COBOL is a programming language invented by Hopper from 1959 to 1961, and while it is several decades old, it's still largely used by the financial sector, major corporations and part of the federal government. Mar Masson Maack from The Next Web interviews Daniel Doderlein, CEO of Auka, who explains why banks don't have to actively kill COBOL and how they can modernize and "minimize the new platforms' connections to the old systems so that COBOL can be switched out in a safe and cheap manner." From the report: According to [Doderlein], COBOL-based systems still function properly but they're faced with a more human problem: "This extremely critical part of the economic infrastructure of the planet is run on a very old piece of technology -- which in itself is fine -- if it weren't for the fact that the people servicing that technology are a dying race." And Doderlein literally means dying. Despite the fact that three trillion dollars run through COBOL systems every single day they are mostly maintained by retired programming veterans. There are almost no new COBOL programmers available so as retirees start passing away, then so does the maintenance for software written in the ancient programming language. Doderlein says that banks have three options when it comes to deciding how to deal with this emerging crisis. First off, they can simply ignore the problem and hope for the best. Software written in COBOL is still good for some functions, but ignoring the problem won't fix how impractical it is for making new consumer-centric products. Option number two is replacing everything, creating completely new core banking platforms written in more recent programming languages. The downside is that it can cost hundreds of millions and it's highly risky changing the entire system all at once. The third option, however, is the cheapest and probably easiest. Instead of trying to completely revamp the entire system, Doderlein suggests that banks take a closer look at the current consumer problems. Basically, Doderlein suggests making light-weight add-ons in more current programming languages that only rely on COBOL for the core feature of the old systems.
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Reader Krystalo writes: Google today announced the second step in its plan to mark all HTTP sites as non-secure in Chrome. Starting in October 2017, Chrome will mark HTTP sites with entered data and HTTP sites in Incognito mode as non-secure. With the release of Chrome 56 in January 2017, Google's browser started marking HTTP pages that collect passwords or credit cards as "Not Secure" in the address bar. Since then, Google has seen a 23 percent reduction in the fraction of navigations to HTTP pages with password or credit card forms on Chrome for desktop. Chrome 62 (we're currently on Chrome 58) will take this to the next level.
Facebook is pressing its enforcement against what it calls "information operations" -- bad actors who use the platform to spread fake news and false propaganda. From a report: The company, which published a report on the subject today, defines these operations as government-led campaigns -- or those from organized "non-state actors" -- to promote lies, sow confusion and chaos among opposing political groups, and destabilize movements in other countries. The goal of these operations, the report says, is to manipulate public opinion and serve geopolitical ends. The actions go beyond the posting of fake news stories. The 13-page report specifies that fake news can be motivated by a number of incentives, but that it becomes part of a larger information operation when its coupled with other tactics and end goals. Facebook says these include friend requests sent under false names to glean more information about the personal networks of spying targets and hacking targets, the boosting of false or misleading stories through mass "liking" campaigns, and the creation propaganda groups. The company defines these actions as "targeted data collection," "false amplification," and "content creation." Facebook plans to target these accounts by monitoring for suspicious activity, like bursts of automated actions on the site, to enact mass banning of accounts.
Nomx, a startup that offers an email client by the same name, bills itself as the maker of the "world's most secure email service." The startup goes on to suggest that "everything else is insecure." So it was only a matter of time before someone decided to spend some time on assessing how valid Nomx's claims are. Very misleading, it turns out. From a report on Motherboard: Nomx sells a $199 device that essentially helps you set up your own email server in an attempt to keep your emails away from mail exchange (or MX) -- hence the brand name -- servers, which the company claims to be inherently "vulnerable." Security researcher Scott Helme took apart the device and tried to figure out how it really works. According to his detailed blog post, what he found is that the box is actually just a Raspberry Pi with outdated software on it, and several bugs. So many, in fact, that Helme wrote Nomx's "code is riddled with bad examples of how to do things." The worst issue, Helme explained, is that the Nomx's web application had a vulnerability that allowed anyone to take full control of the device remotely just by tricking someone to visit a malicious website. "I could read emails, send emails, and delete emails. I could even create my own email address," Helme told Motherboard in an online chat. A report on BBC adds: Nomx said the threat posed by the attack detailed by Mr Helme was "non-existent for our users." Following weeks of correspondence with Mr Helme and the BBC Click Team, he said the firm no longer shipped versions that used the Raspberry Pi. Instead, he said, future devices would be built around different chips that would also be able to encrypt messages as they travelled. "The large cloud providers and email providers, like AOL, Yahoo, Gmail, Hotmail - they've already been proven that they are under attack millions of times daily," he said. "Why we invented Nomx was for the security of keeping your data off those large cloud providers. To date, no Nomx accounts have been compromised."
