Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Encryption

Researchers Discover Security Problems Under the Hood of Automobile Apps (arstechnica.com) 27

An anonymous reader quotes a report from Ars Technica: Malware researchers Victor Chebyshev and Mikhail Kuzin examined seven Android apps for connected vehicles and found that the apps were ripe for malicious exploitation. Six of the applications had unencrypted user credentials, and all of them had little in the way of protection against reverse-engineering or the insertion of malware into apps. The vulnerabilities looked at by the Kaspersky researchers focused not on vehicle communication, but on the Android apps associated with the services and the potential for their credentials to be hijacked by malware if a car owner's smartphone is compromised. All seven of the applications allowed the user to remotely unlock their vehicle; six made remote engine start possible (though whether it's possible for someone to drive off with the vehicle without having a key or RFID-equipped key fob present is unclear). Two of the seven apps used unencrypted user logins and passwords, making theft of credentials much easier. And none of the applications performed any sort of integrity check or detection of root permissions to the app's data and events -- making it much easier for someone to create an "evil" version of the app to provide an avenue for attack. While malware versions of these apps would require getting a car owner to install them on their device in order to succeed, Chebyshev and Kuzin suggested that would be possible through a spear-phishing attack warning the owner of a need to do an emergency app update. Other malware might also be able to perform the installation.
AI

EU Moves To Bring In AI Laws, But Rejects Robot Tax Proposal (newatlas.com) 72

An anonymous reader quotes a report from New Atlas: The European Parliament has voted on a resolution to regulate the development of artificial intelligence and robotics across the European Union. Based on a raft of recommendations drafted in a report submitted in January to the legal affairs committee, the proposed rules include establishing ethical standards for the development of artificial intelligence, and introducing an insurance scheme to cover liability for accidents involving driverless cars. Not every element in the broad-ranging report was accepted by the Parliament though, with a recommendation to institute a "robot tax" roundly rejected. The robot tax proposal was designed to create a fund that manages the repercussions and retraining of workers made redundant through the increased deployment of industrial and service robots. But those in the robotics industry were supportive of the Parliamentary rejection, with the International Federation of Robotics suggesting to Reuters a robot tax would have been harmful to the burgeoning industry, stifling innovation and competitiveness. The European Parliament passed the resolution comfortably with 396 votes to 123, with 85 abstentions.
Piracy

70 Percent of Young Swedish Men Are Video Pirates, Study Says (torrentfreak.com) 207

A new study from Sweden has found that just over half of all young people admit to obtaining movies and TV shows from the Internet without paying, a figure that rockets to 70 percent among young men, reports TorrentFreak, citing a study. From the report: According to figures just released by media industry consultants Mediavision, in January 2017 almost a quarter of all Swedes aged between 15 and 74 admitted either streaming or downloading movies from 'pirate' sites during the past month. Perhaps unsurprisingly, the tendency to do so is greater among the young. More than half of 15 to 24-year-olds said they'd used a torrent or streaming site during December. When concentrating that down to only young men in the same age group, the figure leaps to 70 percent.
The Courts

Your Personal Facebook Live Videos Can Legally End Up on TV (thememo.com) 142

Kitty Knowles, reporting for the Memo: Think you control what happens to your personal videos? Think again. One father who live-streamed his partner's labour on Facebook last May, has found out the hard way: he saw the birth of his son replayed on Good Morning America and numerous other media outlets. This week, he lost a high-profile court battle against the broadcasters. If you don't want this to happen to you, don't make the same mistakes. It's one thing wanting to share a life-changing moment with friends and family. But most would understand why Kali Kanongataa didn't want his child's birth aired for all to see. That hasn't however, stopped a US judge throwing out Kanongataa's copyright infringement case against the likes of the ABC, Yahoo, and Rodale, the company that publishes Women's Health. Apparently, the father-to-be realised his film was streaming publicly on social media about 30 minutes into recording, but decided to leave it that way. Media outlets broadcasting the clips have defended doing so on the terms of "fair use." Legally, "fair use" means that when pictures or videos are the focus of a major news story, selected footage can be used.Heads up, Facebook will soon release a video app for set-top boxes by Apple and Amazon to broadcast Live videos on the big screen.
Blackberry

