Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
United States

America Uses Stealthy Submarines To Hack Other Countries' Systems (washingtonpost.com) 39

When the Republican presidential nominee Donald Trump asked Russia -- wittingly or otherwise -- to launch hack attacks to find Hillary Clinton's missing emails, it caused a stir of commotion. Russia is allegedly behind DNC's leaked emails. But The Washington Post is reminding us that U.S.'s efforts in the cyber-security world aren't much different. (could be paywalled; same article syndicated elsewhere From the report: The U.S. approach to this digital battleground is pretty advanced. For example: Did you know that the military uses its submarines as underwater hacking platforms? In fact, subs represent an important component of America's cyber strategy. They act defensively to protect themselves and the country from digital attack, but -- more interestingly -- they also have a role to play in carrying out cyberattacks, according to two U.S. Navy officials at a recent Washington conference. "There is a -- an offensive capability that we are, that we prize very highly," said Rear Adm. Michael Jabaley, the U.S. Navy's program executive officer for submarines. "And this is where I really can't talk about much, but suffice to say we have submarines out there on the front lines that are very involved, at the highest technical level, doing exactly the kind of things that you would want them to do."

The so-called "silent service" has a long history of using information technology to gain an edge on America's rivals. In the 1970s, the U.S. government instructed its submarines to tap undersea communications cables off the Russian coast, recording the messages being relayed back and forth between Soviet forces. (The National Security Agency has continued that tradition, monitoring underwater fiber cables as part of its globe-spanning intelligence-gathering apparatus. In some cases, the government has struck closed-door deals with the cable operators ensuring that U.S. spies can gain secure access to the information traveling over those pipes.) These days, some U.S. subs come equipped with sophisticated antennas that can be used to intercept and manipulate other people's communications traffic, particularly on weak or unencrypted networks. "We've gone where our targets have gone" -- that is to say, online, said Stewart Baker, the National Security Agency's former general counsel, in an interview. "Only the most security-conscious now are completely cut off from the Internet." Cyberattacks are also much easier to carry out than to defend against, he said.

Security

Famed Security Researcher 'Mudge' Creates New Algorithm For Measuring Code Security (theintercept.com) 31

Peiter "Mudge" Zatko and his wife, Sarah, a former NSA mathematician, have started a nonprofit in the basement of their home "for testing and scoring the security of software... He says vendors are going to hate it." Slashdot reader mspohr shares an article from The Intercept: "Things like address space layout randomization [ASLR] and having a nonexecutable stack and heap and stuff like that, those are all determined by how you compiled [the source code]," says Sarah. "Those are the technologies that are really the equivalent of airbags or anti-lock brakes [in cars]..." The lab's initial research has found that Microsoft's Office suite for OS X, for example, is missing fundamental security settings because the company is using a decade-old development environment to build it, despite using a modern and secure one to build its own operating system, Mudge says. Industrial control system software, used in critical infrastructure environments like power plants and water treatment facilities, is also primarily compiled on "ancient compilers" that either don't have modern protective measures or don't have them turned on by default...

The process they use to evaluate software allows them to easily compare and contrast similar programs. Looking at three browsers, for example -- Chrome, Safari, and Firefox -- Chrome came out on top, with Firefox on the bottom. Google's Chrome developers not only used a modern build environment and enabled all the default security settings they could, Mudge says, they went "above and beyond in making things even more robust." Firefox, by contrast, "had turned off [ASLR], one of the fundamental safety features in their compilation."

The nonprofit was funded with $600,000 in funding from DARPA, the Ford Foundation, and Consumers Union, and also looks at the number of external libraries called, the number of branches in a program and the presence of high-complexity algorithms.
The Gimp

After New GIMP Release, Core Developer Discusses Future of GIMP and GEGL (girinstud.io) 50

GIMP 2.9.4 was released earlier this month, featuring "symmetry painting" and the ability to remove holes when selecting a region, as well as improvements to many of its other graphics-editing tools. But today core developer Jehan Pages discussed the vision for GIMP's future, writing that the Generic Graphics (GEGL) programming library "is a hell of a cool project and I think it could be the future of Free and Open Source image processing": I want to imagine a future where most big graphics programs integrate GEGL, where Blender for instance would have GEGL as the new implementation of nodes, with image processing graphs which can be exchanged between programs, where darktable would share buffers with GIMP so that images can be edited in one program and updated in real time in the other, and so on. Well of course the short/mid-term improvements will be non-destructive editing with live preview on high bit depth images, and that's already awesomely cool right...?

