DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Businesses

Intel-Powered Broadband Modems Highly Vulnerable To DoS Attack (dslreports.com) 45

"It's being reported by users from the DSLReports forum that the Puma 6 Intel cable modem variants are highly susceptible to a very low-bandwidth denial-of-service attack," writes Slashdot reader Idisagree. The Register reports: Effectively, if there's someone you don't like, and they are one of thousands upon thousands of people using a Puma 6-powered home gateway, and you know their public IP address, you can kick them off the internet, we're told... According to one engineer...the flaw would be "trivial" to exploit in the wild, and would effectively render a targeted box useless for the duration of the attack... "It can be exploited remotely, and there is no way to mitigate the issue."

This is particularly frustrating for Puma 6 modem owners because the boxes are pitched as gigabit broadband gateways: the devices can be potentially choked and knocked out simply by receiving traffic that's a fraction of the bandwidth their owners are paying for... The Puma 6 chipset is used in a number of ISP-branded cable modems, including some Xfinity boxes supplied by Comcast in the US and the latest Virgin Media hubs in the UK.

The original submission also notes there's already a class action lawsuit over the performance of cable modems with Intel's Puma 6 chipset, and adds "It would appear the Atom chip was never going to live up to the task it was designed for."
Encryption

Encrypted WhatsApp Message Recovered From Westminster Terrorist's Phone (indiatimes.com) 130

Bruce66423 brings word that a terrorist's WhatsApp message has been decrypted "using techniques that 'cannot be disclosed for security reasons', though 'sources said they now have the technical expertise to repeat the process in future.'" The Economic Times reports: U.K. security services have managed to decode the last message sent out by Khalid Masood before he rammed his high-speed car into pedestrians on Westminster Bridge and stabbed to death a police officer at the gates of Parliament on March 22. The access to Masood's message was achieved by what has been described by security sources as a use of "human and technical intelligence"...

The issue of WhatsApp's encrypted service, which is closed to anyone besides the sender and recipient, had come under criticism soon after the attack. "It's completely unacceptable. There should be no place for terrorists to hide. We need to make sure that organisations like WhatsApp, and there are plenty of others like that, don't provide a secret place for terrorists to communicate with each other," U.K. home secretary Amber Rudd had said.

Security sources say the message showed the victim's motive was military action in Muslim countries, while the article adds that though ISIS claimed responsibility for the attack, "no evidence has emerged to back this up."
Input Devices

Computer Pioneer Harry Huskey Dies At Age 101 (bbc.co.uk) 46

Big Hairy Ian quotes the BBC: Engineer Harry Huskey, who helped build many of the first ever computers, has died aged 101. Dr. Huskey was a key member of the team that built the Electronic Numerical Integrator and Computer (ENIAC) which first ran in February 1946. ENIAC is widely considered to be one of the first electronic, general purpose, programmable computers. Dr. Huskey also helped complete work on the Ace -- the Automatic Computing Engine -- designed by Alan Turing.
U.C. Santa Cruz also remembers Huskey's work on the Bendix G-15 in 1954, "a 950-pound predecessor to today's laptops" which is sometimes hailed as the first personal computer (since it didn't require a separate technician to run) -- though each one cost over $50,000. The idea of an "electronic brain" was still so new, it led Huskey to an appearance on Groucho Marx's radio show You Bet Your Life, where Groucho warned him that "They're pretty tricky those machines! I wouldn't trust 'em... They'll turn on your like a mad dog, doctor!"
Businesses

IT Leaders Will Struggle To Meet Future Demands, Study Says (betanews.com) 113

When it comes to meeting future demands, IT leaders in the UK are lagging behind those in Germany and the US. From a report: This is according to a new report by Brocade, entitled Global Digital Transformation Skills Study. The report is based on a survey of 630 IT leaders in the US, UK, France, Germany, Australia and Singapore. It says that organizations are "at a tipping point" -- a point in time when technology demands are just about to outstrip the skills supply. Consequently, those that train their staff now and prepare for the future in that respect are the ones that are setting themselves up for a successful future. Almost three quarters (74 percent) of IT leaders in the UK see IT departments as either "very important" or "critical" to both innovation and the growth of their business. But the same woes reman, as almost two thirds (63 percent) think they'll struggle to find the right people in the next year.
Privacy

