An anonymous reader writes from a report via Softpedia: "Researcher Jerry Decime revealed details about a security vulnerability that allows an attacker to gain a Man-in-the-Middle position and intercept HTTPS traffic thanks to flaws in the implementation of proxy authentication procedures in various products," reports Softpedia. The flaw can be used to collect user credentials by tricking victims into re-authenticating, sending data to a third-party. Multiple software vendors deploy applications that can handle proxy connections. Until now, Apple, Microsoft, Oracle, and Opera have acknowledged their products are affected. Lenovo said this bug does not impact its software. Other software vendors that are still evaluating the FalseCONNECT bug and may be affected include multiple Linux distros, Cisco, Google, HP, IBM, Juniper, Mozilla, Nokia, OpenBSD, SAP, Sony, and others.

Slashdot reader River Tam explains the crash of Australia's online census site, citing the account of a security researcher who says IBM and the Australian Bureau of Statistics "were offered DDoS prevention services from their upstream provider...and said they didn't need it." From an article on CSO: The ABS and IBM gambled on a plan to ask its upstream network provider to block traffic from outside Australia in the event that a denial-of-service attack was detected... Offshore traffic to the site was blocked in line with the plan, however, another attack, for which the ABS had no contingency to repel, was directed at it from within Australia. The attack crippled the firewall and the census site's operators opted to restart it and fall back to a secondary firewall. However, they forgot to check that it had the same configuration as the primary firewall. That crippled the census site.

In an unfortunate confluence of events, IBM's security warning systems started flagging some unusual activity, which indicated that information on the ABS servers was heading offshore. The site's operators, thinking the DDoS activity was a distraction, interpreted the alarms as a successful hack...these were little more than benign system logs and the technical staff monitoring the situation poorly understood it. Amid the confusion they naturally erred on the side of caution, [and] decided to pull the plug on the site...

An anonymous reader writes: Airlines will likely suffer more disruptions like the one that grounded about 2,000 Delta flights this week because major carriers have not invested enough to overhaul reservations systems based on technology dating to the 1960s, airline industry and technology experts told Reuters. Airlines have spent heavily to introduce new features such as automated check-in kiosks, real-time luggage tracking and slick mobile apps. But they have avoided the steep cost of rebuilding their reservations systems from the ground up, former airline executives said. Scott Nason, former chief information officer at American Airlines Group Inc, said long-term investments in computer technology were a tough sell when he worked there. "Most airlines were on the verge of going out of business for many years, so investment of any kind had to have short pay-back periods," said Nason, who left American in 2009 and is now an independent consultant. The reservations systems of the biggest carriers mostly run on a specialized IBM operating system known as Transaction Processing Facility, or TPF. It was designed in the 1960s to process large numbers of transactions quickly and is still updated by IBM, which did a major rewrite of the operating system about a decade ago.

An anonymous reader writes from a report via Ars Technica: IBM has created the world's first artificial nanoscale stochastic phase-change neurons and has already created and used a population of 500 of them to process a signal in a similar manner as the brain. Ars Technica reports: "Like a biological neuron, IBM's artificial neuron has inputs (dendrites), a neuronal membrane (lipid bilayer) around the spike generator (soma, nucleus), and an output (axon). There's also a back-propagation link from the spike generator back to the inputs, to reinforce the strength of some input spikes. The key difference is in the neuronal membrane. In IBM's neuron, the membrane is replaced with a small square of germanium-antimony-tellurium (GeSbTe or GST). GST, which happens to be the main active ingredient in rewritable optical discs, is a phase-change material. This means it can happily exist in two different phases (in this case crystalline and amorphous), and easily switch between the two, usually by applying heat (by way of laser or electricity). A phase-change material has very different physical properties depending on which phase it's in: in the case of GST, its amorphous phase is an electrical insulator, while the crystalline phase conducts. With the artificial neurons, the square of GST begins life in its amorphous phase. Then, as spikes arrive from the inputs, the GST slowly begins to crystallize. Eventually, the GST crystallizes enough that it becomes conductive -- and voila, electricity flows across the membrane and creates a spike. After an arbitrary refractory period (a resting period where something isn't responsive to stimuli), the GST is reset back to its amorphous phase and the process begins again." The research has been published via the journal Nature.