[C]ontributing to Free Software is not just adding any random feature, that's also about discussing, discovering others' workflow, comparing, sometimes even compromising or realizing that our ideas are not always perfect. This is part of the process and actually a pretty good mental builder. In any case we will work hard for a better GIMP

Robotics

Open Source Gardening Robot 'FarmBot' Raises $560,000 59

Slashdot reader Paul Fernhout writes: FarmBot is an open-source gantry-crane-style outdoor robot for tending a garden bed. The project is crowdfunding a first production run and has raised US$561,486 of their US$100,000 goal -- with one day left to go... The onboard control system is based around a Raspberry Pi 3 computer and an Arduino Mega 2560 Microcontroller. Many of the parts are 3D printable.
Two years ago Slashdot covered the genesis of this project, describing its goal as simply "to increase food production by automating as much of it as possible."
United States

Google Wi-Fi Kiosks in New York Promise No Privacy, 'Can Collect Anything' (observer.com) 53

Here's the thing about those wi-fi kiosks replacing New York City's public payphones. They're owned by Google/Alphabet company Sidewalk Labs, they're covered with ads, and if you read the privacy policy on its web site, "it's not that one." An anonymous Slashdot reader quotes an article from the Observer: Columbia professor Benjamin Read got a big laugh at this weekend's Hackers on Planet Earth XI conference in Manhattan when he pointed out that the privacy policy on LinkNYC's website only applies to the website itself, not to the actual network of kiosks.
The web page points out that it has two separate privacy policies in an easily-missed section near the top, and for their real-world kiosks, "They essentially have a privacy policy that says, 'we can collect anything and do anything' and that sets the outer bound'," says New York Civil Liberties Union attorney Mariko Hirose.

The Observer reports that the policy "promises not to use facial recognition... however, nothing stops the company from retracting that guarantee. In fact, Hirose said that she's been told by the company that the kiosk's cameras haven't even been turned on yet, but it is also under no obligation to tell the public when the cameras go live." The article concludes that in general the public's sole line of defense is popular outrage, and that privacy policies "have been constructed primarily to guard companies against liability and discourage users from reading closely."
Crime

Cisco Finds $34 Million Ransomware Industry (networkworld.com) 15

Ransomware is "generating huge profits," says Cisco. Slashdot reader coondoggie shares this report from Network World: Enterprise-targeting cyber enemies are deploying vast amounts of potent ransomware to generate revenue and huge profits -- nearly $34 million annually, according to Cisco's Mid-Year Cybersecurity Report out this week. Ransomware, Cisco wrote, has become a particularly effective moneymaker, and enterprise users appear to be the preferred target.
Many of the victims were slow to patch their systems, according to the article. One study of Cisco devices running on fundamental infrastructure discovered that 23% had vulnerabilities dating back to 2011, and 16% even had vulnerabilities dating back to 2009. Popular attack vectors included vulnerabilities in JBoss and Adobe Flash, which was responsible for 80% of the successful attacks for one exploit kit. The article also reports that attackers are now hiding their activities better using HTTPS and TLS, with some even using a variant of Tor.
United States

The Chip Card Transition In the US Has Been a Disaster (qz.com) 496

Ian Kar, writing for Quartz: Over the last year or so in the U.S., a lot of the plastic credit cards we carry around every day have been replaced by new one with chips embedded in them. The chips are supposed to make your credit and debit cards more secure -- a good thing! -- but there's one little secret no one wants to admit: The U.S.'s transition to chip cards has been an utter disaster. They're confusing to use, painstakingly slow, less secure than the alternatives, and aren't even the best solution for consumers. If you've shopped in a store and used a credit card, you've noticed the change. Retailers have likely asked you to insert the chip into the card reader, instead of swiping. But reading the chip seems to take much longer than just swiping. And on top of that, even though many retailers now have chip reading machines, some of them ask us just the opposite -- they say not to insert the card, and just swipe. It seems like there's no rhyme or reason to the whole thing.
Security