'World's Most Secure' Email Service Is Easily Hackable (vice.com) 77

Nomx, a startup that offers an email client by the same name, bills itself as the maker of the "world's most secure email service." The startup goes on to suggest that "everything else is insecure." So it was only a matter of time before someone decided to spend some time on assessing how valid Nomx's claims are. Very misleading, it turns out. From a report on Motherboard: Nomx sells a $199 device that essentially helps you set up your own email server in an attempt to keep your emails away from mail exchange (or MX) -- hence the brand name -- servers, which the company claims to be inherently "vulnerable." Security researcher Scott Helme took apart the device and tried to figure out how it really works. According to his detailed blog post, what he found is that the box is actually just a Raspberry Pi with outdated software on it, and several bugs. So many, in fact, that Helme wrote Nomx's "code is riddled with bad examples of how to do things." The worst issue, Helme explained, is that the Nomx's web application had a vulnerability that allowed anyone to take full control of the device remotely just by tricking someone to visit a malicious website. "I could read emails, send emails, and delete emails. I could even create my own email address," Helme told Motherboard in an online chat. A report on BBC adds: Nomx said the threat posed by the attack detailed by Mr Helme was "non-existent for our users." Following weeks of correspondence with Mr Helme and the BBC Click Team, he said the firm no longer shipped versions that used the Raspberry Pi. Instead, he said, future devices would be built around different chips that would also be able to encrypt messages as they travelled. "The large cloud providers and email providers, like AOL, Yahoo, Gmail, Hotmail - they've already been proven that they are under attack millions of times daily," he said. "Why we invented Nomx was for the security of keeping your data off those large cloud providers. To date, no Nomx accounts have been compromised."
Security

British Cops Will Scan Every Fan's Face At the Champions League Final (vice.com) 89

Using a new facial recognition surveillance system, British police will scan every fan's face at the UEFA Champions League on June 3rd and compare them to a police database of some 500,000 "persons of interest." "According to a government tender issued by South Wales Police, the system will be deployed during the day of the game in Cardiff's main train station, as well as in and around the Principality Stadium situated in the heart of Cardiff's central retail district." From the report: Cameras will potentially be scanning the faces of an estimated 170,000 visitors plus the many more thousands of people in the vicinity of the bustling Saturday evening city center on match day, June 3. Captured images will then be compared in real time to 500,000 custody images stored in the police information and records management system alerting police to any "persons of interest," according to the tender. The security operation will build on previous police use of Automated Facial Recognition, or AFR technology by London's Metropolitan Police during 2016's Notting Hill Carnival.
Earth

Adidas Creates Trainers Made From Plastic Ocean Debris in Bid To End Pollution (telegraph.co.uk) 82

Adidas is building on its previous commitment to turn plastic pollution into high-performance products. Next month, the German sportswear will begin selling three new editions of its popular UltraBoost shoe, all made from plastic debris found in the ocean. From a report: Helping to achieve its goal of creating one million pairs of the Ultra Boost style, Parley for the Oceans will produce trainers made from recycled ocean waste. Made up of 11 reused plastic bottles in each pair, the Ultra Boost' laces, lining and sock lining covers will be made of other recycled products, making for an environmentally-friendly high-performance product.
Bug

Linux 4.11 Delayed For a Week (theregister.co.uk) 48

Linux kernel creator Linus Torvalds said over the weekend that v4.11 version of Linux has hit a speed bump in the form of "NVMe power management that apparently causes problems on some machines." The Register adds: "It's not entirely clear what caused the [NVMe] issue (it wasn't just limited to some NVMe hardware, but also particular platforms), but let's test it." Which sounds like a good idea, given that flash memory on the PCIe bus is increasingly mainstream. That problem and "a couple of really annoying" bugs mean that Torvalds has decided to do an eighth release candidate for Linux 4.11. "I did get fixes for the issues that popped up, so I could have released 4.11 as-is," Torvalds wrote, "but it just doesn't feel right."
Education

