Transportation

Oregon Passes First Statewide Bicycle Tax In Nation (washingtontimes.com) 684

turkeydance writes: In Oregon, a state known for its avid bicycling culture, the state legislature's approval of the first bike tax in the nation has fallen flat with riders. Democratic Gov. Kate Brown is expected to sign the sweeping $5.3 billion transportation package, which includes a $15 excise tax on the sale of bicycles costing more than $200 with a wheel diameter of at least 26 inches. Even though the funding has been earmarked for improvements that will benefit cyclists, the tax has managed to irk both anti-tax Republicans and environmentally conscious bikers. The bike tax is aimed at raising $1.2 million per year in order to improve and expand paths and trails for bicyclists and pedestrians. Supporters point out that Oregon has no sales tax, which means buyers won't be dinged twice for their new wheels.
Privacy

Ask Slashdot: Is Password Masking On Its Way Out? 234

New submitter thegreatbob writes: Perhaps you've noticed in the last 5 years or so, progressively more entities have been providing the ability to reveal the contents of a password field. While this ability is, in many cases (especially on devices with lousy keyboards), legitimately useful, it does seem to be a reasonable source of concern. Fast forward to today; I was setting up a new router (cheapest dual-band router money can, from Tenda) and I was almost horrified to discover that it does not mask any of its passwords by default. So I ask Slashdot: is password masking really on its way out, and does password masking do anything beyond preventing the casual shoulder-surfer?
Communications

FCC Refuses To Release Text of More Than 40,000 Net Neutrality Complaints (arstechnica.com) 62

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission has denied a request to extend the deadline for filing public comments on its plan to overturn net neutrality rules, and the FCC is refusing to release the text of more than 40,000 net neutrality complaints that it has received since June 2015. The National Hispanic Media Coalition (NHMC) filed a Freedom of Information Act (FoIA) request in May of this year for tens of thousands of net neutrality complaints that Internet users filed against their ISPs. The NHMC argues that the details of these complaints are crucial for analyzing FCC Chairman Ajit Pai's proposal to overturn net neutrality rules. The coalition also asked the FCC to extend the initial comment deadline until 60 days after the commission fully complies with the FoIA request. A deadline extension would have given people more time to file public comments on the plan to eliminate net neutrality rules. Instead, the FCC yesterday denied the motion for an extension and said that it will only provide the text for a fraction of the complaints, because providing them all would be too burdensome.
Security

Should We Ignore the South Carolina Election Hacking Story? (securityledger.com) 137

chicksdaddy provides five (or more) "good" reasons why we should ignore the South Carolina election hacking story that was reported yesterday. According to yesterday's reports, South Carolina's voter-registration system was hit with nearly 150,000 hack attempts on election day. Slashdot reader chicksdaddy writes from an opinion piece via The Security Ledger: What should we make of the latest reports from WSJ, The Hill, etc. that South Carolina's election systems were bombarded with 150,000 hacking attempts? Not much, argues Security Ledger in a news analysis that argues there are lots of good reasons to ignore this story, if not the very real problem of election hacking. The stories were based on this report from The South Carolina Election Commission. The key phrase in that report is "attempts to penetrate," Security Ledger notes. Information security professionals would refer to that by more mundane terms like "port scans" or probes. These are kind of the "dog bites man" stories of the cyber beat -- common (here's one from 2012 US News & World Report) but ill informed. "The kinds of undifferentiated scans that the report is talking about are the internet equivalent of people driving slowly past your house." While some of those 150,000 attempts may well be attempts to hack South Carolina's elections systems, many are undifferentiated, while some may be legitimate, if misdirected. Whatever the case, they're background noise on the internet and hardly unique to South Carolina's voter registration systems. They're certainly not evidence of sophisticated, nation-state efforts to crack the U.S. election system by Russia, China or anyone else, Security Ledger argues. "The problem with lumping all these 'hacking attempts' in the same breath as you talk about sophisticated and targeted attacks on the Clinton Campaign, the DCCC, and successful penetration of some state election boards is that it dramatically distorts the nature and scope of the threat to the U.S. election system which -- again -- is very real." The election story is one "that demands thoughtful and pointed reporting that can explore (and explode) efforts by foreign actors to subvert the U.S. vote and thus its democracy," the piece goes on to argue. "That's especially true in an environment in which regulators and elected officials seem strangely incurious about such incidents and disinclined to investigate them."
Bug

