Communications

August Solar Eclipse Could Disrupt Roads and Cellular Networks 65

GeoGreg writes: On August 21, 2017, the contiguous United States will experience its first total solar eclipse since 1979. According to GreatAmericanEclipse.com's Michael Zeiler, approximately 200 million people live within one day's drive of the eclipse. Zeiler projects that between 1.85 to 7.4 million people will attempt to visit the path of totality. As the eclipse approaches, articles are appearing predicting the possibility of automobile traffic jamming rural roads. There is also concern about the ability of rural cellular networks to handle such a large influx. AT&T is bringing in Cell On Wheel (COW) systems to rural locations in Kentucky, Idaho, and Oregon, while Verizon is building a temporary tower in Jackson Hole, Wyoming. The disruption could be frustrating to those trying to get to the eclipse or share their photos via social networking. If cellular networks can't handle the data, apps like Waze won't be much help in avoiding the traffic. If communication is essential near the eclipse path, Astronomy Magazine recommends renting a satellite phone.
The Almighty Buck

The People GoFundMe Leaves Behind (theoutline.com) 242

citadrianne shares a report from The Outline: President Donald Trump's proposed budget seeks to slash $54 billion from social services including programs like Medicaid and Meals on Wheels. As these resources dry up, crowdfunding websites will further entrench themselves as extra-governmental welfare providers in order to fill the gap. For a lucky few, these sites are a lifeline. For most people, they are worthless. Crowdfunding's fatal flaw is that not every campaign ends up getting the money it needs. A recent study published in the journal Social Science & Medicine found that more than 90 percent of GoFundMe campaigns never meet their goal. For every crowdfunding success story, there are hundreds of failures. "As many happy stories as there are in charitable crowdfunding, there are a lot of really worthy causes when you browse these platforms that nobody has given a cent to," Rob Gleasure, professor at the business school of the National University of Ireland, Cork told The Outline. "People haven't come across them." Feller and Gleasure's report highlighted how fickle crowdfunding can be. Of all the Razoo campaigns started in 2013, they found, more than a third didn't receive any funding at all. According to their report, donors are more likely to give to campaigns that feature lots of pictures and accompanying text.
Social Networks

Supreme Court Rules Sex Offenders Can't Be Barred From Social Media (gizmodo.com) 114

An anonymous reader quotes a report from Gizmodo: In a unanimous decision today, the Supreme Court struck down a North Carolina law that prevents sex offenders from posting on social media where children might be present, saying it "impermissibly restricts lawful speech." In doing so, the Supreme Court asserted what we all know to be true: Posting is essential to the survival of the republic. The court ruled that to "foreclose access to social media altogether is to prevent the user from engaging in the legitimate exercise of First Amendment rights." The court correctly noted that "one of the most important places to exchange views is cyberspace." The North Carolina law was ruled to be overly broad, barring "access to what for many are the principal sources for knowing current events, checking ads for employment, speaking and listening in the modern public square, and otherwise exploring the vast realms of human thought and knowledge."
Security

Firm Responsible For Mirai-Infected Webcams Hires Software Firm To Make Its Products More Secure (securityledger.com) 18

chicksdaddy writes from a report via The Security Ledger: After seeding the globe with hackable DVRs and webcams, Zhejiang Dahua Technology Co., Ltd. of Hangzhou, China will be working with the U.S. firm Synopsys to "enhance the security of its Internet of Things (IoT) devices and solutions." Dahua, based in Hangzhou, China said it will with Mountain View based Synopsys to "enhance the security of its Internet of Things (IoT) devices and solutions." In a joint statement, the companies said Dahua will be adopting secure "software development life cycle (SDLC) and supply chain" practices using Synopsys technologies in an effort to reduce the number of "vulnerabilities that can jeopardize our products," according to a statement attributed to Fu Liquan, Dahua's Chairman, The Security Ledger reports. Dahua's cameras and digital video recorders (DVRs) figured prominently in the Mirai botnet, which launched massive denial of service attacks against websites in Europe and the U.S., including the French web hosting firm OVH, security news site Krebsonsecurity.com and the New Hampshire based managed DNS provider Dyn. Cybercriminals behind the botnet apparently exploited an overflow vulnerability in the web interface for cameras and DVRs to gain access to the underlying Linux operating system and install the Mirai software, according to research by the firm Level3. In March, Dahua was called out for another, serious vulnerability in eleven models of video recorders and IP cameras. Namely: a back door account that gave remote attackers full control of vulnerable devices without the need to authenticate to the device. The flaw was first disclosed on the Full Disclosure mailing list and described as "like a damn Hollywood hack, click on one button and you are in."
Television