Bruce Schneier: Our Election Systems Must Be Secured If We Want To Stop Foreign Hackers (schneier.com) 176

Okian Warrior writes: Bruce Schneier notes that state actors are hacking our political system computers, intending to influence the results. For example, U.S. intelligence agencies have concluded that Russia was behind the release of DNC emails before the party convention, and WikiLeaks is promising more leaked dirt on Hillary Clinton. He points out, quite rightly, that the U.S. needs to secure its electronic voting machines, and we need to do it in a hurry lest outside interests hack the results. From the article: "Over the years, more and more states have moved to electronic voting machines and have flirted with internet voting. These systems are insecure and vulnerable to attack. But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified. We no longer have time for that. We must ignore the machine manufacturers' spurious claims of security, create tiger teams to test the machines' and systems' resistance to attack, drastically increase their cyber-defenses and take them offline if we can't guarantee their security online."
Earth

World's Largest Solar Power Plant Planned For Chernobyl Nuclear Wasteland (electrek.co) 126

An anonymous reader writes from a report via Electrek: Chernobyl, the world's most famous and hazardous nuclear meltdown, is being considered for the world's largest solar power plant. Even though nearly 1,600 square miles of land around Chernobyl has radiation levels too high for human health, Ukraine's ecology minister has said in a recent interview that two U.S. investment firms and four Canadian energy companies have expressed interest in Chernobyl's solar potential. Electrek reports: "According to PVTech, the Ukrainian government is pushing for a 6 month construction cycle. Deploying this amount of solar power within such a time frame would involve significant resources being deployed. The proposed 1GW solar plant, if built today, would be the world's largest. There are several plans for 1GW solar plants in development (Egypt, India, UAE, China, etc) -- but none of them have been completed yet. One financial benefit of the site is that transmission lines for Chernobyl's 4GW nuclear reactor are still in place. The European Bank for Reconstruction and Development has stated they would be interested in participating in the project, 'so long as there are viable investment proposals and all other environmental matters and risks can be addressed to the bank's satisfaction.'"
NASA

Class of Large But Very Dim Galaxies Discovered (nature.com) 87

schwit1 writes from a report via Nature: Astronomers have now detected and measured a new class of large but very dim galaxy that previously was not expected to exist. Nature reports: "'[Ultradiffuse]' galaxies came to attention only last year, after Pieter van Dokkum of Yale University in New Haven, Connecticut, and Roberto Abraham of the University of Toronto in Canada built an array of sensitive telephoto lenses named Dragonfly. The astronomers and their colleagues observed the Coma galaxy cluster 101 megaparsecs (330 million light years) away and detected 47 faint smudges. 'They can't be real,' van Dokkum recalls thinking when he first saw the galaxies on his laptop computer. But their distribution in space matched that of the cluster's other galaxies, indicating that they were true members. Since then, hundreds more of these galaxies have turned up in the Coma cluster and elsewhere. Ultradiffuse galaxies are large like the Milky Way -- which is much bigger than most -- but they glow as dimly as mere dwarf galaxies. It's as though a city as big as London emitted as little light as Kalamazoo, Michigan." More significantly, they have now found that these dim galaxies can be as big and as massive as the biggest bright galaxies, suggesting that there are a lot more stars and mass hidden out there and unseen than anyone had previously predicted.
Power

A Look Inside Tesla's $5 Billion Gigafactory (cnet.com) 54

An anonymous reader quotes a report from CNET: A joint effort between Tesla and Panasonic, the Gigafactory is a $5 billion project that will create the world's premier battery manufacturing facility. The Gigafactory will not only be physically larger than any other cell-packing plant on the planet, it'll produce more batteries than the entire industry did back in 2013. That's a lot of batteries, enough to meet Tesla's 500,000-per-year manufacturing goals -- and potentially even more. When completed, the factory will cover five million square feet of the desert floor just outside of Reno, Nevada. Right now, the uncompleted but already-operational factory sits on 800,000 square feet. Over the next four years the building will grow and grow again, swelling to its full size while production dials up simultaneously. The roof will be covered in solar panels, with the goal of producing enough electricity to power the entire thing. Tesla is already assembling Powerwall units here, but the first Model 3 battery packs are expected to roll off the line by the middle of next year. From there, Tesla will have to scale quickly to meet the company's Model 3 production goals for 2018. And, once the company does, the cost savings will begin. The "Tesla Gigafactory Tour" video can also be viewed on YouTube via Roadshow.
Communications

