An anonymous reader writes: "An anonymous security researcher has published details on a vulnerability named "Antbleed," which the author claims is a remote backdoor affecting Bitcoin mining equipment sold by Bitmain, the largest vendor of crypto-currency mining hardware on the market," reports Bleeping Computer. The backdoor code works by reporting mining equipment details to Bitmain servers, who can reply by instructing the customer's equipment to shut down. Supposedly introduced as a crude DRM to control illegal equipment, the company forgot to tell anyone about it, and even ignored a user who reported it last fall. One of the Bitcoin Core developers claims that if such command would ever be sent, it could potentially brick the customer's device for good. Bitmain is today's most popular seller of Bitcoin mining hardware, and its products account for 70% of the entire Bitcoin mining market. If someone hijack's the domain where this backdoor reports, he could be in the position to shut down Bitcoin mining operations all over the world, which are nothing more than the computations that verify Bitcoin transactions, effectively shutting down the entire Bitcoin ecosystem. Fortunately, there's a way to mitigate the backdoor's actions using local hosts files.
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
According to Reuters, "Tesla executive Klaus Grohmann was ousted last month after a clash with CEO Elon Musk over the strategy of Grohmann's firm, which Tesla had acquired in November." Grohmann Engineer's automation and engineering expertise is being relied upon by Tesla to help it increase production to 500,000 cars per year by 2018. From the report: Tesla planned to keep Grohmann on, and Grohmann wanted to stay, but the clash with Musk over how to treat existing clients resulted in his departure, the source said. Grohmann disagreed with Musk's demands to focus management attention on Tesla projects to the detriment of Grohmann Engineering's legacy clients, which included Tesla's direct German-based rivals Daimler and BMW, two sources familiar with the matter said. "I definitely did not depart because I had lost interest in working," Grohmann said, without elaborating. A Tesla spokesman, asked about Grohmann's departure, praised him for building an "incredible company" and said: "Part of Mr Grohmann's decision to work with Tesla was to prepare for his retirement and leave the company in capable hands for the future. Given the change in focus to Tesla projects, we mutually decided that it was the right time for the next generation of management to lead."
COBOL is a programming language invented by Hopper from 1959 to 1961, and while it is several decades old, it's still largely used by the financial sector, major corporations and part of the federal government. Mar Masson Maack from The Next Web interviews Daniel Doderlein, CEO of Auka, who explains why banks don't have to actively kill COBOL and how they can modernize and "minimize the new platforms' connections to the old systems so that COBOL can be switched out in a safe and cheap manner." From the report: According to [Doderlein], COBOL-based systems still function properly but they're faced with a more human problem: "This extremely critical part of the economic infrastructure of the planet is run on a very old piece of technology -- which in itself is fine -- if it weren't for the fact that the people servicing that technology are a dying race." And Doderlein literally means dying. Despite the fact that three trillion dollars run through COBOL systems every single day they are mostly maintained by retired programming veterans. There are almost no new COBOL programmers available so as retirees start passing away, then so does the maintenance for software written in the ancient programming language. Doderlein says that banks have three options when it comes to deciding how to deal with this emerging crisis. First off, they can simply ignore the problem and hope for the best. Software written in COBOL is still good for some functions, but ignoring the problem won't fix how impractical it is for making new consumer-centric products. Option number two is replacing everything, creating completely new core banking platforms written in more recent programming languages. The downside is that it can cost hundreds of millions and it's highly risky changing the entire system all at once. The third option, however, is the cheapest and probably easiest. Instead of trying to completely revamp the entire system, Doderlein suggests that banks take a closer look at the current consumer problems. Basically, Doderlein suggests making light-weight add-ons in more current programming languages that only rely on COBOL for the core feature of the old systems.