BlackBerry Sued By Over 300 Former Employees (mobilesyrup.com) 72

An anonymous reader shares a report: BlackBerry is facing a class-action lawsuit from more than 300 former employees across Canada, according to a news release from law firm Nelligan O'Brien Payne LLP. The Waterloo, Ontario-based tech company is accused of denying employees their termination entitlements by transferring them to a partner company and, once they had accepted employment there, handed them resignation letters. The former employees were then allegedly given their final date of work. "BlackBerry's actions amount to a termination of the employees' employment," the law firm said. "This entitles these employees to statutory, common law, and/or contractual entitlements on termination."
Businesses

Samsung Chief Lee Arrested In Corruption Investigation (reuters.com) 24

According to Reuters, Samsung chief Jay Y. Lee was arrested on Friday over his alleged role in a corruption scandal that led parliament to impeach South Korean President Park Geun-hye. From the report: The 48-year-old Lee, vice chairman of Samsung Electronics Co Ltd (005930.KS), was taken into custody at the Seoul Detention Centre, where he had awaited the court's decision following a day-long, closed-door hearing that ended on Thursday evening. The judge's decision was announced at about 5:30 a.m. (2030 GMT) on Friday, more than 10 hours after Lee, the sprawling conglomerate's third-generation leader, had left the court. The same court rejected a request from prosecutors last month to arrest Lee. On Tuesday, the special prosecutor's office had requested a warrant to arrest him and another executive, Samsung Electronics president Park Sang-jin, on bribery and other charges. The prosecution said it had secured additional evidence and brought more charges against Lee in the latest warrant request. While Lee's detention is not expected to hamper day-to-day operation of Samsung Group companies, which are run by professional managers, experts have said it could affect strategic decision-making by South Korea's biggest conglomerate. Prosecutors have focused their investigations on Samsung's relationship with Park, 65, who was impeached by parliament in December and has been stripped of her powers while the Constitutional Court decides whether to uphold her impeachment. They accused Samsung of paying bribes totaling 43 billion won ($37.74 million) to organizations linked to Choi to secure the government's backing for a merger of two Samsung units. That funding includes Samsung's sponsorship of the equestrian career of Choi's daughter, who is in detention in Denmark, having been on a South Korean wanted list.
Privacy

Scottish Court Awards Damages For CCTV Camera Pointed At Neighbor's House (boingboing.net) 95

AmiMoJo quotes a report from BoingBoing: Edinburgh's Nahid Akram installed a CCTV system that let him record his downstairs neighbors Debbie and Tony Woolley in their back garden, capturing both images and audio of their private conversations, with a system that had the capacity to record continuously for five days. A Scottish court has ruled that the distress caused by their neighbor's camera entitled the Woolleys to $21,000 (17,000 British Pounds) in damages, without the need for them to demonstrate any actual financial loss. The judgment builds on a 2015 English court ruling against Google for spying on logged out Safari users, where the users were not required to show financial losses to receive compensation for private surveillance.
Piracy

Swedish Court Rules: 'Block the Pirate Bay For Next 3 Years' (fossbytes.com) 60

"In 2014, many film studios teamed up to force the Swedish ISP Bredbandsbolaget to block the popular torrent website The Pirate Bay," reports Fossbytes. "It was also said that ISPs should be blocked if they refused to block copyright infringing websites." Now, a Swedish Patent and Market Court of Appeal has ordered The Pirate Bay and streaming portal Swefilmer to be blocked by Bredbandsbolaget for the next three years. Fossbytes reports: The court overruled the earlier ruling of the District Court, ordering the ISP to employ some technical measures to stop its customers from accessing the website and its different URLs. The court said that a blocking injunction would be proportional "in the light of EU law." Notably, under the EU law, it's possible for the copyright owners to get an injunction against the ISPs whose services are used to pirate content. This verdict is the first of its kind in Sweden, but similar injunctions have been announced in the past in other European nations. This ruling also opens new doorways for the copyright holders to target more torrent websites in the near future. Pirate Bay spokesperson Peter Sunde said in a statement to TorrentFreak: "The fight is not about TPB -- the users of TPB can just bypass this blockade easily. It's about the slippery slope it brings."
Cellphones