Flaw In IoT Security Cameras Leaves Millions of Devices Open To Hackers (vice.com) 53

New submitter Aliciadivo writes: A nasty vulnerability found in Axis security cameras could allow hackers to take full control of several types of Internet of Things devices, and in some cases, software programs, too. The Senrio research team found that devices and software programs using an open source software library called gSOAP to enable their product to communicate to the internet could be affected. Stephen Ridley, founder of Senrio, said: "I bet you all these other manufacturers have the same vulnerability throughout their product lines as well. It's a vulnerability in virtually every IoT device [...] Every kind of device you can possibly think of." A spokesperson for ONVIF, an electronics industry consortium that includes Axis and has includes some members that use gSOAP, said it has notified its members of the flaw, but it's not "up to each member to handle this in the way they best see fit." Also, gSOAP "is not in any way mandated by the ONVIF specifications, but as SOAP is the base for the ONVIF API, it is possible that ONVIF members would be affected." Hundreds of thousands of devices might be affected, as a search for the term "Axis" on Shodan, an engine that scours the internet for vulnerable devices, returns around 14,000 results. You can view Senrio Labs' video on the exploit (which they refer to as the "Devil's Ivy Exploit") here.
Government

US Increases Number of H-2B Visas By 15,000 (arstechnica.com) 142

An anonymous reader quotes a report from Ars Technica: President Donald Trump has said he's going to set more limits on the H-1B visa program, which allows tens of thousands of technology workers into the U.S. each year. But yesterday, the Department of Homeland Security moved to expand another type of visa, the H-2B, which allows lower-skilled workers in on a seasonal basis. The Department of Homeland Security said yesterday it is going to allow an additional 15,000 workers to come in under the H-2B visa category, which is typically used by U.S. businesses in industries like tourism, construction, and seafood processing. The program normally allows for 66,000 visas, split between the two halves of the year. That means the DHS increase, announced yesterday, represents an increase of more than 40 percent for the second half of 2017. Businesses can begin applying for the additional visas right away, as long as they attest under penalty of perjury that their business will "suffer irreparable harm" if it can't employ additional H-2B workers in 2017. The expansion is a temporary one, and it only applies to the current year.
Social Networks

Nearly 90,000 Sex Bots Invaded Twitter in 'One of the Largest Malicious Campaigns Ever Recorded on a Social Network' (gizmodo.com) 53

An anonymous reader shares a report: Last week, Twitter's security team purged nearly 90,000 fake accounts after outside researchers discovered a massive botnet peddling links to fake "dating" and "romance" services. The accounts had already generated more than 8.5 million posts aimed at driving users to a variety of subscription-based scam websites with promises of -- you guessed it -- hot internet sex. The accounts were first identified by ZeroFOX, a Baltimore-based security firm that specializes in social-media threat detection. The researchers dubbed the botnet "SIREN" after sea-nymphs described in Greek mythology as half-bird half-woman creatures whose sweet songs often lured horny, drunken sailors to their rocky deaths. ZeroFOX's research into SIREN offers a rare glimpse into how efficient scammers have become at bypassing Twitter's anti-spam techniques. Further, it demonstrates how effective these types of botnets can be: The since-deleted accounts collectively generated upwards of 30 million clicks -- easily trackable since the links all used Google's URL shortening service.
The Courts

California Lawsuit Wants To Weaken Noncompetes (axios.com) 124

An anonymous reader shares a report: California already prohibits companies from enforcing noncompetes within the state, but a Bay Area life sciences company is asking a state court to go even further. Veeva Systems is suing three of its East Coast-based competitors and asking a California Superior Court judge to declare that it has the right to hire employees who have signed such agreements. Veeva also wants a court to limit the use of non-disparagement and confidentiality agreements. "Non-compete agreements are bad," the company said in its suit. "These agreements limit employment opportunities. They suppress wages. They keep employees trapped in jobs they do not want, and they keep employees from fairly competing with their former employers. These agreements restrict fair and robust competition for employees."
Google

