Slashdot: Your Rights Online

Subscribe to Slashdot: Your Rights Online feed Slashdot: Your Rights Online
News for nerds, stuff that matters
Updated: 10 hours 31 min ago

Stray WiFi Signals Could Let Spies See Inside Closed Rooms

13 hours 27 min ago
sciencehabit quotes a report from Science Magazine: Your wireless router may be giving you away in a manner you never dreamed of. For the first time, physicists have used radio waves from a Wi-Fi transmitter to encode a 3D image of a real object in a hologram similar to the image of Princess Leia projected by R2D2 in the movie Star Wars. In principle, the technique could enable outsiders to "see" the inside of a room using only the Wi-Fi signals leaking out of it, although some researchers say such spying may be easier said than done. Their experiment relies on none of the billions of digital bits of information encoded in Wi-Fi signals, just the fact that the signals are clean, "coherent" waves. However, instead of recording the key interference pattern on a photographic plate, the researchers record it with a Wi-Fi receiver and reconstruct the object in a computer. They placed a Wi-Fi transmitter in a room, 0.9 meters behind the cross. Then they placed a standard Wi-Fi receiver 1.4 meters in front of the cross and moved it slowly back and forth to map out a "virtual screen" that substituted for the photographic plate. Also, instead of having a separate reference beam coming straight to the screen, they placed a second, stationary receiver a few meters away, where it had a direct view of the emitter. For each point on the virtual screen, the researchers compared the signals arriving simultaneously at both receivers, and made a hologram by mapping the delays caused by the aluminum cross. The virtual hologram isn't exactly like a traditional one, as researchers can't recover the image of the object by shining more radio waves on it. Instead, the scientists used the computer to run the radio waves backward in time from the screen to the distance where wave fronts hit the object. The cross then popped out.

Read more of this story at Slashdot.

Categories: Research

EPA Website Removes Climate Science Site From Public View After Two Decades

16 hours 7 min ago
Last week there were reports that the EPA climate change website was set to be taken down, though later the EPA denied that. On Friday evening, however, the Environmental Protection Agency announced its website would be "undergoing changes" to better represent the new direction the agency is taking, triggering the removal of several agency websites containing detailed climate data and scientific information (paywalled; alternative source). From a report on The Washington Post: One of the websites that appeared to be gone had been cited to challenge statements made by the EPA's new administrator, Scott Pruitt. Another provided detailed information on the previous administration's Clean Power Plan, including fact sheets about greenhouse gas emissions on the state and local levels and how different demographic groups were affected by such emissions. The changes came less than 24 hours before thousands of protesters were set to march in Washington and around the country in support of political action to push back against the Trump administration's rollbacks of former president Barack Obama's climate policies.

Read more of this story at Slashdot.

Categories: Research

Trump Order Helps Offshore Drilling, Stops Marine Sanctuary Expansion

Fri, 04/28/2017 - 23:30
An anonymous reader quotes a report from Ars Technica: In an executive order signed on Friday, President Trump directed his secretary of the interior to review current rules on offshore drilling and exploration. This review is likely to result in a relaxation of the strict protections the previous administration put on offshore oil drilling in the Atlantic and in the Arctic. According to the Washington Post, a review of the rules is likely to "make millions of acres of federal waters eligible for oil and gas leasing." At the same time, Trump's executive order directed the secretary of commerce to cease designating new marine sanctuaries or expanding any that already exist. According to USA Today, Commerce Secretary Wilbur Ross is also "directed to review all designations and expansions of marine monuments or sanctuaries designated under the Antiquities Act within the last 10 years." The Post says this "includes Hawaii's Papahanaumokuakea Marine National Monument, which Obama quadrupled in size last year, and the Northeast Canyons and Seamounts off Massachusetts." Although these reviews could take some time to complete, they put in motion a bid to favor extraction industries like oil and gas mining. "Today, we're unleashing American energy and clearing the way for thousands and thousands of high-paying energy jobs," Trump reportedly told the Associated Press.

Read more of this story at Slashdot.