FCC Chairman Wants It To Be Easier To Listen To Free FM Radio On Your Smartphone (recode.net) 209

An anonymous reader quotes a report from Recode: Your smartphone has an FM radio in it, only it's unlikely that you're able to use it. That's because in the U.S., less than half of phones actually have the FM tuner turned on. But FCC Chairman Ajit Pai, who just recently assumed the top position at the regulatory agency under President Trump, thinks that should change. In remarks made to the North American Broadcasters Association yesterday, Pai said that it's a public safety issue. Both the former head of the Federal Emergency Management Association and an FCC advisory panel on public safety have advocated for turning on the FM radio capabilities in smartphones, since radio is a reliable source of information when internet or cellphone networks go down in severe weather. Although Pai thinks smartphones should have the FM chip turned on, he doesn't think the government should mandate it: "As a believer in free markets and the rule of law, I cannot support a government mandate requiring activation of these chips. I don't believe the FCC has the power to issue a mandate like that, and more generally I believe it's best to sort this issue out in the marketplace."
Censorship

CloudFlare Puts Pirate Sites on New IP Addresses, Avoids Cogent Blockade (torrentfreak.com) 88

Earlier this month, several users worldwide reported that they were unable to access pirate websites including the Pirate Bay. It was because the internet backbone network of Cogent Communications had blackholed the CloudFlare IP-address of pirate websites. Less than a week later, CloudFlare is fighting back. From a report on TorrentFreak: The Pirate Bay and dozens of other pirate sites that were blocked by Cogent's Internet backbone are now accessible again. CloudFlare appears to have moved the sites in question to a new pair of IP-addresses, effectively bypassing Cogent's blackhole. [...] As of yesterday, the sites in question have been assigned the IP-addresses 104.31.16.3 and 104.31.17.3, still grouped together. Most, if not all of the sites, are blocked by court order in the UK so this is presumably done to prevent ISP overblocking of 'regular' CloudFlare subscribers.
Sci-Fi

Lost Winston Churchill Essay Reveals His Thoughts On Alien Life (theverge.com) 186

"A newly discovered essay by Winston Churchill shows that the British statesman gave a lot of thought to the existential question that has inspired years of scientific research and blockbuster movies: are we alone in the University?" reports The Verge. "The essay was drafted in the 1930s, but unearthed in a museum in Missouri last year." Astrophysicist Mario Livio was the first scientist to analyze the article and has published his comments in the journal Nature. The Verge reports: Livio was "stunned" when he first saw the unpublished, 11-page essay on the existence of alien life, he tells The Verge. The astrophysicist was visiting Westminster College in Fulton, Missouri, for a talk last year, when he was approached by Timothy Riley, the director of Fulton's US National Churchill Museum. Riley showed him the essay, titled "Are We Alone in the Universe?" In the essay, Churchill reasons that we can't possibly be alone in the Universe -- and that many other Suns will likely have many other planets that could harbor life. Because of how enormously distant these extrasolar planets are, we may never know if they "house living creatures, or even plants," Churchill concludes. He wrote this decades before exoplanets were discovered in the 1990s; hundreds have since been detected. What's impressive about the essay is the way Churchill approaches the existential and scientific question of whether life exists on other planets, Livio says. Churchill's reasoning mirrors extremely well the way scientists think about this problem today. The British leader also talks about several theories that still guide the search for alien life, Livio says. For example, he notes that water is the key ingredient for life on Earth, and so finding water on other planets could mean finding life there. Churchill also notes that life can only survive in regions "between a few degrees of frost and the boiling point of water" -- what today we call the habitable zone, the region around a star that is neither too hot or too cold, so that liquid water may exist on the planet's surface.
Government

Bipartisan Bill Seeks Warrants For Police Use of 'Stingray' Cell Trackers (usatoday.com) 113