Slashdot reader Noryungi writes: Qubes OS certainly has an intriguing approach to security, but a newly discovered Xen vulnerability allows a hacker to escape a VM and own the host. If you are running Qubes, make sure you update the dom0 operating system to the latest version.
"A malicious, paravirtualized guest administrator can raise their system privileges to that of the host on unpatched installations," according to an article in IT News, which quotes Xen as saying "The bits considered safe were too broad, and not actually safe." IT News is also reporting that Qubes will move to full hardware memory virtualization in its next 4.0 release. Xen's hypervisor "is used by cloud giants Amazon Web Services, IBM and Rackspace," according to the article, which quotes a Qubes security researcher who asks the age-old question. "Has Xen been written by competent developers? How many more bugs of this caliber are we going to witness in the future?"

itwbennett writes: "Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors," writes Lucian Constantin on CSOonline. The vulnerabilities, which were found by researchers from Cisco's Talos team, are in the Oracle Outside In Technology (OIT), a collection of SDKs that are used in third-party products, including Microsoft Exchange, Novell Groupwise, IBM WebSphere Portal, Google Search Appliance, Avira AntiVir for Exchange, Raytheon SureView, Guidance Encase and Veritas Enterprise Vault.

"It's not clear how many of those products are also affected by the newly patched seventeen flaws, because some of them might not use all of the vulnerable SDKs or might include other limiting factors," writes Constantin. But the Cisco researchers confirmed that Microsoft Exchange servers (version 2013 and earlier) are affected if they have WebReady Document Viewing enabled. In a blog post the researchers describe how an attacker could exploit these vulnerabilities.
TL;DR version: "Attackers can exploit the flaws to execute rogue code on systems by sending specifically crafted content to applications using the vulnerable OIT SDKs."

"A new lawsuit alleges that the U.S. Department of Justice intentionally conducts inadequate searches of its records using a decades-old computer system when queried by citizens looking for records that should be available to the public," reports The Guardian. Slashdot reader Bruce66423 writes: An MIT PhD student has filed a suit in Federal court alleging that the use of a 21-year-old, IBM green screen controlled search software to search the Department of Justice databases...constitutes a deliberate failure to provide the data that should be being produced.
Ryan Shapiro's lawsuit alleges "failure by design," saying that the Justice Department records are inadequately indexed -- and that they fail to search the full text of their records when responding to requests "When few or no records are returned, Shapiro said, the FBI effectively responds 'sorry, we tried' without making use of the much more sophisticated search tools at the disposal of internal requestors." The FBI has a $425 million software system to handle FOIA requests, but refuses to use it, saying that would be "needlessly duplicative...and wasteful of Bureau resources."

An anonymous reader writes from a report via Exstreamist: A recent survey from IBM suggests that nearly 70% of streaming service subscribers never canceled their subscriptions. One of the more likely reasons subscribers cancel is because their credit cards expire and they never get around to updating the information in each service. The other most likely reasons subscribers cancel is because of advertisements (27%), which was above price (25%). Netflix is the least likely to get cancelled of the major services, according to the survey. Hulu and Amazon had a larger number of total cancellations. In terms of numbers, 40% of consumers have stated they have cancelled either Hulu or Amazon, with only 30% having cancelled Netflix. Shortly behind advertisements and price, 20% of users said a lack in quality or quantity of content would likely make them cancel their service. More towards the bottom, 17% said technical issues that hinder a smooth viewing experience would cause them to cancel. Roughly 73% of subscribers would download Netflix content, according to one survey. Another survey suggests that a majority of Netflix subscribers would rather cancel their subscription than see advertisements.

Zack Whittaker, reporting for ZDNet: Millions of Xiaomi phones are vulnerable to a flaw that could allow an attacker to remotely install malware. The vulnerability, now fixed, was found in the analytics package in Xiaomi's custom-built Android-based operating system. Security researchers at IBM, who found the flaw, discovered a number of apps in the package that were vulnerable to a remote code execution flaw through a man-in-the-middle attack -- one of which would allow an attacker to run arbitrary code at the system-level. In other words, an attacker could inject a link to a malicious Android app package, which is extracted and executed at the system level.

An anonymous reader writes: As America celebrates Father's Day, The Next Web reports on an IBM engineer who found a way to combine his daughters' interest in the Harry Potter series with an educational home technology project. Together they built a Hogwarts-style sorting hat -- which assigns its wearer into an appropriate residence house at the school of magic -- and it does it using IBM's cognitive computing platform Watson. "The hat uses Watson's Natural Language Classifier and Speech to Text to let the wearer simply talk to the hat, then be sorted according to what he or she says..." reports The Next Web. "Anderson coded the hat to pick up on words that fit the characteristics of each Hogwarts house, with brainy and cleverness going right into Ravenclaw's territory and honesty a recognized Hufflepuff attribute."
The hat's algorithm would place Stephen Hawking and Hillary Clinton into Ravenclaw, according to the article, while Donald Trump "was assigned to Gryffindor for his boldness -- but only with a 48 percent certainty."

