its site, Twitch hasn't made many services for gamers. It could use this acquisition to extend a reach into that field."

msm1267 writes from a report via Threatpost: A Windows UAC bypass has been publicly disclosed that not only bypasses the security feature meant to prevent unauthorized installs, but can be used to run code on compromised machines without leaving a trace on the hard disk. The bypass relies on Event Viewer (eventvwr.exe), a native Windows feature used to view event logs locally or remotely. Researcher Matt Nelson said he figured out a way to use eventvwr to hijack a registry process, start Powershell and execute commands on Windows machines; he collaborated with fellow researcher Matt Graeber on a proof-of-concept exploit, which was tested against Windows 7 and 10. A report published today by Nelson said it would work against any version of the OS that implements UAC. An attacker would already need to be on the machine to use this technique, Nelson said. The attack allows an admin user to execute code in a high-integrity context without requiring the user to approve the administrative action via the UAC pop-up. Microsoft, the researcher said, does not consider UAC bypasses a security boundary worthy of a bulletin and patch. It's unclear how Microsoft will address this issue.

Devindra Hardawar, writing for Engadget: We've seen plenty of unique dev kits from Intel, including the SD card-sized Edison, but not one as powerful as this. Intel announced Joule today, a tiny maker board that will allow developers to test RealSense-powered concepts and, hopefully, bring the to the market faster than before. The company says the tiny, low-powered Joule would be ideal for testing concepts in robotics, AR, VR, industrial IoT and a slew of other industries. And it also looks like it could be an interesting way for students to dabble in RealSense's depth-sensing technology in schools. There will be two Joule kits to choose from: the 550x, which includes a 1.5GHz quad-core Atom T5500 processor, 3GB of RAM and 8GB of storage; and the 570x, which packs in a 1.7Ghz quad-core Atom T5700 CPU (with burst speeds up to 2.4GHz), 4GB of RAM and 16GB of storage. Both models include "laptop-class" 802.11AC wireless, Intel graphics with 4K capture and display support, and a Linux-based OS.

An anonymous reader writes from a report via Softpedia: "Researcher Jerry Decime revealed details about a security vulnerability that allows an attacker to gain a Man-in-the-Middle position and intercept HTTPS traffic thanks to flaws in the implementation of proxy authentication procedures in various products," reports Softpedia. The flaw can be used to collect user credentials by tricking victims into re-authenticating, sending data to a third-party. Multiple software vendors deploy applications that can handle proxy connections. Until now, Apple, Microsoft, Oracle, and Opera have acknowledged their products are affected. Lenovo said this bug does not impact its software. Other software vendors that are still evaluating the FalseCONNECT bug and may be affected include multiple Linux distros, Cisco, Google, HP, IBM, Juniper, Mozilla, Nokia, OpenBSD, SAP, Sony, and others.

snydeq writes: Cheaper, faster, better side effects -- sometimes a bad idea in programming is better than just good enough, writes InfoWorld's Peter Wayner: "Some ideas, schemes, or architectures may truly stink, but they may also be the best choice for your project. They may be cheaper or faster, or maybe it's too hard to do things the right way. In other words, sometimes bad is simply good enough. There are also occasions when a bad idea comes with a silver lining. It may not be the best approach, but it has such good side-effects that it's the way to go. If we're stuck going down a suboptimal path to programming hell, we might as well make the most of whatever gems may be buried there." What bad programming ideas have you found useful enough to make work in your projects? Don't be shy or ashamed, we all want to hear your responses!

Slashdot reader River Tam explains the crash of Australia's online census site, citing the account of a security researcher who says IBM and the Australian Bureau of Statistics "were offered DDoS prevention services from their upstream provider...and said they didn't need it." From an article on CSO: The ABS and IBM gambled on a plan to ask its upstream network provider to block traffic from outside Australia in the event that a denial-of-service attack was detected... Offshore traffic to the site was blocked in line with the plan, however, another attack, for which the ABS had no contingency to repel, was directed at it from within Australia. The attack crippled the firewall and the census site's operators opted to restart it and fall back to a secondary firewall. However, they forgot to check that it had the same configuration as the primary firewall. That crippled the census site.

In an unfortunate confluence of events, IBM's security warning systems started flagging some unusual activity, which indicated that information on the ABS servers was heading offshore. The site's operators, thinking the DDoS activity was a distraction, interpreted the alarms as a successful hack...these were little more than benign system logs and the technical staff monitoring the situation poorly understood it. Amid the confusion they naturally erred on the side of caution, [and] decided to pull the plug on the site...