Google Bolsters Security To Prevent Another Google Docs Phishing Attack (zdnet.com) 25

Google is adding a set of features to its security roster to prevent a second run of last month's massive phishing attack. From a report: The company is adding warnings and interstitial screens to warn users that an app they are about to use is unverified and could put their account data at risk. This so-called "unverified app" screen will land on all new web apps that connect to Google user accounts to prevent a malicious app from appearing legitimate. Any Google Chrome user landing on a hacked or malicious website will recognize the prompt as the red warning screen. Some existing apps will also have to go through the same verification process as new apps, Google said. Google also said it will add those warnings to its Apps Scripts, which let Google use custom macros and add-ons for its productivity apps, like Google Docs.
China

China's Censors Can Now Erase Images Mid-Transmission (wsj.com) 90

Eva Dou, reporting for WSJ: China's already formidable internet censors have demonstrated a new strength -- the ability to delete images in one-on-one chats as they are being transmitted, making them disappear before receivers see them. The ability is part of a broader technology push by Beijing's censors to step up surveillance and get ahead of activists and others communicating online in China (Editor's note: the link could be paywalled; alternative source). Displays of this new image-filtering capability kicked into high gear last week as Chinese dissident Liu Xiaobo lay dying from liver cancer and politically minded Chinese tried to pay tribute to him, according to activists and a new research report. Wu Yangwei, a friend of the long-jailed Nobel Peace Prize laureate, said he used popular messaging app WeChat to send friends a photo of a haggard Mr. Liu embracing his wife. Mr. Wu believed the transmissions were successful, but he said his friends never saw them. "Sometimes you can get around censors by rotating the photo," said Mr. Wu, a writer better known by his pen name, Ye Du. "But that doesn't always work." There were disruptions on Tuesday to another popular messaging app, Facebook's WhatsApp, with many China-based users saying they were unable to send photos and videos without the use of software that circumvents Chinese internet controls. Text messages appeared to be largely unaffected.
Security

Hacks 'Probably Compromised' UK Industry (bbc.com) 19

Some industrial software companies in the UK are "likely to have been compromised" by hackers, according to a document reportedly produced by British spy agency GCHQ. A copy of the document from the National Cyber Security Centre (NCSC) -- part of GCHQ -- was obtained by technology website Motherboard. From a report: A follow-up by the BBC indicated that the document was legitimate. There have been reports about similar cyber-attacks around the world lately. Modern, computer-based industrial control systems manage equipment in facilities such as power stations. And attacks attempting to compromise such systems had become more common recently, one security researcher said. The NCSC report specifically discusses the threat to the energy and manufacturing sectors. It also cites connections from multiple UK internet addresses to systems associated with "advanced state-sponsored hostile threat actors" as evidence of hackers targeting energy and manufacturing organisations.
Security

Exploit Derived From EternalSynergy Upgraded To Target Newer Windows Versions (bleepingcomputer.com) 61

An anonymous reader writes: "Thai security researcher Worawit Wang has put together an exploit based on ETERNALSYNERGY that can also target newer versions of the Windows operating system," reports Bleeping Computer. "ETERNALSYNERGY is one of the NSA exploits leaked by the Shadow Brokers hacking group in April this year. According to a Microsoft technical analysis, the exploit can allow an attacker to execute code on Windows machines with SMB services exposed to external connections. The exploit works up to Windows 8. According to Microsoft, the techniques used in the original ETERNALSYNERGY exploit do not work on newer platforms due to several kernel security improvements. Wang says his exploit targets the same vulnerability but uses a different exploitation technique. His method 'should never crash a target,' the expert says. 'Chance should be nearly 0%,' Wang adds." Combining his exploit with the original ETERNALSYNERGY exploit would allow a hacker to target all Windows versions except Windows 10. This is about 75% of all Windows PCs. The exploit code is available for download from Wang's GitHub or ExploitDB. Sheila A. Berta, a security researcher for Telefonica's Eleven Paths security unit, has published a step-by-step guide on how to use Wang's exploit.
Privacy