Categories: Research

Open Ports Create Backdoors In Millions of Smartphones

Fri, 04/28/2017 - 21:25
An anonymous reader writes: "Mobile applications that open ports on Android smartphones are opening those devices to remote hacking, claims a team of researchers from the University of Michigan," reports Bleeping Computer. Researchers say they've identified 410 popular mobile apps that open ports on people's smartphones. They claim that an attacker could connect to these ports, which in turn grant access to various phone features, such as photos, contacts, the camera, and more. This access could be leveraged to steal photos, contacts, or execute commands on the target's phone. Researchers recorded various demos to prove their attacks. Of these 410 apps, there were many that had between 10 and 50 million downloads on the official Google Play Store and even an app that came pre-installed on an OEMs smartphones. "Research on the mobile open port problem started after researchers read a Trend Micro report from 2015 about a vulnerability in the Baidu SDK, which opened a port on user devices, providing an attacker with a way to access the phone of a user who installed an app that used the Baidu SDK," reports Bleeping Computer. "That particular vulnerability affected over 100 million smartphones, but Baidu moved quickly to release an update. The paper detailing the team's work is entitled Open Doors for Bob and Mallory: Open Port Usage in Android Apps and Security Implications, and was presented Wednesday, April 26, at the 2nd IEEE European Symposium on Security and Privacy that took place this week in Paris, France."

Read more of this story at Slashdot.

Categories: Research

Airbnb Gives In To Regulator's Demand To Test For Racial Discrimination By Hosts

Fri, 04/28/2017 - 20:45
As part of an agreement with California regulators, Airbnb will allow the government to test for racial discrimination by hosts. The Guardian reports: The California Department of Fair Employment and Housing (DFEH) announced Thursday that it had resolved a complaint it filed against Airbnb with an agreement that forces the company to permit the state to conduct "fair housing testing" of certain hosts. That means that for the first time the San Francisco-based company is giving a regulatory body permission to conduct the kind of racial discrimination audits that officials have long used to enforce fair housing laws against traditional landlords. The DFEH's original complaint -- which had not previously been disclosed -- was based on research and a growing number of reports suggesting that hosts regularly refuse to rent to guests due to their race, a problem exposed last year under the hashtag #AirbnbWhileBlack.

Read more of this story at Slashdot.

Categories: Research

Apple, Tesla Ask California To Change Its Proposed Policies On Self-Driving Car Testing

Fri, 04/28/2017 - 19:20
Tesla and Apple have asked the state of California to change its proposed policies on self-driving cars to allow companies to test vehicles without traditional steering wheels and controls or human back-up drivers, among other things. Reuters reports: In a letter made public Friday, Apple made a series of suggested changes to the policy that is under development and said it looks forward to working with California and others "so that rapid technology development may be realized while ensuring the safety of the traveling public." Waymo, the self-driving car unit of Google parent company Alphabet Inc, Ford Motor Co, Uber Technologies Inc, Toyota Motor Corp, Tesla Motors Inc and others also filed comments suggesting changes. Apple said California should revise how companies report self-driving system "disengagements." California currently requires companies to report how many times the self-driving system was deactivated and control handed back to humans because of a system failure or a traffic, weather or road situation that required human intervention. Apple said California's rules for development vehicles used only in testing could "restrict both the design and equipment that can be used in test vehicles." Tesla said California should not bar testing of autonomous vehicles that are 10,000 pounds (4,535 kg) or more. Tesla also said California should not prohibit the sale of non-self-driving vehicles previously used for autonomous vehicle testing.

Read more of this story at Slashdot.

Categories: Research

WikiLeaks Reveals the 'Snowden Stopper': CIA Tool To Track Whistleblowers

Fri, 04/28/2017 - 18:40
schwit1 quotes a report from Zero Hedge: As the latest installment of it's "Vault 7" series, WikiLeaks has just dropped a user manual describing a CIA project known as "Scribbles" (a.k.a. the "Snowden Stopper"), a piece of software purportedly designed to allow the embedding of "web beacon" tags into documents "likely to be stolen." The web beacon tags are apparently able to collect information about an end user of a document and relay that information back to the beacon's creator without being detected. Per WikiLeaks' press release. But, the "Scribbles" user guide notes there is just one small problem with the program: it only works with Microsoft Office products. So, if end users use other programs such as OpenOffice of LibreOffice then the CIA's watermarks become visible to the end user and their cover is blown.

Read more of this story at Slashdot.

Categories: Research

A Database of Thousands of Credit Cards Was Left Exposed on the Open Internet

Fri, 04/28/2017 - 17:20
A US online pet store has exposed the details of more than 110,400 credit cards used to make purchases through its website, researchers have found. From a report on ZDNet: In a stunning show of poor security, the Austin, TX-based company FuturePets.com exposed its entire customer database, including names, postal and email addresses, phone numbers, credit card information, and plain-text passwords. Several customers that we reached out to confirmed some of their information when it was provided by ZDNet, but did not want to be named. The database was exposed because of the company's own insecure server and use of "rsync," a common protocol used for synchronizing copies of files between two different computers, which wasn't protected with a username or password.