Pioneering Researchers Track Sudden Learning 'Epiphanies' (sciencedaily.com) 30

wisebabo quotes Science Daily: Until now, researchers had not had a good way to study how people actually experienced what is called "epiphany learning." In new research, scientists at The Ohio State University used eye-tracking and pupil dilation technology to see what happens as people figured out how to win a strategy game on a computer. "We could see our study participants figuring out the solution through their eye movements as they considered their options," said Ian Krajbich, co-author of the study and assistant professor of psychology and economics at Ohio State. "We could predict they were about to have an epiphany before they even knew it was coming."
The original submission suggests, "This might be useful to determine when you are trying to teach a difficult subject to someone who you're afraid might be inclined to just nod their head. Or maybe this is how the Voight-Kampff test works. (Are you a replicant?)"
Government

WikiLeaks Releases New CIA Secret: Tapping Microphones On Some Samsung TVs (fossbytes.com) 100

FossBytes reports: The whistleblower website Wikileaks has published another set of hacking tools belonging to the American intelligence agency CIA. The latest revelation includes a user guide for CIA's "Weeping Angel" tool... derived from another tool called "Extending" which belongs to UK's intelligence agency MI5/BTSS, according to Wikileaks. Extending takes control of Samsung F Series Smart TV. The highly detailed user guide describes it as an implant "designed to record audio from the built-in microphone and egress or store the data."

According to the user guide, the malware can be deployed on a TV via a USB stick after configuring it on a Linux system. It is possible to transfer the recorded audio files through the USB stick or by setting up a WiFi hotspot near the TV. Also, a Live Liston Tool, running on a Windows OS, can be used to listen to audio exfiltration in real-time. Wikileaks mentioned that the two agencies, CIA and MI5/BTSS made collaborative efforts to create Weeping Angel during their Joint Development Workshops.

United Kingdom

Britain Set For First Coal-Free Day Since Industrial Revolution (theguardian.com) 206

An anonymous reader quotes a report from The Guardian: The UK is set to have its first ever working day without coal power generation since the Industrial Revolution, according to the National Grid. The control room tweeted the predicted milestone on Friday, adding that it is also set to be the first 24-hour coal-free period in Britain. The UK has had shorter coal-free periods in 2016, as gas and renewables such as wind and solar play an increasing role in the power mix. The longest continuous period until now was 19 hours -- first achieved on a weekend last May, and matched on Thursday. Hannah Martin, head of energy at Greenpeace UK, said: "The first day without coal in Britain since the Industrial Revolution marks a watershed in the energy transition. A decade ago, a day without coal would have been unimaginable, and in 10 years' time our energy system will have radically transformed again." Britain became the first country to use coal for electricity when Thomas Edison opened the Holborn Viaduct power station in London in 1882. It was reported in the Observer at the time that "a hundred weight of coal properly used will yield 50 horse power for an hour." And that each horse power "will supply at least a light equivalent to 150 candles."
Transportation

Cycling To Work Can Cut Cancer and Heart Disease (bbc.com) 232

randomErr quotes a report from BBC: Want to live longer? Reduce your risk of cancer? And heart disease? Then cycle to work, say scientists. The five-year study of 250,000 UK commuters also showed walking had some benefits over sitting on public transport or taking the car. Published in the British Medical Journal (BMJ) today, the University of Glasgow study compared those who had an "active" commute with those who were mostly stationary. Overall, 2,430 of those studied died, 3,748 were diagnosed with cancer and 1,110 had heart problems. But, during the course of the study, regular cycling cut the risk of death from any cause by 41%, the incidence of cancer by 45% and heart disease by 46%. The cyclists clocked an average of 30 miles per week, but the further they cycled the greater the health boon. However, the effect was still there even after adjusting the statistics to remove the effects of other potential explanations like smoking, diet or how heavy people are.
Ubuntu