Facial Recognition Could Be Coming To Police Body Cameras (defenseone.com) 178

schwit1 quotes a report from Defense One: Even if the cop who pulls you over doesn't recognize you, the body camera on his chest eventually just might. Device-maker Motorola will work with artificial intelligence software startup Neurala to build "real-time learning for a person of interest search" on products such as the Si500 body camera for police, the firm announced Monday. Italian-born neuroscientist and Neurala founder Massimiliano Versace has created patent-pending image recognition and machine learning technology. It's similar to other machine learning methods but far more scalable, so a device carried by that cop on his shoulder can learn to recognize shapes and -- potentially faces -- as quickly and reliably as a much larger and more powerful computer. It works by mimicking the mammalian brain, rather than the way computers have worked traditionally.

Versace's research was funded, in part, by the Defense Advanced Research Projects Agency or DARPA under a program called SyNAPSE. In a 2010 paper for IEEE Spectrum, he describes the breakthrough. Basically, a tiny constellation of processors do the work of different parts of the brain -- which is sometimes called neuromorphic computation -- or "computation that can be divided up between hardware that processes like the body of a neuron and hardware that processes the way dendrites and axons do." Versace's research shows that AIs can learn in that environment using a lot less code.

The Almighty Buck

$12 Billion In Private Student Loan Debt May Be Wiped Away By Missing Paperwork (nytimes.com) 397

New submitter cdreimer shares a report from The New York Times (Warning: source may be paywalled; alternate source): Tens of thousands of people who took out private loans to pay for college but have not been able to keep up payments may get their debts wiped away because critical paperwork is missing. The troubled loans, which total at least $5 billion, are at the center of a protracted legal dispute between the student borrowers and a group of creditors who have aggressively pursued them in court after they fell behind on payments. Judges have already dismissed dozens of lawsuits against former students, essentially wiping out their debt, because documents proving who owns the loans are missing. A review of court records by The New York Times shows that many other collection cases are deeply flawed, with incomplete ownership records and mass-produced documentation. Some of the problems playing out now in the $108 billion private student loan market are reminiscent of those that arose from the subprime mortgage crisis a decade ago, when billions of dollars in subprime mortgage loans were ruled uncollectable by courts because of missing or fake documentation. And like those troubled mortgages, private student loans -- which come with higher interest rates and fewer consumer protections than federal loans -- are often targeted at the most vulnerable borrowers, like those attending for-profit schools.

At the center of the storm is one of the nation's largest owners of private student loans, the National Collegiate Student Loan Trusts. It is struggling to prove in court that it has the legal paperwork showing ownership of its loans, which were originally made by banks and then sold to investors. National Collegiate is an umbrella name for 15 trusts that hold 800,000 private student loans, totaling $12 billion. More than $5 billion of that debt is in default, according to court filings.

Security

US To Create the Independent US Cyber Command, Split Off From NSA (pbs.org) 100

An anonymous reader quotes a report from PBS: After months of delay, the Trump administration is finalizing plans to revamp the nation's military command for defensive and offensive cyber operations in hopes of intensifying America's ability to wage cyberwar against the Islamic State group and other foes, according to U.S. officials. Under the plans, U.S. Cyber Command would eventually be split off from the intelligence-focused National Security Agency. The goal, they said, is to give U.S. Cyber Command more autonomy, freeing it from any constraints that stem from working alongside the NSA, which is responsible for monitoring and collecting telephone, internet and other intelligence data from around the world -- a responsibility that can sometimes clash with military operations against enemy forces. Making cyber an independent military command will put the fight in digital space on the same footing as more traditional realms of battle on land, in the air, at sea and in space. The move reflects the escalating threat of cyberattacks and intrusions from other nation states, terrorist groups and hackers, and comes as the U.S. faces ever-widening fears about Russian hacking following Moscow's efforts to meddle in the 2016 American election.

Slashdot Top Deals