Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Cellphones

FCC Chairman Wants It To Be Easier To Listen To Free FM Radio On Your Smartphone (recode.net) 207

An anonymous reader quotes a report from Recode: Your smartphone has an FM radio in it, only it's unlikely that you're able to use it. That's because in the U.S., less than half of phones actually have the FM tuner turned on. But FCC Chairman Ajit Pai, who just recently assumed the top position at the regulatory agency under President Trump, thinks that should change. In remarks made to the North American Broadcasters Association yesterday, Pai said that it's a public safety issue. Both the former head of the Federal Emergency Management Association and an FCC advisory panel on public safety have advocated for turning on the FM radio capabilities in smartphones, since radio is a reliable source of information when internet or cellphone networks go down in severe weather. Although Pai thinks smartphones should have the FM chip turned on, he doesn't think the government should mandate it: "As a believer in free markets and the rule of law, I cannot support a government mandate requiring activation of these chips. I don't believe the FCC has the power to issue a mandate like that, and more generally I believe it's best to sort this issue out in the marketplace."
Censorship

CloudFlare Puts Pirate Sites on New IP Addresses, Avoids Cogent Blockade (torrentfreak.com) 88

Earlier this month, several users worldwide reported that they were unable to access pirate websites including the Pirate Bay. It was because the internet backbone network of Cogent Communications had blackholed the CloudFlare IP-address of pirate websites. Less than a week later, CloudFlare is fighting back. From a report on TorrentFreak: The Pirate Bay and dozens of other pirate sites that were blocked by Cogent's Internet backbone are now accessible again. CloudFlare appears to have moved the sites in question to a new pair of IP-addresses, effectively bypassing Cogent's blackhole. [...] As of yesterday, the sites in question have been assigned the IP-addresses 104.31.16.3 and 104.31.17.3, still grouped together. Most, if not all of the sites, are blocked by court order in the UK so this is presumably done to prevent ISP overblocking of 'regular' CloudFlare subscribers.
Sci-Fi

Lost Winston Churchill Essay Reveals His Thoughts On Alien Life (theverge.com) 185

"A newly discovered essay by Winston Churchill shows that the British statesman gave a lot of thought to the existential question that has inspired years of scientific research and blockbuster movies: are we alone in the University?" reports The Verge. "The essay was drafted in the 1930s, but unearthed in a museum in Missouri last year." Astrophysicist Mario Livio was the first scientist to analyze the article and has published his comments in the journal Nature. The Verge reports: Livio was "stunned" when he first saw the unpublished, 11-page essay on the existence of alien life, he tells The Verge. The astrophysicist was visiting Westminster College in Fulton, Missouri, for a talk last year, when he was approached by Timothy Riley, the director of Fulton's US National Churchill Museum. Riley showed him the essay, titled "Are We Alone in the Universe?" In the essay, Churchill reasons that we can't possibly be alone in the Universe -- and that many other Suns will likely have many other planets that could harbor life. Because of how enormously distant these extrasolar planets are, we may never know if they "house living creatures, or even plants," Churchill concludes. He wrote this decades before exoplanets were discovered in the 1990s; hundreds have since been detected. What's impressive about the essay is the way Churchill approaches the existential and scientific question of whether life exists on other planets, Livio says. Churchill's reasoning mirrors extremely well the way scientists think about this problem today. The British leader also talks about several theories that still guide the search for alien life, Livio says. For example, he notes that water is the key ingredient for life on Earth, and so finding water on other planets could mean finding life there. Churchill also notes that life can only survive in regions "between a few degrees of frost and the boiling point of water" -- what today we call the habitable zone, the region around a star that is neither too hot or too cold, so that liquid water may exist on the planet's surface.
Government

Bipartisan Bill Seeks Warrants For Police Use of 'Stingray' Cell Trackers (usatoday.com) 113

Tulsa_Time quotes a report from USA Today: A bipartisan group of House and Senate lawmakers introduced legislation Wednesday requiring police agencies to get a search warrant before they can deploy powerful cellphone surveillance technology known as "stingrays" that sweep up information about the movements of innocent Americans while tracking suspected criminals. "Owning a smartphone or fitness tracker shouldn't give the government a blank check to track your movements," said Sen. Ron Wyden, D-Ore., a member of the Senate Intelligence Committee who introduced the bill with Reps. Jason Chaffetz, R-Utah, and John Conyers, D-Mich. "Law enforcement should be able to use GPS data, but they need to get a warrant. This bill sets out clear rules to make sure our laws keep up with the times." The legislation introduced Wednesday, called the Geolocation Privacy and Surveillance (GPS) Act, would require a warrant for all domestic law enforcement agencies to track the location and movements of individual Americans through GPS technology without their knowledge. It also aims to combat high-tech stalking by creating criminal penalties for secretly using an electronic device to track someone's movements.
Java

