/.

Syndicate content Slashdot
News for nerds, stuff that matters
Updated: 17 hours 2 min ago

AI Just Made Guessing Your Password a Whole Lot Easier

Mon, 09/18/2017 - 5:25pm
sciencehabit shares a report from Science Magazine: The Equifax breach is reason for concern, of course, but if a hacker wants to access your online data by simply guessing your password, you're probably toast in less than an hour. Now, there's more bad news: Scientists have harnessed the power of artificial intelligence (AI) to create a program that, combined with existing tools, figured more than a quarter of the passwords from a set of more than 43 million LinkedIn profiles. Researchers at Stevens Institute of Technology in Hoboken, New Jersey, started with a so-called generative adversarial network, or GAN, which comprises two artificial neural networks. A "generator" attempts to produce artificial outputs (like images) that resemble real examples (actual photos), while a "discriminator" tries to detect real from fake. They help refine each other until the generator becomes a skilled counterfeiter. The Stevens team created a GAN it called PassGAN and compared it with two versions of hashCat and one version of John the Ripper. The scientists fed each tool tens of millions of leaked passwords from a gaming site called RockYou, and asked them to generate hundreds of millions of new passwords on their own. Then they counted how many of these new passwords matched a set of leaked passwords from LinkedIn, as a measure of how successful they'd be at cracking them. On its own, PassGAN generated 12% of the passwords in the LinkedIn set, whereas its three competitors generated between 6% and 23%. But the best performance came from combining PassGAN and hashCat. Together, they were able to crack 27% of passwords in the LinkedIn set, the researchers reported this month in a draft paper posted on arXiv. Even failed passwords from PassGAN seemed pretty realistic: saddracula, santazone, coolarse18.

Read more of this story at Slashdot.

Jeweler Forged Judge's Signature To Force Google To Kill Negative Reviews

Mon, 09/18/2017 - 4:45pm
A sapphire salesman is facing jail time for forging a judge's signature in a case involving Google. Kelly Weill from The Daily Beast reports: Michael Arnstein is the third-generation owner of the Natural Sapphire Company, a Manhattan-based jewelry business. After a falling-out with a former business partner, Arnstein's company amassed dozens of negative reviews, which featured prominently in the Natural Sapphire Company's Google search results. Arnstein sued the former business partner in 2011, accusing him of writing defamatory negative reviews, and a judge ordered the partner to delete 54 of the negative comments. But some negative reviews remained, even after the court order. So Arnstein copied the judge's signature and forged new court orders of his own, demanding that Google scrub negative reviews from his company's search results, Arnstein admitted in a guilty plea on Friday.

Read more of this story at Slashdot.

Navy Plans To Use Xbox 360 Controllers For New Periscope Systems Aboard Its Submarines

Mon, 09/18/2017 - 4:05pm
According to ABC News, the U.S. Navy is planning to use Xbox 360 controllers to operate periscopes aboard its most advanced submarines. High-resolution cameras and large monitors are replacing the traditional rotating periscope in the Navy's Virginia-class subs. While they can be controlled by a helicopter-style stick, the Navy plans to integrate an Xbox controller into the system because they're more familiar to younger sailors and require less training. They are also considerably cheaper. The controller typically costs less than $30 compared to the $38,000 cost of a photonic mast handgrip and imaging control panel. The Xbox controller will be included as part of the integrated imaging system for Virginia-class subs beginning with the future USS Colorado. It is supposed to be commissioned by November.

Read more of this story at Slashdot.

Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed

Mon, 09/18/2017 - 3:20pm
Bloomberg is reporting that Equifax, the credit reporting company that recently reported a cybersecurity incident impacting roughly 143 million U.S. consumers, learned about a breach of its computer systems in March -- almost five months before the date it has publicly disclosed. The company said the March breach was unrelated to the recent hack involving millions of U.S. consumers, but one of the people familiar with the situation said the breaches involve the same intruders. From the report: Equifax hired the security firm Mandiant on both occasions and may have believed it had the initial breach under control, only to have to bring the investigators back when it detected suspicious activity again on July 29, two of the people said. Equifax's hiring of Mandiant the first time was unrelated to the July 29 incident, the company spokesperson said. The revelation of a March breach will complicate the company's efforts to explain a series of unusual stock sales by Equifax executives. If it's shown that those executives did so with the knowledge that either or both breaches could damage the company, they could be vulnerable to charges of insider trading. The U.S. Justice Department has opened a criminal investigation into the stock sales, according to people familiar with the probe. In early March, they said, Equifax began notifying a small number of outsiders and banking customers that it had suffered a breach and was bringing in a security firm to help investigate. The company's outside counsel, Atlanta-based law firm King & Spalding, first engaged Mandiant at about that time. While it's not clear how long the Mandiant and Equifax security teams conducted that probe, one person said there are indications it began to wrap up in May. Equifax has yet to disclose that March breach to the public.

Read more of this story at Slashdot.

Slashdot Asks: Which IT Hiring Trends Are Hot, and Which Ones Are Going Cold?

Mon, 09/18/2017 - 2:40pm
snydeq writes: Recruiting and retaining tech talent remains IT's biggest challenge today, writes Paul Heltzel, in an article on what trends are heating up and what's cooling off when it comes to IT staffing. "One thing hasn't changed this year: Recruiting top talent is still difficult for most firms, and demand greatly outstrips supply," writes Heltzel. "That's influencing many of the areas we looked at, including compensation and retention. Whether you're looking to expand your team or job searching yourself, read on to see which IT hiring practices are trending and which ones are falling out of favor." What are you seeing companies favoring in the hiring market these days?

Read more of this story at Slashdot.

Samsung Finally Lets You Disable the Bixby Button Without a Third-Party App

Mon, 09/18/2017 - 2:00pm
Samsung has released an update to allow you to disable Bixby on the Galaxy S8, S8+ and Note 8. The only problem is you can only disable the button and can't point it to another app. Android Police reports: As you're probably aware, there are two parts to Bixby -- Bixby Home and Bixby Voice. The main change here is to the Bixby Home shortcut; press the button and Bixby appears. After updating, a toggle is available under the settings gear at the top of Bixby home. Turn it off, and Bixby Home will no longer pop up when you tap the button (there's also a "Bixby Key" menu in the settings). Bixby Voice can be shut off in the settings as well, so the button will become completely inert. What if you want Bixby Home back? If you still have Bixby Voice turned on, pressing and holding the button will trigger Bixby on top of your current screen. You can open full screen mode and access your Bixby settings to turn Bixby Home back on at any time. Okay, but what if you also have Bixby Voice turned off in the Bixby settings? It seems at first like you've locked yourself out of Bixby, which might not be a problem for some people. However, you can access the Bixby settings by going into your main system settings -- Apps -- Bixby Home -- Mobile Data -- View app settings. That opens the Bixby settings without opening Bixby first.

Read more of this story at Slashdot.

Equifax Stock Sales Are the Focus of US Criminal Probe

Mon, 09/18/2017 - 1:20pm
An anonymous reader quotes a report from Bloomberg: The U.S. Justice Department has opened a criminal investigation into whether top officials at Equifax Inc. violated insider trading laws when they sold stock before the company disclosed that it had been hacked, according to people familiar with the investigation. U.S. prosecutors in Atlanta, who the people said are looking into the share sales, said in a statement they are examining the breach and theft of people's personal information in conjunction with the Federal Bureau of Investigation. The Securities and Exchange Commission is working with prosecutors on the investigation into stock sales, according to another person familiar with the matter. Investigators are looking at the stock sales by Equifax's chief financial officer, John Gamble; its president of U.S. information solutions, Joseph Loughran; and its president of workforce solutions, Rodolfo Ploder, said two of the people, who asked not to be named because the probe is confidential. Equifax disclosed earlier this month that it discovered a security breach on July 29. The three executives sold shares worth almost $1.8 million in early August. The company has said the managers didn't know of the breach at the time they sold the shares. Regulatory filings don't show that the transactions were part of pre-scheduled trading plans.

Read more of this story at Slashdot.