Netflix Has More American Subscribers Than Cable TV (engadget.com) 74

According to Leichtman Research estimates from the first quarter of 2017, there are more Netflix subscribers in the U.S. (50.85 million) than there are customers for major cable TV networks (48.61 million). While it doesn't mean Netflix is bigger than TV because it doesn't account for the 33.19 million satellite viewers, it represents a huge milestone for a streaming service that had half as many users just 5 years ago. Engadget reports: The shift in power comes in part through Netflix's ever-greater reliance on originals. There's enough high-quality material that it can compete with more established networks. However, it's also getting a boost from the decline of conventional TV. Those traditional sources lost 760,000 subscribers in the first quarter of the year versus 120,000 a year earlier. Leichtman believes a combination of cord cutters and reduced marketing toward cost-conscious viewers is to blame. Cable giants might not be in dire straits, but they're clearly focusing on their most lucrative customers as others jump ship for the internet.
Communications

Someone Built a Tool To Get Congress' Browser History (vice.com) 68

A software engineer in North Carolina has created a new plugin that lets website administrators monitor when someone accesses their site from an IP address associated with the federal government. It was created in part to protest a measure signed by President Trump in April that allows internet service providers to sell sensitive information about your online habits without needing your consent. Motherboard reports: A new tool created by Matt Feld, the founder of several nonprofits including Speak Together, could help the public get a sense of what elected officials are up to online. Feld, a software engineer working in North Carolina, created Speak Together to share "technical projects that could be used to reduce the opaqueness between government and people," he told Motherboard over the phone. "It was born out of just me trying to get involved and finding the process to be confusing." The tool lets website administrators track whether members of Congress, the Senate, White House staff, or Federal Communications Commission (FCC) staff are looking at their site. If you use Feld's plug-in, you'll be able to see whether someone inside government is reading your blog. You won't be able to tell if President Trump viewed a web page, but you will be able to see that it was someone using an IP address associated with the White House. The tool works similarly to existing projects like CongressEdits, an automated Twitter account that tweets whenever a Wikipedia page is edited from IP addresses associated with Congress.
Businesses

Ex-Admin Deletes All Customer Data and Wipes Servers of Dutch Hosting Provider (bleepingcomputer.com) 215

An anonymous reader quotes BleepingComputer: Verelox, a provider of dedicated KVM and VPS servers based in The Hague, Netherlands, suffered a catastrophic outage after a former administrator deleted all customer data and wiped most of the company's servers. Details of what exactly happened aren't available, but according to posts on various web hosting forums [1, 2, 3], the incident appears to have taken place Thursday, when users couldn't access their servers or the company's website.

Verelox's homepage came back online earlier Friday, but the website was plastered with a grim message informing users of the ex-admin's actions. Following the incident, the hosting provider decided to take the rest of its network offline and focus on recovering customer data. Verelox staff don't believe they can recover all data.

Saturday night the web site was advising customers that the network and hosting services "will be back this week with security updates," adding that "current customers who are still interested in our services will receive compensation."
Encryption

Docker's LinuxKit Launches Kernel Security Efforts, Including Next-Generation VPN (eweek.com) 44

darthcamaro writes: Back in April, when Docker announced its LinuxKit effort, the primary focus appeared to just be [tools for] building a container-optimized Linux distribution. As it turns out, security is also a core focus -- with LinuxKit now incubating multiple efforts to help boost Linux kernel security. Among those efforts is the Wireguard next generation VPN that could one day replace IPsec. "Wireguard is a new VPN for Linux using the cryptography that is behind some of the really good secure messaging apps like Signal," said Nathan McCauley, Director of Security at Docker Inc.
According to the article, Docker also has several full-time employees looking at ways to reduce the risk of memory corruption in the kernel, and is also developing a new Linux Security Module with more flexible access control policies for processes.
The Internet