Snowden Questions WikiLeaks' Methods of Releasing Leaks (pcworld.com) 160

An anonymous reader quotes a report from PCWorld: Former U.S. National Security Agency contractor, Edward Snowden, has censured WikiLeaks' release of information without proper curation. On Thursday, Snowden, who has embarrassed the U.S. government with revelations of widespread NSA surveillance, said that WikiLeaks was mistaken in not at least modestly curating the information it releases. "Democratizing information has never been more vital, and @Wikileaks has helped. But their hostility to even modest curation is a mistake," Snowden said in a tweet. WikiLeaks shot back at Snowden that "opportunism won't earn you a pardon from Clinton [and] curation is not censorship of ruling party cash flows." The whistleblowing site appeared to defend itself earlier on Thursday while referring to its "accuracy policy." In a Twitter message it said that it does "not tamper with the evidentiary value of important historical archives." WikiLeaks released nearly 20,000 previously unseen DNC emails last week, which suggest that committee officials had favored Clinton over her rival Senator Bernie Sanders. The most recent leak consists of 29 voicemails from DNC officials.
Microsoft

Court Ruling Shows The Internet Does Have Borders After All (csoonline.com) 46

itwbennett writes: Microsoft's recent victory in court, when it was ruled that the physical location of the company's servers in Ireland were out of reach of the U.S. government, was described on Slashdot as being "perceived as a major victory for privacy." But J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP) has a different view of the implications of the ruling that speaks to John Perry Barlow's vision of an independent cyberspace: "By recognizing the jurisdictional boundaries of Ireland, it is possible that the Second Circuit Court created an incentive for other jurisdictions to require data to be held within their national boundaries. We have seen similar laws emerge in Russia -- they fall under a policy trend towards 'data localization' that has many cloud service and global organizations deeply concerned. Which leads to a tough question: what happens if every country tries to assert jurisdictional control over the web? Might we end up with a fractured web, a 'splinternet,' of lessening utility?"
Security

SwiftKey Bug Leaked Email Addresses, Phone Numbers To Strangers (theverge.com) 28

An anonymous reader writes: After many users reported receiving predictions meant for other users, such as email addresses and phone numbers, SwiftKey has suspended part of its service. The service responsible for the bug was SwiftKey's cloud sync service. The Verge reports that one user, an English speaker, was getting someone else's German suggestions, while someone received NSFW porn search suggestions. The Telegraph also reports, "One SwiftKey user, who works in the legal profession and ask to remain anonymous, found out their details had been compromised when a stranger emailed them to say that a brand new phone had suggested their email address when logging into an account online. 'A few days ago, I received an email from a complete stranger asking if I had recently purchased and returned a particular model of mobile phone, adding that not one but two of my email addresses (one personal and one work address) were saved on the phone she had just bought as brand-new,' said the user." SwiftKey released an official statement today about the issue but said that it "did not pose a security issue."
Businesses

Amazon CEO Jeff Bezos Becomes World's Third Richest Person (bbc.com) 62

An anonymous reader quotes a report from BBC: Strong earnings from Amazon and a boost to the company's stock have made its founder, Jeff Bezos, the world's third richest person, according to Forbes. Mr Bezos owns 18% of Amazon's shares, which rose 2% in trading on Thursday. Forbes estimated his fortune to be $65.3 billion (49.5 billion British Pound). Amazon's revenue beat analysts' expectations, climbing 31% from last year to $30.4 billion in the second quarter. Profit for the e-commerce giant was $857 million, compared with $92 million in 2015. According to Forbes estimates, Mr Bezos's fortune is only surpassed by Microsoft founder Bill Gates, worth $78 billion (59 billion British Pound), and the $73.1 billion (55 billion British Pound) fortune of Zara founder Amancio Ortega. Amazon had developed a reputation for announcing little or no profit each quarter, but appeared to hit a turning point last year and has seen improving earnings since. Amazon shares have spiked 50% since February. BBC's report includes some bullet points about Bezos. He was born in Albuquerque, New Mexico, in 1964. He studied at Princeton University and worked on Wall Street. In 1994, he launched Amazon as an online book retailer. A lifelong Star Trek fan, Bezos launched Blue Origin spaceflight and aerospace firm in 2000, and more than a decade later, he purchased The Washington Post newspaper in 2013.
Robotics