Google Offers To Treat Rivals Equally Via Auction

Mon, 09/18/2017 - 12:40pm
Google has offered to display rival comparison shopping sites via an auction, as it aims to stave off further EU antitrust fines, four people familiar with the matter told Reuters. From a report: Google is under pressure to come up with a big initiative to level the playing field in comparison shopping, but its proposal was roundly criticized by competitors as inadequate, the sources said. EU enforcers see the antitrust case as a benchmark for investigations into other areas dominated by the U.S. search giant such as travel and online mapping. Google has already been fined a record 2.4 billion euros ($2.9 bln) by the European Commission for favoring its own service, and could face millions of euros in fresh fines if it fails to treat rivals and its own service equally.

Read more of this story at Slashdot.

Chrome To Force Domains Ending With Dev and Foo To HTTPS Via Preloaded HSTS

Mon, 09/18/2017 - 12:00pm
Developer Mattias Geniar writes (condensed and edited for clarity): One of the next versions of Chrome is going to force all domains ending with .dev and .foo to be redirected to HTTPs via a preloaded HTTP Strict Transport Security (HSTS) header. This very interesting commit just landed in Chromium: Preload HSTS for the .dev gTLD: This adds the following line to Chromium's preload lists: { "name": "dev", "include_subdomains": true, "mode": "force-https" }, { "name": "foo", "include_subdomains": true, "mode": "force-https" }, It forces any domain on the .dev gTLD to be HTTPs. What should we [developers] do? With .dev being an official gTLD, we're most likely better of changing our preferred local development suffix from .dev to something else. There's an excellent proposal to add the .localhost domain as a new standard, which would be more appropriate here. It would mean we no longer have site.dev, but site.localhost. And everything at *.localhost would automatically translate to 127.0.0.1, without /etc/hosts or dnsmasq workarounds.

Read more of this story at Slashdot.

HTML5 DRM Standard Is a Go

Mon, 09/18/2017 - 11:20am
Artem Tashkinov writes: The World Wide Web Consortium (W3C), the industry body that oversees development of HTML and related Web standards, has today published the Encrypted Media Extensions (EME) specification as a Recommendation, marking its final blessing as an official Web standard. Final approval came after the W3C's members voted 58.4 percent to approve the spec, 30.8 percent to oppose, with 10.8 percent abstaining. EME provides a standard interface for DRM protection of media delivered through the browser. EME is not itself a DRM scheme; rather, it defines how Web content can work with third-party Content Decryption Modules (CDMs) that handle the proprietary decryption and rights-management portion. The principal groups favoring the development of EME have been streaming media companies such as Netflix and Microsoft, Google, and Apple, companies that both develop browsers and operate streaming media services. Following the announcement, EFF wrote a letter to W3C director, chief executive officer and team, in which it expressed its disappointment and said it was resignation from the W3C.

Read more of this story at Slashdot.

Flush With Cash: Swiss Toilets Mysteriously Stuffed With 500-Euro Bills

Mon, 09/18/2017 - 10:40am
Someone in the Swiss city of Geneva has been trying to flush tens of thousands of euros down toilets. From a report: The bathrooms at a branch of the UBS bank in Geneva, as well as in three nearby restaurants, had pipes stuffed with 500-euro bills that had apparently been cut up with scissors and flushed down the toilets. The mysterious misplaced funds were first reported by a Swiss newspaper, and local authorities have confirmed the incident to multiple media outlets. Each individual bill is worth nearly $600. Collectively, the destroyed bank notes were worth tens of thousands of dollars. The Geneva Prosecutor's Office tells Bloomberg it has launched an investigation into the bathroom bills. Switzerland is not in the European Union, although it is entirely surrounded by EU member countries, and the nation's currency is the Swiss franc.

Read more of this story at Slashdot.

Microsoft Confirms Outlook Issues

Mon, 09/18/2017 - 10:00am
Microsoft has confirmed that some users of its email service Outlook are unable to send email or access their accounts. From a report: Hundreds from around Europe have commented on the website Downdetector that they have been affected by the problem -- many since Monday morning. One common issue seems to be that sent emails remain in the drafts folder and are not being delivered to recipients. On its website, Microsoft says the service dropped "unexpectedly" and it is working on a fix. Not all account holders are affected. "Intermittent connectivity is affecting customers in some European countries, which we are working to resolve as soon as possible," said a Microsoft representative.