Xavier Niel is the billionaire founder of France's second-largest ISP. In February he bought a former campus from DeVry University, and tried building something better. Slashdot reader bheerssen writes: 42 US is a free coding school near Facebook's headquarters in Fremont, California. The courses are boot camp like experiences that do not offer traditional degrees, but hope to provide programming skills and experience to students for free.
Ars Technica calls it "a radical education experiment" -- even the dorms are free -- and the school's COO describes their ambition to become a place "where individuals from all different kinds of backgrounds, all different kinds of financial backgrounds, can come and have access to this kind of education so that then we can have new kinds of ideas." Students between the ages of 18 and 30 are screened through an online logic test, according to the article, then tossed into a month-long "sink or swim" program that begins with C. "Students spend 12 or more hours per day, six to seven days per week. If they do well, students are invited back to a three- to five-year program with increasing levels of specialty."

The National Science Foundation is developing a way to create working code using "automated program synthesis," a new technology called ExCAPE "that provides human operators with automated assistance.... By removing the need for would-be programmers to learn esoteric programming languages, the method has the potential to significantly expand the number of people engaged in programming in a variety of disciplines, from personalized education to robotics." Rajeev Alur, who leads a team of researchers from America's nine top computer science programs, says that currently software development "remains a tedious and error-prone activity." Slashdot reader the_insult_dog writes: While its lofty goals of broadly remaking the art of programming might not be realized, the research has already made some advances and resulted in several tools already in use in areas such as commercial software production and education...
For example, the NSF created a new tool (which they've recently patented) called NetEgg, which generates code for controlling software-defined networks, as well as Automata Tutor and AutoProf, which provide automated feedback to computer science students.

Long-time Slashdot reader chicksdaddy quotes a report from Security Ledger: One of every five software vulnerabilities discovered in vehicles in the last three years are rated "critical" and are unlikely to be resolved through after the fact security fixes, according to an analysis by the firm IOActive. "These are the high priority 'hair on fire' vulnerabilities that are easily discovered and exploited and can cause major impacts to the system or component," the firm said in its report...

The bulk of vulnerabilities that were identified stemmed from a failure by automakers and suppliers to follow security best practices including designing in security or applying secure development lifecycle (SDL) practices to software creation... The result is that vehicle cybersecurity vulnerabilities are not solvable using "bolt-on" solutions, IOActive concluded...
The article argues we're years away from standards or regulations, while describing auto-makers as "wedded to the notion that keeping the details of their systems secret will ensure security."

An anonymous reader quotes a report from GulfNews: The "100 Richest Tech Billionaires In The World 2016" list has been topped by Microsoft founder Bill Gates with an estimated fortune of $78 billion. The titans on Forbes' second annual list of the world's richest in technology are worth a combined $892 billion, six percent more than a year ago. Just over half of the 100 richest in tech are from the U.S., including eight of the top 10 richest on the list. Forbes said the second richest person in tech Amazon founder and CEO Jeff Bezos is also the biggest gainer on the list this year and has an estimated $66.2 billion fortune, an increase of $18.4 billion since this list was released last year. That puts him ahead of Oracle chairman Larry Ellison, who comes in on the fourth spot. Ellison was also beaten by Facebook founder and CEO Mark Zuckerberg, who climbed from fourth to third place thanks to a 30 percent jump in the value of Facebook's stock; he is now also California's richest person, another title that previously belonged to Ellison.

An anonymous reader writes: In another installment of "Linux has malware too," security researchers have discovered a new trojan that targets Linux servers running Redis, where the trojan installs a cryptocurrency miner. The odd fact about this trojan is that it includes a wormable feature that allows it to spread on its own. The trojan, named Linux.Lady, will look for Redis servers that don't have an admin account password, access the database, and then download itself on the new target. The trojan mines for the Monero crypto-currency, the same one used by another worm called PhotoMiner, which targets vulnerable FTP servers. According to a recent Risk Based Security report from last month, there are over 30,000 Redis servers available online without a password, of which 6,000 have already been compromised by various threat actors.

IFTTT (short for If this then that) has made a name for itself as a platform for people to easily automate tasks between various apps. The company announced on Wednesday that it is now allowing developing partners to embed those IFTTT recipes directly in their own third-party apps. TechHive adds: This should enable IFTTT to expand its user base beyond the 1.4 million enthusiasts who are already using the service. Smart-home device users who own products such as the Ring video doorbell, LIFX smart bulbs, the Foobot indoor air monitor, and the Garagio smart garage-door operator will gain the capability to use IFTTT recipes directly from their product's apps starting Wednesday. You'll still need to sign up for an IFTTT account if you don't have one, but you'll be able to do that without leaving the third-party device's app. "It lets them tell the story now," said CEO Linden Tibbett. "A good analogy is to think of how PayPal handles payment... We want to be that standard for asking and granting access from one service to another."