Pirate Bay Founder: We've Lost the Internet, It's All About Damage Control Now (thenextweb.com) 189

Mar Masson Maack reports via The Next Web: At its inception, the internet was a beautifully idealistic and equal place. But the world sucks and we've continuously made it more and more centralized, taking power away from users and handing it over to big companies. And the worst thing is that we can't fix it -- we can only make it slightly less awful. That was pretty much the core of Pirate Bay's co-founder, Peter Sunde's talk at tech festival Brain Bar Budapest. TNW sat down with the pessimistic activist and controversial figure to discuss how screwed we actually are when it comes to decentralizing the internet.

In Sunde's opinion, people focus too much on what might happen, instead of what is happening. He often gets questions about how a digitally bleak future could look like, but the truth is that we're living it: "Everything has gone wrong. That's the thing, it's not about what will happen in the future it's about what's going on right now. We've centralized all of our data to a guy called Mark Zuckerberg, who's basically the biggest dictator in the world as he wasn't elected by anyone. Trump is basically in control over this data that Zuckerberg has, so I think we're already there. Everything that could go wrong has gone wrong and I don't think there's a way for us to stop it." One of the most important things to realize is that the problem isn't a technological one. "The internet was made to be decentralized," says Sunde, "but we keep centralizing everything on top of the internet."

Businesses

Airbnb Announces Its Plan To House 100,000 People In Need (backchannel.com) 139

New submitter mirandakatz writes: Airbnb has just unveiled its Open Homes Platform, a home-sharing site for hosts motivated by goodwill instead of profits -- and for guests motivated by need rather than wanderlust. Specifically, Airbnb is going to begin by connecting refugees with hosts in Canada, France, Greece, and the United States. Ultimately, refugees will be just one group that the site aims to help: Site visitors can also nominate other groups of people for temporary placements, and the platform will expand to include them eventually. At Backchannel, Jessi Hempel dives into the home-sharing platform's latest effort, and places it in the context of the company's broader business strategy.
Security

Malware Uses Router LEDs To Steal Data From Secure Networks (bleepingcomputer.com) 105

An anonymous reader writes: Researchers from the Ben-Gurion University of the Negev in Israel have developed malware that when installed on a router or a switch can take control over the device's LEDs and use them to transmit data in a binary format to a nearby attacker, who can capture it using simple video recording equipment. The attack is similar to the LED-it-GO attack developed by the same team, which uses a hard drive's blinking LED to steal data from air-gapped computers. Because routers and switches have many more LEDs than a hard drive, this attack scenario is much more efficient, as it can transmit data at about the same speed, but multiplied by the number of ports/LEDs. Researchers say they were able to steal data by 1000 bits/ per LED, making this the most efficient attack known to date. The attack worked best when coupled with optical sensors, which are capable of sampling LED signals at high rates, enabling data reception at a higher bandwidth than other typical video recording equipment. A video of the attack is available here.
Businesses

Ask Slashdot: How Do News Organizations Keep Track of So Much Information? 119

dryriver writes: Major news organizations from CNN, BBC, ABC to TIME magazine, the New York Times and the Economist publish a tremendous amount of information, especially now that almost everybody runs a 24/7 updated website alongside their TV channel, magazine or newspaper. Question: How do news organizations actually keep track of what must be 1000s of pieces of incoming information that are processed into news stories every day? If they are using software to manage all this info -- which makes a lot of sense -- is it off-the-shelf software that anybody can buy, or do major news organizations typically commission IT/software contractors to build them a custom "Information Management System" or similar? If there is good off-the-shelf software for managing a lot of information, who makes it and what is it called?
The Internet

Network Time Protocol Hardened To Protect Users From Spying, Increase Privacy (theregister.co.uk) 51

AmiMoJo quotes the Register: The Internet Engineering Task Force has taken another small step in protecting everybody's privacy... As the draft proposal explains, the RFCs that define NTP have what amounts to a convenience feature: packets going from client to server have the same set of fields as packets sent from servers to clients... "Populating these fields with accurate information is harmful to privacy of clients because it allows a passive observer to fingerprint clients and track them as they move across networks".