An anonymous reader writes: To understand why it is so difficult to defend computers from even moderately capable hackers, consider the case of the security flaw officially known as CVE-2017-0199. The bug was unusually dangerous but of a common genre: it was in Microsoft software, could allow a hacker to seize control of a personal computer with little trace, and was fixed April 11 in Microsoft's regular monthly security update. But it had traveled a rocky, nine-month journey from discovery to resolution, which cyber security experts say is an unusually long time. Google's security researchers, for example, give vendors just 90 days' warning before publishing flaws they find. Microsoft declined to say how long it usually takes to patch a flaw. While Microsoft investigated, hackers found the flaw and manipulated the software to spy on unknown Russian speakers, possibly in Ukraine. And a group of thieves used it to bolster their efforts to steal from millions of online bank accounts in Australia and other countries.
An anonymous reader quotes a report from Ars Technica: When NASA began developing a rocket and spacecraft to return humans to the Moon a decade ago as part of the Constellation Program, the space agency started to think about the kinds of spacesuits astronauts would need in deep space and on the lunar surface. After this consideration, NASA awarded a $148 million contract to Oceaneering International, Inc. in 2009 to develop and produce such a spacesuit. However, President Obama canceled the Constellation program just a year later, in early 2010. Later that year, senior officials at the Johnson Space Center recommended canceling the Constellation spacesuit contract because the agency had its own engineers working on a new spacesuit and, well, NASA no longer had a clear need for deep-space spacesuits. However, the Houston officials were overruled by agency leaders at NASA's headquarters in Washington, DC. A new report released Wednesday by NASA Inspector General Paul Martin sharply criticizes this decision. "The continuation of this contract did not serve the best interests of the agency's spacesuit technology development efforts," the report states. In fact, the report found that NASA essentially squandered $80.6 million on the Oceaneering contract before it was finally ended last year.
Using a new facial recognition surveillance system, British police will scan every fan's face at the UEFA Champions League on June 3rd and compare them to a police database of some 500,000 "persons of interest." "According to a government tender issued by South Wales Police, the system will be deployed during the day of the game in Cardiff's main train station, as well as in and around the Principality Stadium situated in the heart of Cardiff's central retail district." From the report: Cameras will potentially be scanning the faces of an estimated 170,000 visitors plus the many more thousands of people in the vicinity of the bustling Saturday evening city center on match day, June 3. Captured images will then be compared in real time to 500,000 custody images stored in the police information and records management system alerting police to any "persons of interest," according to the tender. The security operation will build on previous police use of Automated Facial Recognition, or AFR technology by London's Metropolitan Police during 2016's Notting Hill Carnival.
New submitter happyfeet2000 quotes a report from TorrentFreak: Broad pirate sites blockades are disproportional, Mexico's Supreme Court of Justice has ruled. The government can't order ISPs to block websites that link to copyright-infringing material because that would also restrict access to legitimate content and violate the public's freedom of expression. The ruling is a win for local ISP Alestra, which successfully protested the government's blocking efforts. Alestra was ordered to block access to the website mymusiic.com by the government's Mexican Institute of Industrial Property (IMPI). The website targeted a Mexican audience and offered music downloads, some of which were shared without permission. "The ISP was not pleased with the order and appealed it in court," reports TorrentFreak. "Among other things, the defense argued that the order was too broad, as it also restricted access to music that might not be infringing." The Supreme Court of Justice of the Nation heard the case and ruled that the government's order is indeed disproportional.