Read more of this story at Slashdot.

Categories: Research

NSA Halts Collection of Americans' Emails About Foreign Targets

Fri, 04/28/2017 - 15:20
The NSA is stopping one of the most disputed forms of its warrantless surveillance program (alternative source), one in which it collects Americans' emails and texts to and from people overseas and that mention a foreigner under surveillance, NYTimes reports on Friday citing officials familiar with the matter. From the report: National security officials have argued that such surveillance is lawful and helpful in identifying people who might have links to terrorism, espionage or otherwise are targeted for intelligence-gathering. The fact that the sender of such a message would know an email address or phone number associated with a surveillance target is grounds for suspicion, these officials argued. [...] The N.S.A. made the change to resolve problems it was having complying with special rules imposed by the Foreign Intelligence Surveillance Court in 2011 to protect Americans' privacy. For technical reasons, the agency ended up collecting messages sent and received domestically as a byproduct of such surveillance, the officials said.

Read more of this story at Slashdot.

Categories: Research

The Internet-of-Things is Maturing

Fri, 04/28/2017 - 13:40
An anonymous reader shares a report: The "Internet of Things" (IoT) category is starting to mature in terms of startup investments, according to a new report from Silicon Valley venture capital firm Wing. Like any other trendy area of tech, IoT is in the midst of its own hype cycle, so it's important to get a more detailed picture of how the money is flowing.

Read more of this story at Slashdot.

Categories: Research

Qualcomm Says Apple To Stop Paying Royalties

Fri, 04/28/2017 - 13:20
Apple has decided to withhold royalty payments to its contract manufacturers that are owed to Qualcomm, until a legal dispute between the companies is resolved, the chipmaker said on Friday. From a report: Qualcomm, the largest maker of chips used in smartphones, said it will not receive royalties from Apple's contract manufacturers for sales made during the quarter ended March 31. San Diego, California-based Qualcomm also slashed its profit and revenue forecasts for the current quarter, to account for the lost royalty revenue.

Read more of this story at Slashdot.

Categories: Research

Lawsuit: Fox News Group Hacked, Surveilled, and Stalked Ex-Host Andrea Tantaros

Fri, 04/28/2017 - 09:00
An anonymous reader quotes a report from Ars Technica: Comparing their actions to the plot this season on the Showtime series Homeland, an attorney for former Fox News host Andrea Tantaros has filed a complaint in federal court against Fox News, current and former Fox executives, Peter Snyder and his financial firm Disruptor Inc., and 50 "John Doe" defendants. The suit alleges that collective participated in a hacking and surveillance campaign against her. Tantaros filed a sexual harassment suit against Roger Ailes and Fox News in August of 2016, after filing internal complaints with the company about harassment dating back to February of 2015. She was fired by the network in April of 2016, as Tantaros continued to press complaints against Fox News' then-Chairman and CEO Roger Ailes, Bill O'Reilly, and others. Tantaros had informed Fox that she would be filing a lawsuit over the alleged sexual harassment. Tantaros claims that as early as February of 2015, a group run out of a "black room" at Fox News engaged in surveillance and electronic harassment of her, including the use of "sock puppet" social media accounts to electronically stalk her. Tantaros' suit identifies Peter Snyder and Disruptor Inc. as the operators of a social influence operation using "sock puppet" accounts on Twitter and other social media.

Read more of this story at Slashdot.

Categories: Research

Apple Patent Hints At Wirelessly Charging Your iPhone Via Wi-Fi Routers

Fri, 04/28/2017 - 06:00
According to AppleInsider, "Apple is experimenting with medium- to long-distance wireless charging technologies that could one day allow users to charge up their iPhones with nothing more than a Wi-Fi router." From the report: Detailed in Apple's patent application for "Wireless Charging and Communications Systems With Dual-Frequency Patch Antennas" is a method for transferring power to electronic devices over frequencies normally dedicated to data communications. In its various embodiments, the invention notes power transfer capabilities over any suitable wireless communications link, including cellular between 700 MHz and 2700 MHz, and Wi-Fi operating at 2.4 GHz and 5 GHz. More specifically, the document's claims apply to millimeter wave 802.11ad spectrum channels currently in use by the WiGig standard, which operates over the 60 GHz frequency band. Theoretically, the proposal opens the door to wire-free charging from in-home Wi-Fi routers to cellular nodes and even satellite signals. Of course, amplitude in a wireless system is normally a function of distance. Like conventional wireless charging techniques, Apple's design requires two devices -- a transmitter and receiver -- to function. Each device contains one or more antennas coupled to wireless circuitry capable of making phase and magnitude adjustments to transmitted and received signals. Such hardware can be employed in dynamic beam steering operations.