Ubuntu Is Switching to Wayland (omgubuntu.co.uk) 227

An anonymous reader shares a report: Ubuntu is to ship Wayland in place of X.Org Server by default. Mir, Canonical's home-spun alternative to Wayland, had been billed as the future of Ubuntu's convergence play. But both Unity 8 the convergence dream was recently put out to pasture, meaning this decision was widely expected. It's highly likely that the traditional X.Org Server will, as on Fedora, be included on the disc and accessible from whichever login screen Ubuntu devs opt to use in ubuntu 17.10 onwards. This session will be useful for users whose system experience issues running on Wayland, or who need features and driver support that is only present in the legacy X.Org server session.
Electronic Frontier Foundation

Troll With 'Stupid Patent' Sues EFF. EFF Sues Them Back (arstechnica.com) 68

"The Electronic Frontier Foundation has sued an Australian company that it previously dubbed as a 'classic patent troll' in a June 2016 blog post entitled: Stupid Patent of the Month: Storage Cabinets on a Computer." An anonymous reader quotes Ars Technica: Last year, that company, Global Equity Management (SA) Pty. Ltd. (GEMSA), managed to get an Australian court to order EFF to remove its post -- but EFF did not comply. In January 2017, Pasha Mehr, an attorney representing GEMSA, further demanded that the article be removed and that EFF pay $750,000. EFF still did not comply. The new lawsuit, filed in federal court in San Francisco on Wednesday, asks that the American court declare the Australian ruling unenforceable in the U.S.
GEMSA's attorneys reportedly threatened to have the EFF's post de-indexed from search engine listings -- on the basis of the Australian court order -- so now the EFF "seeks a court order declaring the Australian injunction 'repugnant' to the U.S. Constitution and unenforceable in the United States."

The Register reports that GEMSA has already sued 37 companies, "including big-name tech companies Airbnb, Uber, Netflix, Spotify, and eBay. In each case, GEMSA accused the company's website design of somehow trampling on the GUI patent without permission." But things were different after the EFF's article, according to Courthouse News. "GEMSA said the article made it harder to enforce its patents in the United States, citing its legal opponents' 'reduced interest in pursuing pre-trial settlement negotiations.'"
Cellphones

Children As Young As 13 Attending 'Smartphone Rehab' As Concerns Grow Over Screen Time (independent.co.uk) 152

An anonymous reader quotes a report from The Independent: Children refusing to put down their phones is a common flashpoint in many homes, with a third of British children aged 12 to 15 admitting they do not have a good balance between screen time and other activities. But in the U.S., the problem has become so severe for some families that children as young as 13 are being treated for digital technology addiction. One "smartphone rehab" center near Seattle has started offering residential "intensive recovery programs" for teenagers who have trouble controlling their use of electronic devices. The Restart Life Center says parents have been asking it to offer courses of treatment to their children for more than eight years. Hilarie Cash, the Center's founder, told Sky News smartphones, tablets and other mobile devices can be so stimulating and entertaining that they "override all those natural instincts that children actually have for movement and exploration and social interaction."
Privacy

Virgin Media Starts Turning Customer Routers Into Public Wi-Fi Hotspots (arstechnica.co.uk) 149

UK ISP Virgin Media is expanding its public Wi-Fi network by co-opting customers' home routers as hotspots. Only the most recent router design (the SuperHub v3) will be recruited at first, and customers can opt-out from the program if they wish. Virgin says the change will have "no impact on customers" because affected homes will be allocated extra bandwidth. ArsTechnica offers more context: A little background: a couple of years ago, Virgin Media started trialling a public Wi-Fi service very similar to "BT Wi-Fi with FON," where residential BT customers have their routers turned into hotspots. For some reason the broad rollout of Virgin's service was delayed until now. There are some curious differences between BT and Virgin Media's approach, though. For starters, it seems only Virgin Media customers will have access to this nationwide Wi-Fi network; BT grants free access to BT customers, but non-customers can pay for access ($5 per hour). The owner of that subverted hotspot doesn't get any of the money, of course. Furthermore, while BT customers must share their ADSL or VDSL bandwidth with any public Wi-Fi users, Virgin Media promises that "your home network is completely separate from Virgin Media WiFi traffic, meaning the broadband connection you pay for is exclusively yours, and just as secure."
Government

No More IP Addresses For Countries That Shut Down Internet Access (theregister.co.uk) 141