An anonymous reader quotes a report from The Verge: The Federal Communications Commission is cracking open the net neutrality debate again with a proposal to undo the 2015 rules that implemented net neutrality with Title II classification. FCC chairman Ajit Pai called the rules "heavy handed" and said their implementation was "all about politics." He argued that they hurt investment and said that small internet providers don't have "the means or the margins" to withstand the regulatory onslaught. "Earlier today I shared with my fellow commissioners a proposal to reverse the mistake of Title II and return to the light touch framework that served us so well during the Clinton administration, Bush administration, and first six years of the Obama administration," Pai said today. His proposal will do three things: first, it'll reclassify internet providers as Title I information services; second, it'll prevent the FCC from adapting any net neutrality rules to practices that internet providers haven't thought up yet; and third, it'll open questions about what to do with several key net neutrality rules -- like no blocking or throttling of apps and websites -- that were implemented in 2015. Pai will publish the full text of his proposal tomorrow, and it will be voted on by the FCC on May 18th.
Appliance manufacturers and home builders are in Washington, D.C., today to celebrate a popular energy efficiency program, even as it's slated for elimination in President Trump's proposed budget. NPR adds: You probably know the program's little blue label with the star -- the Environmental Protection Agency says 90 percent of U.S. households do. [...] The 25-year-old Energy Star program appears to be targeted simply because it's run by the federal government. It's one of 50 EPA programs that would be axed under Trump's budget plan, which would shrink the agency's funding by more than 30 percent. Critics of Energy Star say the government should get involved in the marketplace only when absolutely necessary. But that argument doesn't hold sway for the program's legions of supporters, which span nonprofits, companies and trade groups.
Mylan engaged in a campaign to squash a rival to its EpiPen allergy treatment and artificially inflate the price of the drug to maintain a market monopoly, French drugmaker Sanofi said in a lawsuit. From a report: With the lofty prices and near-monopoly over the market, Mylan could dangle deep discounts to drug suppliers -- with the condition that they turn their backs on Sanofi's Auvi-Q -- the lawsuit alleges. Suppliers wouldn't dare ditch EpiPens, the most popular auto-injector. And with the high prices, the rebates wouldn't put a dent in Mylan's hefty profits, Sanofi speculates. Coupled with a smear campaign and other underhanded practices, Mylan effectively pushed Sanofi out of the US epinephrine auto-injector market, Sanofi alleges. The lawsuit, filed Monday in a federal court in New Jersey, seeks damages under US Antitrust laws.
An anonymous reader shares a report: Wind and solar are about to become unstoppable, natural gas and oil production are approaching their peak, and electric cars and batteries for the grid are waiting to take over. This is the world Donald Trump inherited as U.S. president. And yet his energy plan is to cut regulations to resuscitate the one sector that's never coming back: coal. Clean energy installations broke new records worldwide in 2016, and wind and solar are seeing twice as much funding as fossil fuels, according to new data released Tuesday by Bloomberg New Energy Finance (BNEF). That's largely because prices continue to fall. Solar power, for the first time, is becoming the cheapest form of new electricity in the world. But with Trump's deregulations plans, what "we're going to see is the age of plenty -- on steroids," BNEF founder Michael Liebreich said. "That's good news economically, except there's one fly in the ointment, and that's climate."