Tulsa_Time quotes a report from USA Today: A bipartisan group of House and Senate lawmakers introduced legislation Wednesday requiring police agencies to get a search warrant before they can deploy powerful cellphone surveillance technology known as "stingrays" that sweep up information about the movements of innocent Americans while tracking suspected criminals. "Owning a smartphone or fitness tracker shouldn't give the government a blank check to track your movements," said Sen. Ron Wyden, D-Ore., a member of the Senate Intelligence Committee who introduced the bill with Reps. Jason Chaffetz, R-Utah, and John Conyers, D-Mich. "Law enforcement should be able to use GPS data, but they need to get a warrant. This bill sets out clear rules to make sure our laws keep up with the times." The legislation introduced Wednesday, called the Geolocation Privacy and Surveillance (GPS) Act, would require a warrant for all domestic law enforcement agencies to track the location and movements of individual Americans through GPS technology without their knowledge. It also aims to combat high-tech stalking by creating criminal penalties for secretly using an electronic device to track someone's movements.
Java

JavaScript Attack Breaks ASLR On 22 CPU Architectures (bleepingcomputer.com) 155

An anonymous reader quotes a report from BleepingComputer: Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures from vendors such as Intel, AMD, ARM, Allwinner, Nvidia, and others. The attack, christened ASLRCache, or AnC, focuses on the memory management unit (MMU), a lesser known component of many CPU architectures, which is tasked with improving performance for cache management operations. What researchers discovered was that this component shares some of its cache with untrusted applications, including browsers. This meant that researchers could send malicious JavaScript that specifically targeted this shared memory space and attempted to read its content. In layman's terms, this means an AnC attack can break ASLR and allow the attacker to read portions of the computer's memory, which he could then use to launch more complex exploits and escalate access to the entire OS. Researchers have published two papers [1, 2] detailing the AnC attack, along with two videos[1, 2] showing the attack in action.
Transportation

Nearly 56,000 Bridges Called Structurally Deficient (usatoday.com) 240

schwit1 quotes a report from USA Today: Nearly 56,000 bridges nationwide, which vehicles cross 185 million times a day, are structurally deficient, a bridge construction group announced Wednesday. The list is based on Transportation Department data. The department scores bridges on a nine-point scale, and while the deficient ones might not be imminently unsafe, they are classified in need of attention. More than one in four bridges (173,919) are at least 50 years old and have never had major reconstruction work, according to the ARTBA analysis. State transportation officials have identified 13,000 bridges along interstates that need replacement, widening or major reconstruction, according to the group. "America's highway network is woefully underperforming," said Alison Premo Black, the group's chief economics who conducted the analysis. "It is outdated, overused, underfunded and in desperate need of modernization." The five states with the most deficient bridges are Iowa with 4,968, Pennsylvania with 4,506, Oklahoma with 3,460, Missouri with 3,195 and Nebraska with 2,361. The eight states where at least 15% of the bridges are deficient are: Rhode Island at 25%, Pennsylvania at 21%, Iowa and South Dakota at 20%, West Virginia at 17%, and Nebraska, North Dakota and Oklahoma at 15%.
Patents

Patent Office Rules CRISPR Patents, Potentially Worth Billions, Belong To Broad Institute (theverge.com) 69

According to a ruling by judges at the United States Patent and Trademark Office, the disputed patents on the gene-editing tool CRISPR belong to the Broad Institute of MIT and Harvard. "The ruling comes a little over two months after a high-profile court hearing, during which MIT and University of California, Berkeley heatedly argued about who should own CRISPR," The Verge reports. From their report: STAT News reported that the decision was one sentence long. The three judges decided that the Broad patents are different enough from the ones the University of California applied for that the Broad patents stand. The patent ruling suggests that the work done by Jennifer Doudna of the University of California and her colleagues on CRISPR wasn't so groundbreaking as to make any other advance obvious. But that legal opinion isn't how the science world views her work, STAT points out: "Doudna and her chief collaborator, Emmanuelle Charpentier, won the $3 million Breakthrough Prize in the life sciences in 2015, the $500,000 Gruber Genetics Prize in 2015, and the $450,000 Japan Prize in 2017," the outlet notes.
Security

Yahoo Notifying Users of Malicious Account Activity as Verizon Deal Progresses (techcrunch.com) 17

Kate Conger, writing for TechCrunch: Yahoo is continuing to issue warnings to users about several security incidents as it moves toward an acquisition by Verizon. Users are receiving notifications today about unauthorized access to their accounts in 2015 and 2016, which occurred due to previously disclosed cookie forging. "As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password. The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again," a Yahoo spokesperson told TechCrunch.
Transportation