Read more of this story at Slashdot.

Meet the Font Detectives Who Ferret Out Fakery

Mon, 09/18/2017 - 9:20am
New submitter rgh02 writes: Earlier this year, the former prime minister of Pakistan and his family came under scrutiny thanks to revelations in the Panama Papers. The smoking gun in the case of a forged document was none other than a font -- Calibri, which, as it turned out, wasn't even available until after the document had allegedly been signed and dated. This is not the first or the last time typography helped crack a case, and often with help from experts appropriately referred to as the 'font detectives.' At Backchannel, Glenn Fleishman dives into the adventures of the experts ferreting out fakery with their knowledge of fonts and the high-profile cases they've found themselves involved in.

Read more of this story at Slashdot.

Google's New Payment App For India Transfers Money Via Ultrasound

Mon, 09/18/2017 - 8:40am
Pranav Dixit, writing for BuzzFeed News: Google's goal for the brand-new payments app it launched in India on Monday is simple yet ambitious: to get in on the action each time someone sends or receives money in its largest market outside the United States. The app is called Tez -- Hindi for "fast" -- and it lets users do three things: send money to people in their phones' address books, make payments to businesses (both online as well as in real-world mom-and-pop stores), and zap cash to anyone around them -- all without knowing bank account numbers or personal details. Tez is powered by UPI, short for Unified Payments Interface, a Indian government-backed payments standard that lets users transfer money directly into each other's bank accounts using just their mobile numbers, or a bank-issued payment ID that looks like an email address. It works a lot like Venmo does in the US, except that anyone can build their own payments app on top of UPI. Once you hit Pay or Receive, Tez detects other Tez users around you with a proprietary technology called Audio QR based on ultrasound, and pairs with their phones. Once a sender puts in the amount and authenticates with a preset PIN to confirm who they're sending money to, a transaction happens in seconds.

Read more of this story at Slashdot.

Apple Officially Bans Scammy Antivirus Apps From iOS App Store

Mon, 09/18/2017 - 7:20am
Fake "virus scanning" apps have plagued the iOS App Store for a while, and Apple seems to finally be banning them once and for all in updated developer guidelines it published last week. From a report: The updated developer guidelines, compiled by Paul Hudson over at Hacking With Swift, now includes a ban on apps that claim to "including content or services that it does not actually offer" -- something that includes any iOS virus scanning apps, seeing as it wasn't possible to scan for viruses on iOS with third party apps, since iOS's sandboxing prevents applications from directly interacting with each other or the core of the iOS operating system.

Read more of this story at Slashdot.

Can An Individual Still Resist The Spread of Technology?

Sun, 09/17/2017 - 7:34pm
schwit1 shares a column from the Chicago Tribune: When cellphones first appeared, they gave people one more means of communication, which they could accept or reject. But before long, most of us began to feel naked and panicky anytime we left home without one. To do without a cellphone -- and soon, if not already, a smartphone -- means estranging oneself from normal society. We went from "you can have a portable communication device" to "you must have a portable communication device" practically overnight... Today most people are expected to be instantly reachable at all times. These devices have gone from servants to masters... Few of us would be willing to give up modern shelter, food, clothing, medicine, entertainment or transportation. Most of us would say the trade-offs are more than worth it. But they happen whether they are worth it or not, and the individual has little power to resist. Technological innovation is a one-way street. Once you enter it, you are obligated to proceed, even if it leads someplace you would not have chosen to go. The column argues "the iPhone X proves the Unabomber was right," citing this passage from the 1996 manifesto of the anti-technology terrorist. "Once a technical innovation has been introduced, people usually become dependent on it, so that they can never again do without it, unless it is replaced by some still more advanced innovation. Not only do people become dependent as individuals on a new item of technology, but, even more, the system as a whole becomes dependent on it."

Read more of this story at Slashdot.