US Military Using $600K 'Drone Buggies' To Patrol Camps In Africa (cnbc.com) 59

An anonymous reader quotes a report from CNBC: The U.S. military is using an unmanned robotic vehicle to patrol around its camps in the Horn of Africa. The remote controlled vehicle is the result of a 30-year plan after military chiefs approved the concept of a robotic security system in 1985. Now the Mobile Detection Assessment and Response System, known as MDARS, are carrying out patrols in the east African country of Djibouti, under the control of the Combined Joint Task Force-Horn of Africa. The area is known as home to a number of hostile militant groups including the al-Qaeda-affiliated al-Shabaab. An operator sits in a remote location away from the vehicle watching the terrain via a camera link which is fixed to the chassis. U.S. military software engineer Joshua Kordanai said in a video presentation that the vehicle drives itself, freeing the remote operator to monitor video. "The vehicle has an intruder detection payload, consisting of radar, a night vision camera, a PTZ [pan-tilt-zoom] camera and two-way audio, so the system will be able to detect motion," he added. One report prices the cost of an earlier version of the military 'drone buggy' at $600,000 each.
The Courts

Judge Rules Political Robocalls Are Protected By First Amendment (onthewire.io) 175

Trailrunner7 quotes a report from On the Wire: A federal judge has ruled that robocalls made on behalf of political candidates are protected by the First Amendment and cannot be outlawed. The decision came in a case in Arkansas, where political robocalls had been illegal for more than 30 years. On Wednesday, U.S. District Court Judge Leon Holmes ruled that banning political robocalls amounts to an infringement of free speech protections and also constitutes prior restraint of speech. Political campaigns have been using robocalls for decades, and some states have sought to ban them, arguing that they are intrusive and violate recipients' privacy. In the Arkansas case, the state attorney general put forward both of these arguments, and also argued that the calls can tie up phone lines, making them unusable in an emergency. Holmes said in his decision that there was no evidence that political robocalls prevent emergency communications, and also said that the Arkansas statute should have banned all robocalls, not just commercial and political ones. "The statute at issue here imposes a content-based restriction on speech; it is not one of the rare cases that survives strict scrutiny. The state has failed to prove that the statute at issue advances a compelling state interest and is narrowly tailored to serve that interest," Holmes wrote.
Businesses

Amazon Reaches New High Of 268,900 Employees -- Skyrocketing 47% In Just One Year (geekwire.com) 44

Amazon remains one of the biggest attractors of talent worldwide. During its quarterly earnings, the company said it hired 23,700 employees in the second quarter -- making the total employee headcount at the company 268,900. GeekWire reports: Amazon's headcount has grown by a staggering amount over the last few years. Its employment numbers increased close to 10 percent in the last three months and 47 percent over a year ago, when its employee count stood at a paltry-by-comparison 183,100 people. That's an increase of 85,800 employees in one year -- more than the entire city of Bellingham, Wash.Related: The New York Times report on work challenges at Amazon.
Australia

Australia Has Moved 1.5 Metres, So It's Updating Its Location For Self-Driving Cars (cnet.com) 128

An anonymous reader shares a CNET report: Australia is changing from "down under" to "down under and across a bit". The country is shifting its longitude and latitude to fix a discrepancy with global satellite navigation systems. Government body Geoscience Australia is updating the Geocentric Datum of Australia, the country's national coordinate system, to bring it in line with international data. The reason Australia is slightly out of whack with global systems is that the country moves about 7 centimetres (2.75 inches) per year due to the shifting of tectonic plates. Since 1994, when the data was last recorded, that's added up to a misalignment of about a metre and a half. While that might not seem like much, various new technology requires location data to be pinpoint accurate. Self-driving cars, for example, must have infinitesimally precise location data to avoid accidents. Drones used for package delivery and driverless farming vehicles also require spot-on information.ABC has more details.
Chrome

Ask Slashdot: Best Browser Extensions -- 2016 Edition 184

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?
Let's get this going.

Slashdot Top Deals