An anonymous reader quotes a report from Business Insider: A new study out Tuesday in the journal Environmental Science and Technology Letters looked at a national database that monitors chemical levels in drinking water and found that 6 million people were being exposed to levels of a certain chemical that exceed what the Environmental Protection Agency considers healthy. The chemicals, known as poly- and perfluoroalkyl substances, or PFASs, are synthetic and resistant to water and oil, which is why they're used in things like pizza boxes and firefighting foam. They're built to withstand the environment. But PFASs also accumulate in people and animals and have been observationally linked to an increased risk of health problems including cancer. And they can't be easily avoided, like with a water filter, for example. You can view the chart to see the tested areas of the U.S. where PFASs exceed 70 ng/L, which is what's considered a healthy lifetime exposure.

dwheeler writes: The U.S. federal government just released a new Federal Source Code policy (PDF). For each of the next 3 years, at least 20 percent of custom-developed Federal source code is to be released as open-source software. Earlier this year, Tony Scott, Federal CIO of the U.S. government, wrote on the White House blog that the U.S. government "can save taxpayer dollars by avoiding duplicative custom software purchases and promote innovation and collaboration across Federal agencies." Today, they released the Federal Source Code policy. TechCrunch reports: "The main requirement is that any new custom source code developed 'by or for the Federal Government' has to be made available for sharing and re-use by all Federal agencies. For example, this means that the TSA can have access to custom made software that was commissioned by the FBI. Considering there is probably a great deal of overlap in applications needed by certain branches of the Federal Government, this rule alone should save the government (and taxpayers) a great deal of money. In fact, the policy states that 'ensuring Government-wide reuse rights for custom code that is developed using Federal funds has numerous benefits for American taxpayers.'"

schwit1 quotes a report from Motherboard: By itself, the ability to instantly identify anyone just by seeing their face already creates massive power imbalances, with serious implications for free speech and political protest. But more recently, researchers have demonstrated that even when faces are blurred or otherwise obscured, algorithms can be trained to identify people by matching previously-observed patterns around their head and body. In a new paper uploaded to the ArXiv pre-print server, researchers at the Max Planck Institute in Saarbrucken, Germany demonstrate a method of identifying individuals even when most of their photos are un-tagged or obscured. The researchers' system, which they call the "Faceless Recognition System," trains a neural network on a set of photos containing both obscured and visible faces, then uses that knowledge to predict the identity of obscured faces by looking for similarities in the area around a person's head and body. As for the accuracy of the system, "even when there are only 1.25 instances of the individual's fully-visible face, the system can identify an obscured face with 69.6 percent accuracy; if there are 10 instances of an individual's face, it increases to as high as 91.5 percent."

Brian Krebs reports: A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle's MICROS point-of-sale credit card payment systems. Asked this weekend for comment on rumors of a large data breach potentially affecting customers of its retail division, Oracle acknowledged that it had "detected and addressed malicious code in certain legacy MICROS systems." It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal. MICROS is among the top three point-of-sale vendors globally. Oracle's MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS's systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.

Slashdot reader DERoss writes: Effective 1 August, the U.S. Social Security Administration (SSA) requires users who want to access their SSA accounts to use two-factor authentication. This involves receiving a "security" code via a cell phone text message. This creates two problems. First of all, many seniors who depend on the Social Security benefits to pay their living costs do not have cell phones [or] are not knowledgeable about texting.

More important, cell phone texting is NOT secure. Text messages can be hacked, intercepted, and spoofed. Seniors' accounts might easily be less secure now than they were before 1 August... This is not because of any law passed by Congress. This is a regulatory decision made by top administrators at SSA.
In addition, Krebs on Security reports that the new system "does not appear to provide any additional proof that the person creating an account at ssa.gov is who they say they are" and "does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven't yet created accounts for themselves." Users are only more secure after they create an account on the social security site -- and Krebs also notes that ironically, the National Institute for Standards and Technology already appears to be deprecating the use of SMS-based two-factor authentication.

New submitter altnuc writes: Two thieves in Houston stole more than 30 Jeeps by using a laptop and a stolen database. The thieves simply looked up the vehicles' VIN numbers in a stolen database, reprogramed a generic key fob, started the cars, and drove away. Chrysler has confirmed that more than 100 of their vehicles have been stolen in the Houston area since November. Chrysler/Jeep owners should always make sure their vehicles are locked! The Wall Street Journal issued a report in July with more details about how hackers are able to steal cars with a laptop. The whole process takes roughly 6 minutes. CrimeStopHouston has posted a video on YouTube of one of the thieves in action.