The header fields in question are Stratum, Root Delay, Root Dispersion, Reference ID, Reference Timestamp, Origin Timestamp, and Receive Timestamp. The Origin Timestamp and Receive Timestamp offer a handy example or a "particularly severe information leak". Under NTP's spec (RFC 5905), clients copy the server's most recent timestamp into their next request to a server – and that's a boon to a snoop-level watcher.

The proposal "proposes backward-compatible updates to the Network Time Protocol to strip unnecessary identifying information from client requests and to improve resilience against blind spoofing of unauthenticated server responses." Specifically, client developers should set those fields to zero.
Youtube

YouTube Clarifies 'Hate Speech' Definition and Which Videos Won't Be Monetized (arstechnica.com) 271

An anonymous reader quotes a report from Ars Technica: In a blog post, YouTube outlined more specific definitions of hate speech and what kinds of incendiary content wouldn't be eligible for monetization. Three categories are classified as hate speech, with the broadest one being "hateful content." YouTube is defining this as anything that "promotes discrimination or disparages or humiliates an individual or group of people on the basis of the individual's or group's race, ethnicity, or ethnic origin, nationality, religion, disability, age, veteran status, sexual orientation, gender identity, or other characteristic associated with systematic discrimination or marginalization." The second category is "inappropriate use of family entertainment characters," which means content showing kid-friendly characters in "violent, sexual, vile, or otherwise inappropriate behavior," no matter if the content is satirical or a parody. The final category is somewhat broad: "incendiary and demeaning content" means that anything "gratuitously" demeaning or shameful toward an individual or group is prohibited. The updated guidelines are a response to creators asking YouTube to clarify what will and will not be deemed advertiser-friendly. YouTube acknowledges that its systems still aren't perfect, but it says it's doing its best to inform creators while maintaining support for advertisers. YouTube also launched a new course in its Creator Academy that creators can take to learn more about how to make "content appealing for a broad range of advertisers."
The Courts

Silk Road Founder Loses Appeal and Will Serve Life (yahoo.com) 145

OutOnARock quotes a report from Yahoo: Ross Ulbricht, the founder of the darknet marketplace known as Silk Road, has lost his appeal of a 2015 conviction that has him serving a life sentence on drug trafficking and money laundering charges, according to a federal appeals court decision released Wednesday morning. Ulbricht argued that the district court that convicted him violated the Fourth Amendment -- which protects against unreasonable searches and seizures -- by wrongly denying his motion to suppress evidence, and that he was deprived of his right to a fair trial. "On the day of Ulbricht's arrest, the government obtained a warrant to seize Ulbricht's laptop and search it for a wide variety of information related to Silk Road and information that would identify Ulbricht as Dread Pirate Roberts," states the decision by the United States Court of Appeals for the Second Circuit in Downtown Manhattan. "Ulbricht moved to suppress the large quantity of evidence obtained from his laptop, challenging the constitutionality of that search warrant."
AI

AI Could Get Smarter By Copying the Neural Structure of a Rat Brain (ieee.org) 89

the_newsbeagle writes: Many of today's fanciest artificial intelligence systems are some type of artificial neural network, but they bear only the roughest resemblance to a biological brain's real networks of neurons. That could change thanks to a $100M program from IARPA. The intelligence agency is funding neuroscience teams to map 1 cubic millimeter of rodent brain, looking at activity in the visual cortex while the rodent is engaged in a complex visual recognition task. By discovering how the neural circuits in that brain cube get activated to process information, IARPA hopes to find inspiration for better artificial neural networks. And an AI that performs better on visual recognition tasks could certainly be useful to intelligence agencies.
Security