Kids Praised for Being Smart are More Likely to Cheat

Sun, 09/17/2017 - 5:34pm
An anonymous reader quotes the University of California: An international team of researchers reports that when children are praised for being smart not only are they quicker to give up in the face of obstacles, they are also more likely to be dishonest and cheat. Kids as young as age 3 appear to behave differently when told "You are so smart" vs. "You did very well this time"... The research builds on well-known work by Stanford's Carol Dweck, author of "Mindset," who has shown that praising a child's innate ability instead of the child's effort or a specific behavior has the unintended consequence of reducing their motivation to learn and their ability to deal with setbacks... In another study, published recently in Developmental Science, the same co-authors show that the consequences are similar even when children are not directly praised for their smarts but are merely told that they have a reputation for being smart. Then again, another study found that students also performed better in school if you paid them to get good grades.

Read more of this story at Slashdot.

Typing By Brain Arrives: No Surgery Necessary

Sun, 09/17/2017 - 3:34pm
mirandakatz writes: 2017 has been a coming-out year of sorts for the brain-machine interface. But the main barrier to adoption is the potentially invasive nature of a BMI: Not many people are going to want to get surgery to have a chip implanted in their brains. A New York company may have found a solution to that. It's created a BMI that works just by an armband -- and it works now, not in some far-off future. Steven Levy describes a recent demo by the CEO of CTRL-Labs: After [typing] a few lines of text, he pushes the keyboard away... He resumes typing. Only this time he is typing on...nothing. Just the flat tabletop. Yet the result is the same: The words he taps out appear on the monitor... The text on the screen is being generated not by his fingertips, but rather by the signals his brain is sending to his fingers. The armband is intercepting those signals, interpreting them correctly, and relaying the output to the computer, just as a keyboard would have... CTRL-Labs, which comes with both tech bona fides and an all-star neuroscience advisory board, bypasses the incredibly complicated tangle of connections inside the cranium and dispenses with the necessity of breaking the skin or the skull to insert a chip -- the Big Ask of BMI. Instead, the company is concentrating on the rich set of signals controlling movement that travel through the spinal column, which is the nervous system's low-hanging fruit. Reardon and his colleagues at CTRL-Labs are using these signals as a powerful API between all of our machines and the brain itself.

Read more of this story at Slashdot.

There's a Logic To How Squirrels Bury Their Nuts

Sun, 09/17/2017 - 2:34pm
sandbagger shares an announcement from the University of California: Like trick-or-treaters sorting their Halloween candy haul, fox squirrels apparently organize their stashes of nuts by variety, quality and possibly even preference, according to new UC Berkeley research... Fox squirrels stockpile at least 3,000 to 10,000 nuts a year and, under certain conditions, separate each cache into quasi "subfolders," one for each type of nut, researchers said... Over a two-year period, the research team tracked the caching patterns of 45 male and female fox squirrels as the reddish gray, bushy-tailed rodents buried almonds, pecans, hazelnuts and walnuts in various wooded locations on the UC Berkeley campus... Using hand-held GPS navigators, researchers tracked the squirrels from their starting location to their caching location, then mapped the distribution of nut types and caching locations to detect patterns. They found that the squirrels who foraged at a single location frequently organized their caches by nut species, returning to, say, the almond area, if that was the type of nut they were gathering, and keeping each category of nut that they buried separate. Meanwhile, the squirrels foraging in multiple locations deliberately avoided caching in areas where they had already buried nuts, rather than organizing nuts by type.

Read more of this story at Slashdot.

Linux Foundation President Used MacOS For Presentation at Open Source Summit

Sun, 09/17/2017 - 1:34pm
Slashdot reader mschaffer writes:It appears that Jim Zemlin, President of the Linux Foundation, was using MacOS while declaring "2017 is officially the year of the Linux desktop!" at the Open Source Summit 2017. This was observed by several YouTube channels: Switched to Linux and The Lunduke Show. Finally it was reported by It's FOSS. if, indeed, this is the year of desktop Linux, why oh why cannot people like Zemlin present a simple slide presentation -- let alone actually use a Linux distro for work. A security developer at Google has now "spotted Jim Zemlin using Apple's macOS twice in last four years," according to the article, which complains the Foundation's admirable efforts on cloud/container technology has them neglecting Linux on the desktop. Ironically, in March Zemlin told a cloud conference that organizations that "don't harvest the shared innovation" of open source "will fail."

Read more of this story at Slashdot.