The sorting hat talks, drawing its data directly from the IBM Cloud, and if you're interested in building your own, the IBM engineer has shared a tutorial online.

This week HelpNetSecurity reported on a study that found that "the average data breach cost has grown to $4 million, representing a 29 percent increase since 2013.. 'The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don't have a plan in place to deal with this process efficiently," said Caleb Barlow, Vice President, of IBM Security."

But the most stunning part of the study was that each compromised record costs a company $158 (on average), and up to $355 per record in more highly-regulated industries like healthcare, according to the study -- $100 more than in 2013. And yet it also found that having an "incident response team" greatly reduces the cost of a data breach. So I'd be curious how many Slashdot readers work for a company that actually has a team in place to handle data breaches. Leave your answers in the comments. Does your company have an incident response team ?

An anonymous reader writes from a report via Phys.Org: Arizona-based startup Local Motors unveiled Olli -- a 3D-printed minibus capable of carrying 12 people. It's powered by IBM's supercomputer platform Watson and is designed as an on-demand transportation solution that passengers can summon with a mobile app. The company claims it can be "printed" to specification in "micro factories" in a matter of hours. They say it is ready to go as soon as regulations allow it to hit the streets. While Local Motors has developed the system to control the driving, IBM's Watson system is used to provide the user interface so passengers can have "conversations" with Olli. "Watson is bringing an understanding to the vehicle," said IBM's Bret Greenstein. "If you have someplace you need to be you can say that in your own words. A vehicle that understands human language, where you can walk in and say, 'I'd like to get to work,' that lets you as a passenger relax and enjoy your journey," he said. The vehicle relies on more than 30 sensors and streams of data from IBM's cloud. Olli will be demonstrated in National Harbor, Maryland, over the next few months with additional trials expected in Las Vegas and Miami.

Reader Orome1 writes: The average data breach cost has grown to $4 million, representing a 29 percent increase since 2013, according to a report by Ponemon Institute. Cybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost to companies continues to rise. In fact, companies lose $158 per compromised record. Breaches in highly regulated industries like healthcare were even more costly, reaching $355 per record -- a full $100 more than in 2013.

Reader itwbennett writes: Xu Jiaqiang, a Chinese national, worked as a developer for an unnamed U.S. company's branch in China (a Reuters report says it's IBM) from November 2010 to May 2014, when he resigned voluntarily. A year later he was allegedly caught trying to sell stolen proprietary source code to U.S. undercover agents, who claimed they were starting a large-data storage company. The software is described in the original complaint as a key component of one of the world's largest scientific supercomputers and of commercial applications that require rapid access to large volumes of data. In December 2015, Xu was arrested by the FBI, alleged to have stolen for his own benefit and that of the National Health and Family Planning Commission in China, although no specific charges relating to actual transfer of the code to the National Health and Family Planning Commission are mentioned in the superseding indictment.

Svetlana Blackburn, a former senior finance manager for Oracle claims that the company has fired her for not "inflating" revenues in its cloud services division. She alleges that her bosses had instructed her to add "millions of dollars of accruals" for expected business "with no concrete or foreseeable billing to support the numbers." Oracle eventually inflated the numbers without her assistance, anyway, she adds. From NBC News report: The lawsuit, filed on Wednesday in U.S. District Court in San Francisco by former Oracle senior finance manager Svetlana Blackburn, also revives longstanding questions about proper accounting when software and computer services are bought on a subscription basis rather than as a single package, analysts said. Those questions are becoming more urgent as companies including Oracle, IBM, Microsoft and SAP race to transform their businesses for an era in which customers no longer own and operate their own information technology systems and instead lease computing services and software from cloud vendors using vast data centers.A spokesperson for Oracle says that Blackburn's claims are wrong, adding, "We are confident that all our cloud accounting is proper and correct."

Traditional companies continue to score a huge number of patents, reports Quartz. The publication deep dived into the patent filings to find which company has been awarded the most number of patents this year. According to its finding, IBM has been awarded 3,617 patents so far this year, whereas Samsung comes close with 3,032 patents during the same period. Behind these giants sit Google with 1,530 patents, Intel with 1,293, Qualcomm with 1,262, Microsoft with 1,232, and Apple with 1,060 patents. From the report: Although IBM's patent-producing power slowed somewhat in 2015, the number of patents it's received so far this year is up more than 13% compared to a year earlier. The company is in the middle of a painful reinvention, that sees the company shifting further away from hardware sales into cloud computing, analytics, and AI services. It's also plugging away on a myriad of fundamental scientific research projects -- many of which could revolutionize the world if they can come to fruition -- which is where many of its patent applications originate. IBM accounted for about 1% of all US patents awarded in 2015.