An anonymous reader quotes a report from Recode: The company has recently held discussions with payments industry partners about introducing its own Venmo competitor, according to multiple sources familiar with the talks. The service would allow iPhone owners to send money digitally to other iPhone owners, these people said. One source familiar with the plans told Recode they expect the company to announce the new service later this year. Another cautioned that an announcement and launch date may not yet be set. The new Apple product would compete with offerings from big U.S. banks as well as PayPal, its millennial-popular subsidiary Venmo, as well as Square Cash in the increasingly competitive world of digital money-transfers. Apple has also recently held discussions with Visa about creating its own pre-paid cards that would run on the Visa debit network and which would be tied to the new peer-to-peer service, sources told Recode. People would be able to use the Apple cards to spend money sent to them through the new service, without having to wait for it to clear to their bank account.
randomErr writes: David Foster, who joined Alphabet Inc.'s Google in October as part of its aggressive hardware effort, has left the company. As the vice president of hardware product development he worked on the launch of the Pixel smartphone and Home speaker. Both of which are competitors to the Amazon Echo, Foster's previous employer. Google will not comment on why he is leaving.
Reader Krystalo writes: Google today announced the second step in its plan to mark all HTTP sites as non-secure in Chrome. Starting in October 2017, Chrome will mark HTTP sites with entered data and HTTP sites in Incognito mode as non-secure. With the release of Chrome 56 in January 2017, Google's browser started marking HTTP pages that collect passwords or credit cards as "Not Secure" in the address bar. Since then, Google has seen a 23 percent reduction in the fraction of navigations to HTTP pages with password or credit card forms on Chrome for desktop. Chrome 62 (we're currently on Chrome 58) will take this to the next level.
Facebook is pressing its enforcement against what it calls "information operations" -- bad actors who use the platform to spread fake news and false propaganda. From a report: The company, which published a report on the subject today, defines these operations as government-led campaigns -- or those from organized "non-state actors" -- to promote lies, sow confusion and chaos among opposing political groups, and destabilize movements in other countries. The goal of these operations, the report says, is to manipulate public opinion and serve geopolitical ends. The actions go beyond the posting of fake news stories. The 13-page report specifies that fake news can be motivated by a number of incentives, but that it becomes part of a larger information operation when its coupled with other tactics and end goals. Facebook says these include friend requests sent under false names to glean more information about the personal networks of spying targets and hacking targets, the boosting of false or misleading stories through mass "liking" campaigns, and the creation propaganda groups. The company defines these actions as "targeted data collection," "false amplification," and "content creation." Facebook plans to target these accounts by monitoring for suspicious activity, like bursts of automated actions on the site, to enact mass banning of accounts.
Employees of Facebook and Google were the victims of an elaborate $100 million phishing attack, according to a new report on Fortune, which further adds that the employees were tricked into sending money to overseas bank accounts. From the report: In 2013, a 40-something Lithuanian named Evaldas Rimasauskas allegedly hatched an elaborate scheme to defraud U.S. tech companies. According to the Justice Department, he forged email addresses, invoices, and corporate stamps in order to impersonate a large Asian-based manufacturer with whom the tech firms regularly did business. The point was to trick companies into paying for computer supplies. The scheme worked. Over a two-year span, the corporate imposter convinced accounting departments at the two tech companies to make transfers worth tens of millions of dollars. By the time the firms figured out what was going on, Rimasauskas had coaxed out over $100 million in payments, which he promptly stashed in bank accounts across Eastern Europe. Fortune adds that the investigation raises questions about why the companies have so far kept silence and whether -- as a former head of the Securities and Exchange Commission observes -- it triggers an obligation to tell investors about what happened.
Paul Allen, a founder of Microsoft has pledged $30 million to house Seattle's homeless. From a report: Seattle Mayor Ed Murray said Wednesday the city was partnering with Paul G. Allen's family foundation to build a facility to house homeless families with children. Allen's foundation will provide $30 million toward the development of the facility, while the city of Seattle has pledged $5 million for its maintenance and operation. It will be owned and operated by Mercy Housing Northwest, a nonprofit housing organization. Seattle is in King County, which has 1,684 families that are homeless, according to the mayor's announcement. More than 3,000 homeless children were enrolled in Seattle's public schools during the 2015-2016 year, it said.