Read more of this story at Slashdot.

Categories: Research

NASA Delays First Flight of New SLS Rocket Until 2019

Fri, 04/28/2017 - 03:00
schwit1 writes: Despite spending almost $19 billion and more than thirteen years of development, NASA today admitted that it will have to delay the first test flight of the SLS rocket from late 2018 to sometime in 2019. "We agree with the GAO that maintaining a November 2018 launch readiness date is not in the best interest of the program, and we are in the process of establishing a new target in 2019," wrote William Gerstenmaier, chief of NASA's human spaceflight program. "Caution should be used in referencing the report on the specific technical issues, but the overall conclusions are valid." The competition between the big government SLS/Orion program and private commercial space is downright embarrassing to the government. While SLS continues to be delayed, even after more than a decade of work and billions of wasted dollars, SpaceX is gearing up for the first flight of Falcon Heavy this year. And they will be doing it despite the fact that Congress took money from the commercial private space effort, delaying its progress, in order to throw more money at SLS/Orion.

Read more of this story at Slashdot.

Categories: Research

Kill Net Neutrality and You'll Kill Us, Say 800 US Startups

Thu, 04/27/2017 - 23:30
A group of more than 800 startups has sent a letter to the FCC chairman Ajit Pai saying they are "deeply concerned" about his decision to kill net neutrality -- reversing the Title II classification of internet service providers. The group, which includes Y Combinator, Etsy, Foursquare, GitHub, Imgur, Nextdoor, and Warby Parker, added that the decision could end up shutting their businesses. They add, via an article on The Verge: "The success of America's startup ecosystem depends on more than improved broadband speeds. We also depend on an open Internet -- including enforceable net neutrality rules that ensure big cable companies can't discriminate against people like us. We're deeply concerned with your intention to undo the existing legal framework. Without net neutrality, the incumbents who provide access to the Internet would be able to pick winners or losers in the market. They could impede traffic from our services in order to favor their own services or established competitors. Or they could impose new tolls on us, inhibiting consumer choice. [...] Our companies should be able to compete with incumbents on the quality of our products and services, not our capacity to pay tolls to Internet access providers."

Read more of this story at Slashdot.

Categories: Research

University of California IT Workers Replaced By Offshore Outsourcing Firm To File Discrimination Lawsuit

Thu, 04/27/2017 - 20:05
The IT workers from the University of California's San Francisco campus who were replaced by an offshore outsourcing firm late last year intend to file a lawsuit challenging their dismissal. "It will allege that the tech workers at the university's San Francisco campus were victims of age and national origin discrimination," reports Computerworld. From the report: The IT employees lost their jobs in February after the university hired India-based IT services firm HCL. Approximately 50 full-time university employees lost their jobs, but another 30 contractor positions were cut as well. "To take a workforce that is overwhelmingly over the age of 40 and replace them with folks who are mainly in their 20s -- early 20s, in fact -- we think is age discrimination," said the IT employees' attorney, Randall Strauss, of Gwilliam Ivary Chiosso Cavalli & Brewer. The national origin discrimination claim is the result of taking a workforce "that reflects the diversity of California" and is summarily let go and is "replaced with people who come from one particular part of the world," said Strauss. The lawsuit will be filed in Alameda County Superior Court.

Read more of this story at Slashdot.

Categories: Research

Should Banks Let Ancient Programming Language COBOL Die?

Thu, 04/27/2017 - 18:00
COBOL is a programming language invented by Hopper from 1959 to 1961, and while it is several decades old, it's still largely used by the financial sector, major corporations and part of the federal government. Mar Masson Maack from The Next Web interviews Daniel Doderlein, CEO of Auka, who explains why banks don't have to actively kill COBOL and how they can modernize and "minimize the new platforms' connections to the old systems so that COBOL can be switched out in a safe and cheap manner." From the report: According to [Doderlein], COBOL-based systems still function properly but they're faced with a more human problem: "This extremely critical part of the economic infrastructure of the planet is run on a very old piece of technology -- which in itself is fine -- if it weren't for the fact that the people servicing that technology are a dying race." And Doderlein literally means dying. Despite the fact that three trillion dollars run through COBOL systems every single day they are mostly maintained by retired programming veterans. There are almost no new COBOL programmers available so as retirees start passing away, then so does the maintenance for software written in the ancient programming language. Doderlein says that banks have three options when it comes to deciding how to deal with this emerging crisis. First off, they can simply ignore the problem and hope for the best. Software written in COBOL is still good for some functions, but ignoring the problem won't fix how impractical it is for making new consumer-centric products. Option number two is replacing everything, creating completely new core banking platforms written in more recent programming languages. The downside is that it can cost hundreds of millions and it's highly risky changing the entire system all at once. The third option, however, is the cheapest and probably easiest. Instead of trying to completely revamp the entire system, Doderlein suggests that banks take a closer look at the current consumer problems. Basically, Doderlein suggests making light-weight add-ons in more current programming languages that only rely on COBOL for the core feature of the old systems.