Experts Call For Preserving Copper, Pneumatic Systems As Hedge For Cyber Risk (securityledger.com) 169

chicksdaddy quotes a report from The Security Ledger: The United States should invest resources in preserving aging, analog infrastructure including telecommunications networks that use copper wire and pneumatic pumps used to pump water as a hedge against the growing threat of global disruption resulting from a cyber attack on critical infrastructure, two researchers at MITRE argue. The researchers, Emily Frye and Quentin Hodgson with The MITRE Corporation, note that critical infrastructure is increasingly run from converged IP (Internet Protocol) based networks that are vulnerable to cyber attack. That includes so-called "lifelines" -- essential functions like water, electricity, communications, transportation and emergency services. That marks a critical departure from the past when such systems were isolated from the internet and other general purpose networks. "Each lifeline rides on, and is threaded together by, digital systems. And humans have yet to design a digital system that cannot be compromised," they write. With such civilization-sustaining functions now susceptible to attack, the onus is on society to maintain a means of operating them that does not rely on digital controls, Fry and Hodgson write. In many cases, that means preserving an older generation of analog infrastructure and management systems that could be manually operated, The Security Ledger reports. From their article: "In the case of communications, for instance, what is required is the preservation of a base core of copper-enabled connectivity, and the perpetuation of skills and equipment parts to make analog telephones work. Today, we see a move to decommission the copper-wire infrastructure. From a pure business standpoint, decommissioning copper is the right thing to do; but from a public-safety and homeland security perspective, we should reconsider. Decommissioning copper increases homeland security risk, because failover planning calls simply for relying on another server, router, or data center that is also subject to compromise."
Intel

Intel's Super Portable Compute Card Could Be Your Real Pocket PC (techcrunch.com) 61

An anonymous reader writes (edited and condensed for length): Smartphones are already computers in our pockets, but Intel's new Compute Card turns an actual PC into something you can take with you wherever you go. Equipped with a range of processor options -- including an ultra-efficient Celeron, and notebook-class Core i5s, this slap that looks like a USB backup battery is attracting a range of interest from Intel OEM partners hoping to use it for everything from smart signage to modular notebooks. The Intel Compute Card, which was originally revealed at CES earlier this year, will come in a range of configurations that include up to 4GB of RAM and 128GB of flash storage, as well as built-in AC 8265 wireless networking and Bluetooth 4.2 connectivity, the company said today at Computex. Intel also announced availability of the Compute Card Device Design Kit today, which will let OEM partners create devices that work with the modular computing core. LG Display, Sharp, Dell, HP and Lenovo are already working on accessory solutions for Compute Card, Intel said.
Networking

New Privacy Vulnerability In IOT Devices: Traffic Rate Metadata (helpnetsecurity.com) 24

Orome1 quotes Help Net Security: Even though many IoT devices for smart homes encrypt their traffic, a passive network observer -- e.g. an ISP, or a neighborhood WiFi eavesdropper -- can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata. A group of researchers from the Computer Science Department of Princeton University have proven this fact by setting up smart home laboratory with a passive network tap, and examining the traffic rates of four IoT smart home devices: a Sense sleep monitor, a Nest Cam Indoor security camera, a WeMo smart outlet, and an Amazon Echo smart speaker... "Once an adversary identifies packet streams for a particular device, one or more of the streams are likely to encode device state. Simply plotting send/receive rates of the streams revealed potentially private user interactions for each device we tested," the researchers noted. [PDF]
In addition, the article notes, "Separating recorded network traffic into packet streams and associating each stream with an IoT device is not that hard."
Bug

Wormable Code-Execution Bug Lurked In Samba For 7 Years (arstechnica.com) 83

Long-time Slashdot reader williamyf was the first to share news of "a wormable bug [that] has remained undetected for seven years in Samba verions 3.5.0 onwards." Ars Technica reports: Researchers with security firm Rapid7...said they detected 110,000 devices exposed on the internet that appeared to run vulnerable versions of Samba. 92,500 of them appeared to run unsupported versions of Samba for which no patch was available... Those who are unable to patch immediately can work around the vulnerability by adding the line nt pipe support = no to their Samba configuration file and restart the network's SMB daemon. The change will prevent clients from fully accessing some network computers and may disable some expected functions for connected Windows machines.
The U.S. Department of Homeland Security's CERT group issued an anouncement urging sys-admins to update their systems, though SC Magazine cites a security researcher arguing this attack surface is much smaller than that of the Wannacry ransomware, partly because Samba is just "not as common as Windows architectures." But the original submission also points out that while the patch came in fast, "the 'Many eyes' took seven years to 'make the bug shallow'."

Slashdot Top Deals