Governments that cut off internet access to their citizens could find themselves refused new IP addresses under a proposal put forward by one of the five global IP allocation organizations. From a report: The suggested clampdown will be considered at the next meeting of internet registry Afrinic in Botswana in June: Afrinic is in charge of managing and allocating IP address blocks across Africa. Under the proposal, a new section would be added to Afrinic's official rules that would allow the organization to refuse to hand over any new IP address to a country for 12 months if it is found to have ordered an internet shutdown. The ban would cover all government-owned entities and others that have a "direct provable relationship with said government." It would also cover any transfer of address space to those entities from others. That withdrawal of services would escalate if the country continued to pull the plug on internet access. Under the proposal: "In the event of a government performing three or more such shutdowns in a period of 10 years -- all resources to the aforementioned entities shall be revoked and no allocations to said entities shall occur for a period of 5 years."
Ubuntu

Dozens Of Canonical Employees Resign As Ubuntu Switches To GNOME, Shuttleworth Returns As CEO (theregister.co.uk) 191

Alexander J Martin, reporting for The Register: More than 80 Canonical workers are facing the axe as founder Mark Shuttleworth has taken back the role of chief executive officer. The number, revealed today by The Reg, comes as Shuttleworth assumed the position from CEO of eight years Jane Silber, previously chief operating officer. The Reg has learned 31 or more staffers have already left the Ubuntu Linux maker ahead of Shuttleworth's rise, with at least 26 others now on formal notice and uncertainty surrounding the remainder. One individual has resigned while others, particularly in parts of the world with more stringent labour laws (such as the UK), are being left in the dark. The details come after The Reg revealed plans for the cuts as a commercial get-fit programme instituted by Shuttleworth. The Canonical founder is cutting numbers after an external assessment of his company by potential new financial backers found overstaffing and that projects lacked focus.
Cellphones

Scientists Prove Your Phone's PIN Can Be Stolen Using Its Gyroscope Data (digitaltrends.com) 61

A team of scientists at Newcastle University in the UK managed to reveal a user's phone PIN code using its gyroscope data. "In one test, the team cracked a passcode with 70 percent accuracy," reports Digital Trends. "By the fifth attempt, the accuracy had gone up to 100 percent." From the report: It takes a lot of data, to be sure. The Guardian notes users had to type 50 known PINs five times before the researchers' algorithm learned how they held a phone when typing each particular number. But it highlights the danger of malicious apps that gain access to a device's sensors without requesting permission. The risk extends beyond PIN codes. In total, the team identified 25 different smartphone sensors which could expose compromising user information. Worse still, only a small number -- such as the camera and GPS -- ask the user's permission before granting access to that data. It's precise enough to track behavior. Using an "orientation" and "emotion trace" data, the researchers were able to determine what part of a web page a user was clicking on and what they were typing. The paper has been published in International Journal of Information Security.
Hardware

'Drawable' Electronic Circuit Technology Creates Radical Possibilities For Flexible Gadgets (ibtimes.co.uk) 43

drunkdrone quotes a report from International Business Times: Who said pen and paper was dead? German scientists have developed a new type of ink that allows fully-functioning electronic circuits to be "written" directly onto a surface from a pen. The technology could provide an inexpensive means of manufacturing printed circuits suitable for flexible smartphones, tablets and other radical gadget designs. The circuits are ready to be used as soon as the ink dries and requires no additional processing, claim researchers from the Leibniz Institute for New Materials (INM). Printed electronics are usually created through a process called "sintering," whereby powdered metals are heated to form conductive electric circuits. Sintering is used to remove organic materials and fuse metal components in electronic inks, but because of the heat involved it can damage materials that are sensitive to high temperatures -- for example paper and certain types of plastic. The new hybrid inks remove the need for sintering altogether, allowing the electronics to quite literally be drawn on to the material. The report notes that the hybrid inks are "made of gold and silver particles coated with conductive polymers," which, among other things, allows the circuits to be bent without losing electrical conductivity. The researchers will demonstrate their findings at this year's Hannover Messe industrial fair on April 24-26.

Slashdot Top Deals