Read more of this story at Slashdot.

Categories: Research

Chrome Will Start Marking HTTP Sites In Incognito Mode As Non-Secure In October

Thu, 04/27/2017 - 16:40
Reader Krystalo writes: Google today announced the second step in its plan to mark all HTTP sites as non-secure in Chrome. Starting in October 2017, Chrome will mark HTTP sites with entered data and HTTP sites in Incognito mode as non-secure. With the release of Chrome 56 in January 2017, Google's browser started marking HTTP pages that collect passwords or credit cards as "Not Secure" in the address bar. Since then, Google has seen a 23 percent reduction in the fraction of navigations to HTTP pages with password or credit card forms on Chrome for desktop. Chrome 62 (we're currently on Chrome 58) will take this to the next level.

Read more of this story at Slashdot.

Categories: Research

Facebook Pledges To Crack Down on Government-led Misinformation Campaigns

Thu, 04/27/2017 - 16:00
Facebook is pressing its enforcement against what it calls "information operations" -- bad actors who use the platform to spread fake news and false propaganda. From a report: The company, which published a report on the subject today, defines these operations as government-led campaigns -- or those from organized "non-state actors" -- to promote lies, sow confusion and chaos among opposing political groups, and destabilize movements in other countries. The goal of these operations, the report says, is to manipulate public opinion and serve geopolitical ends. The actions go beyond the posting of fake news stories. The 13-page report specifies that fake news can be motivated by a number of incentives, but that it becomes part of a larger information operation when its coupled with other tactics and end goals. Facebook says these include friend requests sent under false names to glean more information about the personal networks of spying targets and hacking targets, the boosting of false or misleading stories through mass "liking" campaigns, and the creation propaganda groups. The company defines these actions as "targeted data collection," "false amplification," and "content creation." Facebook plans to target these accounts by monitoring for suspicious activity, like bursts of automated actions on the site, to enact mass banning of accounts.

Read more of this story at Slashdot.

Categories: Research

'World's Most Secure' Email Service Is Easily Hackable

Thu, 04/27/2017 - 14:00
Nomx, a startup that offers an email client by the same name, bills itself as the maker of the "world's most secure email service." The startup goes on to suggest that "everything else is insecure." So it was only a matter of time before someone decided to spend some time on assessing how valid Nomx's claims are. Very misleading, it turns out. From a report on Motherboard: Nomx sells a $199 device that essentially helps you set up your own email server in an attempt to keep your emails away from mail exchange (or MX) -- hence the brand name -- servers, which the company claims to be inherently "vulnerable." Security researcher Scott Helme took apart the device and tried to figure out how it really works. According to his detailed blog post, what he found is that the box is actually just a Raspberry Pi with outdated software on it, and several bugs. So many, in fact, that Helme wrote Nomx's "code is riddled with bad examples of how to do things." The worst issue, Helme explained, is that the Nomx's web application had a vulnerability that allowed anyone to take full control of the device remotely just by tricking someone to visit a malicious website. "I could read emails, send emails, and delete emails. I could even create my own email address," Helme told Motherboard in an online chat. A report on BBC adds: Nomx said the threat posed by the attack detailed by Mr Helme was "non-existent for our users." Following weeks of correspondence with Mr Helme and the BBC Click Team, he said the firm no longer shipped versions that used the Raspberry Pi. Instead, he said, future devices would be built around different chips that would also be able to encrypt messages as they travelled. "The large cloud providers and email providers, like AOL, Yahoo, Gmail, Hotmail - they've already been proven that they are under attack millions of times daily," he said. "Why we invented Nomx was for the security of keeping your data off those large cloud providers. To date, no Nomx accounts have been compromised."

Read more of this story at Slashdot.

Categories: Research

Pages