Brazil Judge Rules Uber Drivers Are Employees, Deserve Benefits (reuters.com) 131

An anonymous reader shares a Reuters report: A Brazilian judge ruled that a driver using the Uber ride-hailing app is an employee of the San Francisco-based company and is entitled to workers' benefits, adding to the global debate over labor rights for drivers on the platform. Uber said on Tuesday it would appeal the decision by Judge Marcio Toledo Goncalves, who issued the ruling late Monday in a labor court in Minas Gerais state. Goncalves ordered Uber to pay one driver around 30,000 reais ($10,000) in compensation for overtime, night shifts, holidays and expenses such as gasoline, water and candy for passengers. The consequences for Uber, if the ruling is upheld, could be far greater if more drivers follow suit and if state and federal regulators and tax agencies start treating it, as the judge suggested, as a transportation company rather than a tech firm.
Businesses

IT Decisions Makers and Executives Don't Agree On Cyber Security Responsibility (betanews.com) 118

Sead Fadilpasic, writing for BetaNews: There's a severe disconnect between IT decision makers and C-suite executives when it comes to handling cyber attacks. Namely, both believe the other one is responsible for keeping a company safe. This is according to a new and extensive research by BAE Systems. A total of 221 C-suite executives and 984 IT decision-makers were polled or the report. According to the research, a third (35 percent) of C-suite executives believe IT teams are responsible for data breaches. On the other hand, 50 percent of IT decision makers would place that responsibility in the hands of their senior management. Cost estimates of a successful breach also differ. IT decision makers think it would set them back $19.2 million, while C-suite thinks of a lesser figure, $11.6m. C-level thinks a tenth (10 percent) of their company's IT budget is spent on cyber security, while IT decision makers think that's 15 percent. Also, 84 percent of C-suite, and 81 percent of IT teams believe they have the right protection set up.
Blackberry

BlackBerry Files Patent-Infringement Suit Against Nokia (bloombergquint.com) 53

An anonymous reader writes: BlackBerry has filed a patent-infringement lawsuit against Nokia, demanding royalties on the Finnish company's mobile network products that use an industrywide technology standard. Nokia's products including its Flexi Multiradio base stations, radio network controllers and Liquid Radio software are using technology covered by as many as 11 patents, BlackBerry said in a complaint filed in federal court in Wilmington, Delaware. The mobile network products and services are provided to companies including T-Mobile and AT&T for their LTE networks, BlackBerry said in the complaint. "Nokia has persisted in encouraging the use" of the standard- compliant products without a license from BlackBerry, it said.
Earth

Iron Age Potters Accidentally Recorded the Strength of Earth's Magnetic Field (npr.org) 106

Solandri writes: We've only been able to measure the Earth's magnetic field strength for about two centuries. During this time, there has been a gradual decline in the field strength. In recent years, the rate of decline seems to be accelerating, leading to some speculation that the Earth may be losing its magnetic field -- a catastrophic possibility since the magnetic field is what protects life on Earth from dangerous solar radiation. Ferromagnetic particles in rocks provide a long-term history which tells us the poles have flipped numerous times. But uncertainties in dating the rocks prevents their use in understanding decade-scale magnetic field fluctuations.

Now a group of archeologists and geophysicists have come up with a novel way to produce decade-scale temporal measurements of the Earth's magnetic field strength from before the invention of the magnetometer. When iron-age potters fired their pottery in a kiln to harden it, it loosened tiny ferromagnetic particles in the clay. As the pottery cooled and these particles hardened, it captured a snapshot of the Earth's magnetic field. Crucially, the governments of that time required pottery used to collect taxed goods (e.g. a portion of olive oil sold) to be stamped with a royal seal. These seals changed over time as new kings ascended, or governments were completely replaced after invasion. Thus by cross-referencing the magnetic particles in the pottery with the seals, researchers were able to piece together a history of the Earth's magnetic field strength spanning from the 8th century BCE to the 2nd century BCE. Their findings show that large fluctuations in the strength of the magnetic field over a span of decades are normal.
The study has been published in the journal PNAS.

Slashdot Top Deals