Bruce66423 quotes a report from The Guardian: Born at the turn of the past century, Maria Felix is old enough to remember the Mexican Revolution -- but too old to get the bank card needed to collect her monthly 1,200 pesos ($63) welfare payment. Felix turns 117 in July, according to her birth certificate, which local authorities recognize as authentic. She went three months without state support for poor elderly Mexicans after she was turned away from a branch of Citibanamex in the city of Guadalajara for being too old, said Miguel Castro, development secretary for the state of Jalisco. Welfare beneficiaries now need individual bank accounts because of new transparency rules, Castro said. "They told me the limit was 110 years," Felix said with a smile in the plant-filled courtyard of her small house in Guadalajara. In an emailed statement, Citibanamex, a unit of Citigroup Inc, said Felix's age exceeded the "calibration limits" of its system and it was working to get her the bank card as soon as possible. It said it was adjusting its systems to avoid a repeat of the situation.
theodp writes: The Mercury News reports on REACH, a new software apprenticeship program that LinkedIn's engineering team started piloting this month, which offers people without Computer Science degrees an opportunity to get a foot in the door, as Microsoft-owned LinkedIn searches for ways to help diversify its workforce. For now, the 29 REACH participants are paid, but are only short-term LinkedIn employees (for the duration of the 6-month program). LinkedIn indicated it hopes to learn if tech internships could eventually be made part of the regular hiring process, perhaps unaware that no-CS-degree-required hiring for entry-level permanent positions in software development was standard practice in the 70's and 80's, back when women made up almost 40% of those working as programmers and in software-related fields, nearly double the percentage of women in LinkedIn's global 2016 tech workforce. Hey, even in tech hiring, everything old is new again!
ESA's Pal Hvistendahl has confirmed via Bloomberg that Chinese and European space agencies are talking with one another about plans to build a base on the moon. The discussions "involve working together to build a human-occupied 'moon village' from which both agencies can potentially launch Mars missions, conduct research, and possibly explore commercial mining and tourism projects," reports TechCrunch. From the report: China's upcoming projects in space include a mission to collect samples from the moon via an uncrewed craft by the end of this year, and to also launch an exploratory mission to the far side of the moon next year, with the similar aim of returning samples for study. The ESA's collaboration with China thus far include participating in the study of those returned samples, and potentially sending a European astronaut to the Chinese space station (which is currently unoccupied) at some future date.
An anonymous reader writes: "A group calling itself XMR Squad has spent all last week launching DDoS attacks against German businesses and then contacting the same companies to inform them they had to pay $275 for 'testing their DDoS protection systems,' reports Bleeping Computer. Attacks were reported against DHL, Hermes, AldiTalk, Freenet, Snipes.com, the State Bureau of Investigation Lower Saxony, and the website of the state of North Rhine-Westphalia. The attack against DHL Germany was particularly effective as it shut down the company's business customer portal and all APIs, prompting eBay Germany to issue an alert regarding possible issues with packages sent via DHL. While the group advertised on Twitter that their location was in Russia, a German reporter who spoke with the group via telephone said "the caller had a slight accent, but spoke perfect German." Following the attention they got in Germany after the attacks, the group had its website and Twitter account taken down. Many mocked the group for failing to extract any payments from their targets. DDoS extortionists have been particularly active in Germany, among any other countries. Previously, groups named Stealth Ravens and Kadyrovtsy have also extorted German companies, using the same tactics perfected by groups like DD4BC and Armada Collective.
adeelarshad82 writes from a report via The Week: The prospect of cities becoming sentient is "fast becoming the new reality," according to one paper. Take Tel Aviv for example, where everyone over the age of 13 can receive personalized data, such as traffic information, and can access free municipal Wi-Fi in 80 public zones. But in a future where robots sound and objects look increasingly sentient, we might be less inclined to seek out behaviors to abate our loneliness. Indeed, one recent study titled "Products as pals" finds that exposure to or interaction with anthropomorphic products -- which have characteristics of being alive -- partially satisfy our social needs, which means the human-like robots of tomorrow could kill our dwindling urge to be around other humans.