On Wednesday, Amazon announced the Echo Look, the latest gadget in the company's new Echo-powered hardware lineup. Motherboard explains: The newly announced Echo Look is a virtual assistant with a microphone and a camera that's designed to go somewhere in your bedroom, bathroom, or wherever the hell you get dressed. Amazon is pitching it as an easy way to snap pictures of your outfits to send to your friends when you're not sure if your outfit is cute, but it's also got a built-in app called StyleCheck that is worth some further dissection. [...] "All photos and video captured with your Echo Look are securely stored in the AWS cloud and locally in the Echo Look app until a customer deletes them," a spokesperson for the company said. "You can delete the photos or videos associated with your account anytime in the Echo Look App." Motherboard also asked if Echo Look photos, videos, and the data gleaned from them would be sold to third parties; the company did not address that question.
An anonymous reader quotes a report from Ars Technica: It's been more than five years since the government accused Megaupload and its founder Kim Dotcom of criminal copyright infringement. While Dotcom himself was arrested in New Zealand, U.S. government agents executed search warrants and grabbed a group of more than 1,000 servers owned by Carpathia Hosting. That meant that a lot of users with gigabytes of perfectly legal content lost access to it. Two months after the Dotcom raid and arrest, the Electronic Frontier Foundation filed a motion in court asking to get back data belonging to one of those users, Kyle Goodwin, whom the EFF took on as a client. Years have passed. The U.S. criminal prosecution of Dotcom and other Megaupload executives is on hold while New Zealand continues with years of extradition hearings. Meanwhile, Carpathia's servers were powered down and are kept in storage by QTS Realty Trust, which acquired Carpathia in 2015. Now the EFF has taken the extraordinary step of asking an appeals court to step in and effectively force the hand of the district court judge. Yesterday, Goodwin's lawyers filed a petition for a writ of mandamus (PDF) with the U.S. Court of Appeals for the 4th Circuit, which oversees Virginia federal courts. "We've been asking the court for help since 2012," said EFF attorney Mitch Stolz in a statement about the petition. "It's deeply unfair for him to still be in limbo after all this time."
An appeals court today has ruled that Anthony Levandowski, the Uber executive accused of taking documents from Google's Waymo, can't use the Fifth Amendment to prevent Uber from turning over documents in the case. "The court has now directed Uber to provide data associated with its Otto acquisition to Waymo," reports The Tech Portal. From the report: Following the case, Levandowski invoked the fifth amendment, so as to prevent any other information which could implicate him from coming to the surface. Meanwhile, Waymo has been claiming that Levandowski and Uber signed an agreement with each other just a few days after the former quit his job at Google. The company has also asked Uber to provide it with a log containing details of the cab aggregator's legal involvement with Levandowski. Levandowski has been opposing the motion, stating that it would violate his fifth amendment. However, a new court ruling has quashed these hopes. With this ruling, Waymo can technically also request Uber for a copy of the due diligence report. The United States Court of Appeals for the Federal Circuit said: "Mr. Levandowski argues that he is entitled to relief under the Fifth Amendment because production of the unredacted privilege log could potentially incriminate him. We are not persuaded that the district court erred in its ruling requiring defendants to produce an unredacted privilege log."
pogopop77 quotes a report from Motherboard: In September 2014, Mats Jarlstrom, an electronics engineer living in Beaverton, Oregon, sent an email to the state's engineering board. The email claimed that yellow traffic lights don't last long enough, which "puts the public at risk." "I would like to present these facts for your review and comments," he wrote. This email resulted not with a meeting, but with a threat from The Oregon State Board of Examiners for Engineering and Land Surveying [stating]: "ORS 672.020(1) prohibits the practice of engineering in Oregon without registration -- at a minimum, your use of the title 'electronics engineer' and the statement 'I'm an engineer' create violations." In January of this year, Jarlstrom was officially fined $500 by the state for the crime of "practicing engineering without being registered." Since the engineering board in Oregon said Jarlstrom should not be free to publish or present his ideas about the fast-turning yellow traffic lights, due to his "practice of engineering in Oregon without registration," he and the Institute for Justice sued them in federal court for violating his First Amendment rights. "I'm not practicing engineering, I'm just using basic mathematics and physics, Newtonian laws of motion, to make calculations and talk about what I found," he said. Sam Gedge, an attorney for the Institute for Justice, told Motherboard: "Mats has a clear First Amendment right to talk about anything from taxes to traffic lights. It's an instance of a licensing board trying to suppress speech."