You will be hearing a lot about AI and machine learning in the coming years. At Recode's iconic conference this week, a number of top executives revealed -- and reiterated -- their increasingly growing efforts to capture the nascent technology category. From a Reuters report (condensed): Sundar Pichai, chief executive of Alphabet's Google, said he sees a "huge opportunity" in AI. Google first started applying the technology through "deep neural networks" to voice recognition software about three to four years ago and is ahead of rivals such as Amazon.com, Apple, and Microsoft in machine learning, Pichai said.
Amazon CEO Jeff Bezos predicted a profound impact on society over the next 20 years. "It's really early but I think we're on the edge of a golden era. It's going to be so exciting to see what happens," he said.
IBM CEO Ginni Rometty said the company has been working on artificial technology, which she calls a cognitive system, since 2005 when it started developing its Watson supercomputer.
Artificial intelligence and machine learning will create computers so sophisticated and godlike that humans will need to implant "neural laces" in their brains to keep up, Tesla Motors and SpaceX CEO Elon Musk told a crowd of tech leaders this week.Microsoft, which was absent from the event, is also working on bots and AI technologies. One company that is seemingly off the picture is Apple.

An anonymous reader write: "The spread of the tech industry outside Silicon Valley has helped make Denver the fastest-growing large city in the U.S.," reports the New Yorker, saying it's now growing faster than Austin and Seattle, becoming one of America's 20 most populous cities. Cost-conscious investors and tech executives now are opening offices in cheaper "secondary cities" outside of Silicon Valley, like Salt Lake City, and the good universities near Denver mean a well-educated workforce, coupled with a low cost of living.

"Though the city isn't the headquarters for any big tech companies -- like Dell in the Austin area or Microsoft and Amazon in Seattle -- several of them, including IBM and Oracle, have offices here. The presence of those offices, and of the universities, has also helped create a vibrant startup scene: people get educated here or come here for jobs, and then they graduate or leave those jobs and become entrepreneurs." Last year venture capitalists invested $800 million in Demver's tech, energy, food, and marijuana companies, and in 2014 Oracle paid over a billion dollars to acquire Denver-based Datalogix.
Anyone else live in a burgeoning "secondary" tech city? Scott McNealy said he co-founded his data-analysis startup in Denver because in California "The prices of everything have skyrocketed. The regulations. The pension deficit. The traffic. It's just not a fun place to go start."

At the annual convention of OS/2 users, Arca Noae announced their new OS/2-OEM distribution will be released in the fourth quarter of 2016, and the project, codenamed "Blue Lion", will officially be called ArcaOS 5.0. "The significance of the version number relates to IBM OS/2 4.52 -- the last maintenance release of the platform released by IBM in 2001," reports TechRepublic. martiniturbide writes: The article discusses the features of ArcaOS like USB bootable installer, USB (1.1 and 2) , ACPI, AHCI, and network card drivers, new OS installer, etc. It will be sold in two editions: ArcaOS Commercial Edition [with 12 months of priority support and updates] and ArcaOS Personal Edition...
Anyone have fond members of OS/2? Are there any Slashdot readers who are still using it?

The Department of Defense has promised to finally stop managing the U.S. nuclear arsenal with floppy disks "by the end of 2017". But an anonymous reader shares Softpedia's report about another startling revelation this week from the Government Accountability Office: Another agency that plans to upgrade is the US Department of Veterans Affairs, which uses COBOL, a programming language from the '50s to manage a system for employee time and attendance. Unfortunately for the VA, there were funds only to upgrade that COBOL system, because the agency still uses the antiquated programming language to run another system that tracks claims filed by veterans for benefits, eligibility, and dates of death. This latter system won't be updated this year. Another serious COBOL user is the Department of Homeland Security, who employs it to track hiring operations, alongside a 2008 IBM z10 mainframe and a Web component that uses a Windows 2012 server running Java.
Personnel files are serious business. A 2015 leak of the secret service's confidential personnel files for a Utah Congressman (who was leading a probe into high-profile security breaches and other missteps) led the Department of Homeland Security to discipline 41 secret service agents.