JavaScript Attack Breaks ASLR On 22 CPU Architectures (bleepingcomputer.com) 153

An anonymous reader quotes a report from BleepingComputer: Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures from vendors such as Intel, AMD, ARM, Allwinner, Nvidia, and others. The attack, christened ASLRCache, or AnC, focuses on the memory management unit (MMU), a lesser known component of many CPU architectures, which is tasked with improving performance for cache management operations. What researchers discovered was that this component shares some of its cache with untrusted applications, including browsers. This meant that researchers could send malicious JavaScript that specifically targeted this shared memory space and attempted to read its content. In layman's terms, this means an AnC attack can break ASLR and allow the attacker to read portions of the computer's memory, which he could then use to launch more complex exploits and escalate access to the entire OS. Researchers have published two papers [1, 2] detailing the AnC attack, along with two videos[1, 2] showing the attack in action.
Transportation

Nearly 56,000 Bridges Called Structurally Deficient (usatoday.com) 240

schwit1 quotes a report from USA Today: Nearly 56,000 bridges nationwide, which vehicles cross 185 million times a day, are structurally deficient, a bridge construction group announced Wednesday. The list is based on Transportation Department data. The department scores bridges on a nine-point scale, and while the deficient ones might not be imminently unsafe, they are classified in need of attention. More than one in four bridges (173,919) are at least 50 years old and have never had major reconstruction work, according to the ARTBA analysis. State transportation officials have identified 13,000 bridges along interstates that need replacement, widening or major reconstruction, according to the group. "America's highway network is woefully underperforming," said Alison Premo Black, the group's chief economics who conducted the analysis. "It is outdated, overused, underfunded and in desperate need of modernization." The five states with the most deficient bridges are Iowa with 4,968, Pennsylvania with 4,506, Oklahoma with 3,460, Missouri with 3,195 and Nebraska with 2,361. The eight states where at least 15% of the bridges are deficient are: Rhode Island at 25%, Pennsylvania at 21%, Iowa and South Dakota at 20%, West Virginia at 17%, and Nebraska, North Dakota and Oklahoma at 15%.
Patents

Patent Office Rules CRISPR Patents, Potentially Worth Billions, Belong To Broad Institute (theverge.com) 69

According to a ruling by judges at the United States Patent and Trademark Office, the disputed patents on the gene-editing tool CRISPR belong to the Broad Institute of MIT and Harvard. "The ruling comes a little over two months after a high-profile court hearing, during which MIT and University of California, Berkeley heatedly argued about who should own CRISPR," The Verge reports. From their report: STAT News reported that the decision was one sentence long. The three judges decided that the Broad patents are different enough from the ones the University of California applied for that the Broad patents stand. The patent ruling suggests that the work done by Jennifer Doudna of the University of California and her colleagues on CRISPR wasn't so groundbreaking as to make any other advance obvious. But that legal opinion isn't how the science world views her work, STAT points out: "Doudna and her chief collaborator, Emmanuelle Charpentier, won the $3 million Breakthrough Prize in the life sciences in 2015, the $500,000 Gruber Genetics Prize in 2015, and the $450,000 Japan Prize in 2017," the outlet notes.
Security

Yahoo Notifying Users of Malicious Account Activity as Verizon Deal Progresses (techcrunch.com) 17

Kate Conger, writing for TechCrunch: Yahoo is continuing to issue warnings to users about several security incidents as it moves toward an acquisition by Verizon. Users are receiving notifications today about unauthorized access to their accounts in 2015 and 2016, which occurred due to previously disclosed cookie forging. "As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users' accounts without a password. The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again," a Yahoo spokesperson told TechCrunch.
Transportation

Brazil Judge Rules Uber Drivers Are Employees, Deserve Benefits (reuters.com) 130