BarbaraHudson writes: A murdered woman's Fitbit data shows she was still alive an hour after her husband claims she was murdered and he was tied up, contradicting her husband's description of events. New York Daily News reports: "Richard Dabate, 40, was charged this month with felony murder, tampering with physical evidence and making false statements following his wife Connie's December 2015 death at their home in Ellington, Tolland County. Dabate called 911 reporting that his wife was the victim of a home invasion, alleging that she was shot dead by a 'tall, obese man' with a deep voice like actor Vin Diesel's, sporting 'camouflage and a mask,' according to an arrest warrant. Dabate alleged her death took place more than an hour before her Fitbit-tracked movements revealed."
An anonymous reader quotes a report from Reuters: European Union lawmakers voted on Tuesday to ban online retailers from treating consumers differently depending on where they live and expanded their proposed law to include music streaming services such as Spotify and Apple's iTunes. Ending so-called geoblocking is a priority for the European Commission as it tries to create a single market for digital services across the 28-nation bloc, but many industries argue that they tailor their prices to specific domestic markets. The proposal, which will apply to e-commerce websites such as Amazon, Zalando and eBay, as well as for services provided in a specific location like car rental, forbids online retailers from automatically re-routing customers to their domestic website without their consent. In a blow for the book publishing and music industries, European Parliament members voted to include copyright-protected content such as music, games, software and e-books in the law. That would mean music streaming services such as Spotify and iTunes would not be able to prevent, for example, a French customer buying a cheaper subscription in Croatia, if they have the required rights.
An anonymous reader quotes a report from TechCrunch: Uber has another lawsuit on its hands. This time, it's about Uber's alleged use of a program called "Hell." The plaintiff, Michael Gonzales, drove for Lyft during the time Uber allegedly used the software. He's seeking $5 million in a class action lawsuit. As the story goes, Uber allegedly tracked Lyft drivers using a secret software program internally referred to as "Hell." It allegedly let Uber see how many Lyft drivers were available to give rides, and what their prices were. Hell could allegedly also determine if people were driving for both Uber and Lyft. The lawsuit, filed in the U.S. District Court for the Northern District of California, alleges Uber broadly invaded the privacy of the Lyft drivers, specifically violated the California Invasion of Privacy Act and Federal Wiretap Act and engaged in unfair competition. Uber has not confirmed nor outright denied the claims.
msm1267 quotes a report from Threatpost: A little more than two weeks after the latest ShadowBrokers leak of NSA hacking tools, experts are certain that the DoublePulsar post-exploitation Windows kernel attack will have similar staying power to the Conficker bug, and that pen-testers will be finding servers exposed to the flaws patched in MS17-010 for years to come. MS17-010 was released in March and it closes a number of holes in Windows SMB Server exploited by the NSA. Exploits such as EternalBlue, EternalChampion, EternalSynergy and EternalRomance that are part of the Fuzzbunch exploit platform all drop DoublePulsar onto compromised hosts. DoublePulsar is a sophisticated memory-based kernel payload that hooks onto x86 and 64-bit systems and allows an attacker to execute any raw shellcode payload they wish. "This is a full ring0 payload that gives you full control over the system and you can do what you want to it," said Sean Dillon, senior security analyst at RiskSense. Dillon was the first to reverse-engineer a DoublePulsar payload, and published his analysis last Friday. "This is going to be on networks for years to come. The last major vulnerability of this class was MS08-067, and it's still found in a lot of places," Dillon said. "I find it everywhere. This is the most critical Windows patch since that vulnerability." Dan Tentler, founder and CEO of Phobos Group, said internet-net wide scans he's running have found about 3.1 percent of vulnerable machines are already infected (between 62,000 and 65,000 so far), and that percentage is likely to go up as scans continue. "This is easily describable as a bloodbath," Tentler said.