Feed aggregator

US bitcoin bomb threat ransom scam looks like a hoax say FBI, cops

TheRegister - Thu, 12/13/2018 - 18:50
Extortion scheme gets national attention but not much in the way of funds

Police departments around the US say they've been apprised of emailed bomb threats seeking payment in cryptocurrency or else explosions will ensue.…

Iranian Phishers Bypass 2fa Protections Offered By Yahoo Mail, Gmail

Slashdot - Thu, 12/13/2018 - 18:45
An anonymous reader quotes a report from Ars Technica: A recent phishing campaign targeting U.S. government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones. Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets' accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password. "In other words, they check victims' usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too," Certfa Lab researchers wrote. "We've seen [it] tried to bypass 2fa for Google Authenticator, but we are not sure they've managed to do such a thing or not," the Certfa representative wrote. "For sure, we know hackers have bypassed 2fa via SMS."

Read more of this story at Slashdot.

What is the Kubernetes hybrid cloud and why it matters

LXer - Thu, 12/13/2018 - 18:36
Kubernetes is hotter than hot? Why? A big reason is because many companies think it[he]#039[/he]s the way to the future of the cloud.

Astroboffins spy a rare exoplanet evaporating before their eyes

TheRegister - Thu, 12/13/2018 - 18:10
*Okay so it will be here for another billion years or so but it's shrinking faster than normal

Somewhere in the Cancer constellation lies a mini-Neptune sized planet that is disappearing at rate faster than ever seen before, according to research published in Astronomy & Astrophysics on Thursday.…

Louisiana Adopts Digital Driver's Licenses

Slashdot - Thu, 12/13/2018 - 18:03
Louisiana is rolling out a new digital driver's license app, called LA Wallet, that will let retailers digitally verify the age of their customers, if required. "According to IEEE Spectrum, Louisiana's Office of Alcohol and Tobacco Control is expected to announce that bars, restaurants, grocery stores and other retails are allowed to accept LA Wallet as proof of age, according to the app's developer, Envoc." From the report: The Baton Rouge-based company launched LA Wallet in June, after two years of collaboration with state officials. But so far only law enforcement officers making routine traffic stops are required to accept the digital driver's license. Next week's announcement would greatly broaden the scope of the app's use. About 71,000 people have downloaded LA Wallet so far, says Calvin Fabre, founder and president of Envoc. The app costs $5.99 in the Google Play and Apple App stores. Users buy it, create an account with some basic information from their physical driver's license, and create a password. That's it. No biometric security -- like iris scans or facial recognition -- required. The app links back to Louisiana's Office of Motor Vehicles database, which completes the digital license with the user's photo and additional information. Any changes to the license, like a suspension or renewal, are updated immediately in the app with a wireless network connection. To present the license -- say, to a cop during a traffic stop -- the driver (hoping his phone battery isn't dead) opens the app with a password, shows the cop the digital license image, and authenticates it by pressing and holding the screen to reveal a security seal. The license can be flipped over to show a scannable bar code on the back. There's also a handy security feature that allows anyone with the LA Wallet app to authenticate another person's Louisiana digital driver's license. It allows the bar patron to select which information she would like to reveal to the bartender -- in this case, simply the fact that she is over 21. That information is displayed on the phone with a photo and embedded QR code. The bartender scans the code with her app, which tells her that the woman seated on the other side of the bar is indeed over 21. None of the customer's personal information, such as her name, birth date, or address, is displayed or stored on the bartender's phone.

Read more of this story at Slashdot.

US elections watchdog says it's OK to spend surplus campaign cash on cybersecurity gear

TheRegister - Thu, 12/13/2018 - 17:38
Congresscritters now have one less excuse for getting pwned

The US Federal Election Commission has officially voted to allow members of Congress to use their campaign funds on cybersecurity protection.…

A crash course in embedded Linux software deployment

LXer - Thu, 12/13/2018 - 17:22
At ELC Europe, Mender.io’s Mirza Krak surveyed popular techniques for deploying embedded Linux software, including cross-dev strategies, IDEs, Yocto-OE package management, config utilities, network boot, and updating software. While many Embedded Linux Conference talks cover emerging technologies, some of the most useful are those that survey the embedded development tools and techniques ...........

Google Pledges To Hold Off On Selling Facial Recognition Technology

Slashdot - Thu, 12/13/2018 - 17:20
In a blog post today, Google detailed how its facial recognition technology will and won't be used. Citing a number of risks associated with the technology, the company vowed to refrain from selling facial recognition products until it can come up with policies that prevent abuse. Engadget reports: "Like many technologies with multiple uses, facial recognition merits careful consideration to ensure its use is aligned with our principles and values, and avoids abuse and harmful outcomes," Google said. "We continue to work with many organizations to identify and address these challenges, and unlike some other companies, Google Cloud has chosen not to offer general-purpose facial recognition APIs before working through important technology and policy questions." "This is a strong first step," the ACLU's Nicole Ozer said in a statement about Google's announcement. "Google today demonstrated that, unlike other companies doubling down on efforts to put dangerous face surveillance technology into the hands of law enforcement and ICE, it has a moral compass and is willing to take action to protect its customers and communities. Google also made clear that all companies must stop ignoring the grave harms these surveillance technologies pose to immigrants and people of color, and to our freedom to live our lives, visit a church, or participate in a protest without being tracked by the government."

Read more of this story at Slashdot.