An anonymous reader shares a Reuters report: A Brazilian judge ruled that a driver using the Uber ride-hailing app is an employee of the San Francisco-based company and is entitled to workers' benefits, adding to the global debate over labor rights for drivers on the platform. Uber said on Tuesday it would appeal the decision by Judge Marcio Toledo Goncalves, who issued the ruling late Monday in a labor court in Minas Gerais state. Goncalves ordered Uber to pay one driver around 30,000 reais ($10,000) in compensation for overtime, night shifts, holidays and expenses such as gasoline, water and candy for passengers. The consequences for Uber, if the ruling is upheld, could be far greater if more drivers follow suit and if state and federal regulators and tax agencies start treating it, as the judge suggested, as a transportation company rather than a tech firm.
Businesses

IT Decisions Makers and Executives Don't Agree On Cyber Security Responsibility (betanews.com) 118

Sead Fadilpasic, writing for BetaNews: There's a severe disconnect between IT decision makers and C-suite executives when it comes to handling cyber attacks. Namely, both believe the other one is responsible for keeping a company safe. This is according to a new and extensive research by BAE Systems. A total of 221 C-suite executives and 984 IT decision-makers were polled or the report. According to the research, a third (35 percent) of C-suite executives believe IT teams are responsible for data breaches. On the other hand, 50 percent of IT decision makers would place that responsibility in the hands of their senior management. Cost estimates of a successful breach also differ. IT decision makers think it would set them back $19.2 million, while C-suite thinks of a lesser figure, $11.6m. C-level thinks a tenth (10 percent) of their company's IT budget is spent on cyber security, while IT decision makers think that's 15 percent. Also, 84 percent of C-suite, and 81 percent of IT teams believe they have the right protection set up.
Blackberry

BlackBerry Files Patent-Infringement Suit Against Nokia (bloombergquint.com) 53

An anonymous reader writes: BlackBerry has filed a patent-infringement lawsuit against Nokia, demanding royalties on the Finnish company's mobile network products that use an industrywide technology standard. Nokia's products including its Flexi Multiradio base stations, radio network controllers and Liquid Radio software are using technology covered by as many as 11 patents, BlackBerry said in a complaint filed in federal court in Wilmington, Delaware. The mobile network products and services are provided to companies including T-Mobile and AT&T for their LTE networks, BlackBerry said in the complaint. "Nokia has persisted in encouraging the use" of the standard- compliant products without a license from BlackBerry, it said.
Earth

Iron Age Potters Accidentally Recorded the Strength of Earth's Magnetic Field (npr.org) 106

Solandri writes: We've only been able to measure the Earth's magnetic field strength for about two centuries. During this time, there has been a gradual decline in the field strength. In recent years, the rate of decline seems to be accelerating, leading to some speculation that the Earth may be losing its magnetic field -- a catastrophic possibility since the magnetic field is what protects life on Earth from dangerous solar radiation. Ferromagnetic particles in rocks provide a long-term history which tells us the poles have flipped numerous times. But uncertainties in dating the rocks prevents their use in understanding decade-scale magnetic field fluctuations.

Now a group of archeologists and geophysicists have come up with a novel way to produce decade-scale temporal measurements of the Earth's magnetic field strength from before the invention of the magnetometer. When iron-age potters fired their pottery in a kiln to harden it, it loosened tiny ferromagnetic particles in the clay. As the pottery cooled and these particles hardened, it captured a snapshot of the Earth's magnetic field. Crucially, the governments of that time required pottery used to collect taxed goods (e.g. a portion of olive oil sold) to be stamped with a royal seal. These seals changed over time as new kings ascended, or governments were completely replaced after invasion. Thus by cross-referencing the magnetic particles in the pottery with the seals, researchers were able to piece together a history of the Earth's magnetic field strength spanning from the 8th century BCE to the 2nd century BCE. Their findings show that large fluctuations in the strength of the magnetic field over a span of decades are normal.
The study has been published in the journal PNAS.
AT&T