New submitter DuroSoft writes: For myself and the vast majority of people I have talked to, this is the case. Any attempts we make to estimate the amount of time software development tasks will take inevitably end in folly. Do you find you can make accurate estimates, or is it really the case, as the author, DuroSoft Technologies' CTO/Co-CEO Sam Johnson, suggests via Hacker Noon, that "writing and maintaining code can be seen as a fundamentally chaotic activity, subject to sudden, unpredictable gotchas that take up an inordinate amount of time" and that therefore attempting to make predictions in the first place is itself a waste of our valuable time?
Using a new facial recognition surveillance system, British police will scan every fan's face at the UEFA Champions League on June 3rd and compare them to a police database of some 500,000 "persons of interest." "According to a government tender issued by South Wales Police, the system will be deployed during the day of the game in Cardiff's main train station, as well as in and around the Principality Stadium situated in the heart of Cardiff's central retail district." From the report: Cameras will potentially be scanning the faces of an estimated 170,000 visitors plus the many more thousands of people in the vicinity of the bustling Saturday evening city center on match day, June 3. Captured images will then be compared in real time to 500,000 custody images stored in the police information and records management system alerting police to any "persons of interest," according to the tender. The security operation will build on previous police use of Automated Facial Recognition, or AFR technology by London's Metropolitan Police during 2016's Notting Hill Carnival.
New submitter happyfeet2000 quotes a report from TorrentFreak: Broad pirate sites blockades are disproportional, Mexico's Supreme Court of Justice has ruled. The government can't order ISPs to block websites that link to copyright-infringing material because that would also restrict access to legitimate content and violate the public's freedom of expression. The ruling is a win for local ISP Alestra, which successfully protested the government's blocking efforts. Alestra was ordered to block access to the website mymusiic.com by the government's Mexican Institute of Industrial Property (IMPI). The website targeted a Mexican audience and offered music downloads, some of which were shared without permission. "The ISP was not pleased with the order and appealed it in court," reports TorrentFreak. "Among other things, the defense argued that the order was too broad, as it also restricted access to music that might not be infringing." The Supreme Court of Justice of the Nation heard the case and ruled that the government's order is indeed disproportional.
An anonymous reader quotes a report from The Verge: The Federal Communications Commission is cracking open the net neutrality debate again with a proposal to undo the 2015 rules that implemented net neutrality with Title II classification. FCC chairman Ajit Pai called the rules "heavy handed" and said their implementation was "all about politics." He argued that they hurt investment and said that small internet providers don't have "the means or the margins" to withstand the regulatory onslaught. "Earlier today I shared with my fellow commissioners a proposal to reverse the mistake of Title II and return to the light touch framework that served us so well during the Clinton administration, Bush administration, and first six years of the Obama administration," Pai said today. His proposal will do three things: first, it'll reclassify internet providers as Title I information services; second, it'll prevent the FCC from adapting any net neutrality rules to practices that internet providers haven't thought up yet; and third, it'll open questions about what to do with several key net neutrality rules -- like no blocking or throttling of apps and websites -- that were implemented in 2015. Pai will publish the full text of his proposal tomorrow, and it will be voted on by the FCC on May 18th.
General Electric said on Wednesday it is fixing a bug in software used to control the flow of electricity in a utility's power systems after researchers found that hackers could shut down parts of an electric grid. From a report: The vulnerability could enable attackers to gain remote control of GE protection relays, enabling them to "disconnect sectors of the power grid at will," according to an abstract posted late last week on the Black Hat security conference website. Protection relays are circuit breakers that utilities program to open and halt power transmission when dangerous conditions surface.
Two weeks after Microsoft started rolling out Windows 10 Creators Update, the company has asked the users to avoid manually installing the major update. A report adds: But why? Because the update is causing problems for users. The first phase of the rollout targeted newer devices -- those most likely to be able to run the OS update with the minimum of problems -- and Microsoft is using the feedback from that first batch of updated systems to decide when to begin the next phase of the rollout. "For example, our feedback process identified a Bluetooth accessory connectivity issue with PCs that use a specific series of Broadcom radios," an executive said.