Apple Will Fight 'Right To Repair' Legislation (vice.com) 309

An anonymous reader quotes a report from Motherboard: Apple is planning to fight proposed electronics "Right to Repair" legislation being considered by the Nebraska state legislature, according to a source within the legislature who is familiar with the bill's path through the statehouse. The legislation would require Apple and other electronics manufacturers to sell repair parts to consumers and independent repair shops, and would require manufacturers to make diagnostic and service manuals available to the public. Nebraska is one of eight states that are considering right to repair bills; last month, Nebraska, Minnesota, New York, Massachusetts, Kansas, and Wyoming introduced legislation. Last week, lawmakers in Illinois and Tennessee officially introduced similar bills. According to the source, an Apple representative, staffer, or lobbyist will testify against the bill at a hearing in Lincoln on March 9. ATT will also argue against the bill, the source said. The source told me that at least one of the companies plans to say that consumers who repair their own phones could cause lithium batteries to catch fire. So far, Nebraska is the only state to schedule a hearing for its legislation.
Microsoft

Microsoft Delays February Patch Tuesday Indefinitely (sans.edu) 88

UnderAttack writes: Microsoft today announced that it had to delay its February Patch Tuesday due to issues with a particular patch. This was also supposed to be the first Patch Tuesday using a new format, which led some to believe that even Microsoft had issues understanding how the new format is exactly going to work with no more simple bulletin summary and patches being released as large monolithic updates. Ars Technica notes the importance of this Patch Tuesday as "there's an in-the-wild zero-day flaw in SMB, Microsoft's file sharing protocol, that at the very least allows systems to be crashed." They also elaborate on the way Microsoft is "continuing to tune the way updates are delivered to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2."
Canada

Canada Remains a 'Safe Haven' For Online Piracy, Rightsholders Claim (torrentfreak.com) 134

The MPAA, RIAA and other entertainment industry groups are calling out Canada, claiming that it remains a "safe haven" for copyright infringers and pirate sites, reports TorrentFreak. From the article: One of the main criticisms is that, despite having been called out repeatedly in the past, the country still offers a home to many pirate sites. "For a number of years, extending well into the current decade, Canada had a well-deserved reputation as a safe haven for some of the most massive and flagrant Internet sites dedicated to the online theft of copyright material," IIPA writes. Another disturbing development, according to IIPA, is the emergence of stand-alone BitTorrent applications that allow users to stream content directly through an attractive and user-friendly interface, hinting at Popcorn Time. In addition to the traditional pirate sites that remain in Canada, IIPA reports that several websites offering modified game console gear have also moved there in an attempt to escape liability under U.S. law.
Microsoft

Microsoft Calls For 'Digital Geneva Convention' (usatoday.com) 144

Microsoft is calling for a digital Geneva Convention to outline protections for civilians and companies from government-sponsored cyberattacks. In comments Tuesday at the RSA security industry conference in San Francisco, Microsoft President and Chief Legal Officer Brad Smith said the rising trend of government entities wielding the internet as a weapon was worrying. From a report on USA Today: In the cyber realm, tech must be committed to "100% defense and zero percent offense," Smith said at the opening keynote at the RSA computer security conference. Smith called for a "digital Geneva Convention," like the one created in the aftermath of World War II which set ground rules for how conduct during wartime, defining basic rights for civilians caught up armed conflicts. In the 21st century such rules are needed "to commit governments to protect civilians from nation-state attacks in times of peace," a draft of Smith's speech released to USA TODAY said. This digital Geneva Convention would establish protocols, norms and international processes for how tech companies would deal with cyber aggression and attacks of nations aimed at civilian targets, which appears to effectively mean anything but military servers.
Databases

Story Of a Country Which Has Built a Centralized Biometrics Database Of 1.1B People But Appears To Be Mishandling It Now (mashable.com) 57

In a bid to get more Indians to have a birth certificate or any sort of ID card, India announced Aadhaar project in 2009. At the time, there were more Indians without these ID cards than those with. As a result of this, much of the government funding for the citizens were disappearing before they could see them. But according to several security experts, lawyers, politicians and journalists, the government is using poor security practices, and this is exposing the biometrics data -- photo, name, address, fingerprint, iris info -- of people at risk. More than 1.1 billion people -- and 99 percent of all adults -- in India have enrolled themselves to the system. From a report: "There are two fundamental flaws in Aadhaar: it is poorly designed, and it is being poorly verified," Member of Parliament and privacy advocate, Rajeev Chandrasekhar told Mashable India. Another issue with Aadhaar is, Chandrasekhar explains, there is no firm legislation to safeguard the privacy and rights of the billion people who have enrolled into the system. There's little a person whose Aadhaar data has been compromised could do. [...] "Aadhaar is remote, covert, and non-consensual," he told Mashable India, adding the existence of a central database of any kind, but especially in the context of the Aadhaar, and at the scale it is working is appalling. Abraham said fingerprint and iris data of a person can be stolen with little effort -- a "gummy bear" which sells for a few cents, can store one's fingerprint, while a high-resolution camera can capture one's iris data. The report goes on to say that the Indian government is also not telling how the data is being shared with private companies. Experts cited in the story have expressed concerns that those companies (some of which are run by people who were previously members of the team which designed the framework of Aadhaar) can store and create a parallel database of their own. On top of that, the government is making Aadhaar mandatory for availing several things including registration for nation-wide examinations, but in the beginning it promised Aadhaar will be used only to help poor get grocery at subsidized prices.
Communications

US National Weather Service Suffered 'Catastrophic' Outage; Website Stopped Sending Forecasts, Warnings (miamiherald.com) 100

jo7hs2 quotes a report from Miami Herald: On a day when a blizzard is pasting Maine and Northern California faces a dire flooding threat, several of the National Weather Service's primary systems for sending out alerts to the public have failed. As of approximately 1:15 p.m. Eastern Time, products from the National Weather Service ceased disseminating over the internet, including forecasts, warnings and current conditions. The Weather Service's public-facing website, Weather.gov, has not posted updated information since the outage began. Ryan Hickman, chief technology officer for Allison House, a weather data provider, called the situation "catastrophic." Hickman said two core routers for transmitting information from the Weather Service offices out to satellites, which beam the information back to public service providers, had stopped working. Hickman added that another backup system known as the Emergency Managers Weather Information Network (EMWIN) was also not operating.

Slashdot reader jo7hs2 notes: "The systems are back up as of Monday evening."

Security

Michael Flynn Resigns As Trump's National Security Adviser (go.com) 892

An anonymous reader quotes a report from ABC News: President Donald Trump's embattled national security adviser Michael Flynn, who faced questions about a call to the Russian ambassador prior to the inauguration, has resigned. Retired Army General Keith Kellogg was named acting national security adviser to replace Flynn. ABC News reported Monday that Flynn called Vice President Mike Pence on Friday to apologize for misleading him about his conversation with the ambassador in November. Flynn previously denied that he spoke about sanctions the U.S. imposed on Russia for its suspected interference in the 2016 election, a claim repeated by Pence in January. An administration official later claimed Pence was relying on information provided to him by Flynn. In his resignation later, Flynn cited the "fast pace of events" for "inadvertently" briefing "the Vice President Elect and others with incomplete information regarding [his] phone calls with the Russian Ambassador." You can view Flynn's full resignation letter, as provided by the White House, here.
Businesses

Ransomware Insurance Is Coming (onthewire.io) 86

Trailrunner7 quotes a report from On the Wire: As bad as the ransomware problem is right now -- and it's plenty bad -- we're likely only at the beginning of what could become a crisis, experts say. "Lots of people are being infected and lots of people are paying. The bottom line its it's getting worse and it's going to continue to do so," Jeremiah Grossman, chief of security strategy at SentinelOne, said during a talk on the ransomware epidemic at the RSA Conference here Monday. "Seven-figure ransoms have already been paid. When you're out of business, you'll pay whatever you have to in order to stay in business. You're dealing with an active, sentient adversary." The ransomware market seems to be headed in the same direction as real-world kidnapping, where high-profile targets take out insurance policies to pay ransoms. Grossman said it probably won't be long before the insurance companies latch onto the ransomware game, too. "The insurance companies are going to see a large profit potential in this. Kidnapping and ransom insurance is still very boutique. This economic model will probably apply equally well to ransomware," he said. According to The FindLaw Corporate Counsel Blog, "Ransomware attacks fall under your cyber insurance policy's 'cyber extortion' coverage and can generally be considered "first-party" or "third-party" coverage, according to Christine Marciano, president of Cyber Data Risk Managers. Third-party coverage would likely leave a company uninsured when they are the victims of a ransomware attack. Even if your insurance policy covers ransomware attacks made against your company, the deductible may be so high that the company will be stuck paying any ransomware demands out of pocket (should the company decide to pay to decrypt its data). And your coverage may be sub-limited to relatively small amounts, according Kevin Kalinich, the global cyber risk practice leader for Aon Risk Solutions. A $10 million policy may only provide $500,000 for cyber extortion claims, he explains."

Slashdot Top Deals