Dozens of Bomb Threats Reported Across America In Apparent Bitcoin Ransom Scam

Slashdot - Thu, 12/13/2018 - 16:40
An anonymous reader quotes a report from Gizmodo: On Wednesday afternoon, a wave of bomb threats were reported at various locations across the United States. On social media, numerous law enforcement departments issued alerts notifying citizens that they're looking into bomb threats targeting businesses, schools, government offices and even private residents. It appears the threats are being sent by email. NBC News said "dozens" of threats had been reported, but the full extent of these threats is not yet clear. A number of news organizations and law enforcement agencies report remarkably similar sounding emails mentioning a bitcoin ransom of $20,000. And some Twitter users have shared emails they've received demanding the cryptocurrency and warning that an explosion would only encourage others to pay up. NBC News quoted the NYPD's Counterterrorism Bureau's brief statement on the investigation: "We are currently monitoring multiple bomb threats that have been sent electronically to various locations throughout the city. These threats are also being reported to other locations nationwide and are not considered credible at this time."

Read more of this story at Slashdot.

Windows 10 can carry on slurping even when you're sure you yelled STOP!

LXer - Thu, 12/13/2018 - 16:08
All your activity are belong to usA feature introduced in the April 2018 Update of Windows 10 may have set off a privacy landmine within the bowels of Redmond as users have discovered that their data was still flowing into the intestines of the Windows giant, even with the thing apparently turned off.…

Sting on Amazon Booksellers Aims To Weed Out Counterfeit Textbooks, But Small Sellers Getting Hurt

Slashdot - Thu, 12/13/2018 - 16:01
Amazon upended the book industry more than two decades ago by bringing sales onto the web. Now, during the heart of the holiday shopping season, the company is wreaking havoc on used booksellers who have come to rely on Amazon for customers. From a report: In the past two weeks, Amazon has suspended at least 20 used book merchants for allegedly selling one or more counterfeit textbooks. They all received the same generic email from Amazon informing them that their account had been "temporarily deactivated" and reminding them that "the sale of counterfeit products on Amazon is strictly prohibited." [...] The crackdown on textbook sellers stands out at a time when Amazon is dramatically stepping up its broader anti-counterfeiting efforts, suspending third-party sellers across all its popular categories. Unlike most suspensions, which tend to occur after complaints from consumers or from brand owners who are monitoring the site for counterfeits, these booksellers got caught up in what appears to be a coordinated sting operation.

Read more of this story at Slashdot.

Postmates plans rollout of autonomous delivery robots in US

TheRegister - Thu, 12/13/2018 - 15:55
Wheeled robo-containers called Serve headed first to LA

Delivery biz Postmates on Tuesday showed off a wheeled robotic box named Serve that should soon start showing up in cities around the US, carrying goods for customers.…

Major China company, Alibaba, joins Open Invention Network patent protection group

LXer - Thu, 12/13/2018 - 15:42
Alibaba and Ant Financial are trying to cool things off in the Sino-US intellectual property wars by joining the pro-Linux Open Invention Network patent protection organization.

Windows Server 2019 Officially Supports OpenSSH For the First Time

Slashdot - Thu, 12/13/2018 - 15:20
Microsoft said in 2015 that it would build OpenSSH, a set of utilities that allow clients and servers to connect securely, into Windows, while also making contributions to its development. Neowin: Since then, the company has delivered on that promise in recent releases of Windows 10, being introduced as a feature-on-demand in version 1803. However, Windows Server hadn't received the feature until now, at least not in an officially supported way -- Windows Server version 1709 included it as a pre-release feature. But that's finally changed, as Microsoft this week revealed that Windows Server 2019, which was made available (again) in November, includes OpenSSH as a supported feature.

Read more of this story at Slashdot.

How To Add Swap Space on CentOS 7

LXer - Thu, 12/13/2018 - 15:15
Swap is a space on a disk that is used when the amount of physical RAM memory is full. When a Linux system runs out of RAM, inactive pages are moved from the RAM to the swap space. This tutorial explains how to add a swap file on CentOS 7 systems.

Fraudster convicted of online banking thefts using… whatever the hell this thing is

TheRegister - Thu, 12/13/2018 - 15:05
Ingenious device, or fake bomb from 1980s cop movie?

Police in London have put away a fraudster who was using a bizarre homemade device to con people out of the contents of their bank accounts.…

The fastest, most secure browser? Microsoft Edge apparently

TheRegister - Thu, 12/13/2018 - 14:51
Well, in one respect anyway

Microsoft may have taken the decision to ditch the Edge's browser engine for Google's Chromium too soon.…

ASUS CEO Resigns as Company Shifts Mobile Focus To Power Users

Slashdot - Thu, 12/13/2018 - 14:42
Earlier today, ASUS announced that long-time CEO Jerry Shen is stepping down ahead of "a comprehensive corporate transformation" -- part of which involving a new co-CEO structure, as well as a major shift in mobile strategy to focus on gamers and power users. From a report: In other words, we'll be seeing more ROG Phones and maybe fewer ZenFones, which is a way to admit defeat in what ASUS chairman Jonney Shih described as a "bloody battlefield" in his interview with Business Next. During his 11 years serving as CEO, Shen oversaw the launch of the PadFone series, Transformer series, ZenBook series and ZenFone series. Prior to that, Shen was also credited as the main creator of the Eee PC, the small machine that kickstarted the netbook race in 2006.

Read more of this story at Slashdot.

The Oil Industry's Covert Campaign To Rewrite American Car Emissions Rules

Slashdot - Thu, 12/13/2018 - 14:01
When the Trump administration laid out a plan this year that would eventually allow cars to emit more pollution, automakers, the obvious winners from the proposal, balked. The changes, they said, went too far even for them. But it turns out that there was a hidden beneficiary of the plan that was pushing for the changes all along: the nation's oil industry. From an investigation by The New York Times: In Congress, on Facebook and in statehouses nationwide, Marathon Petroleum, the country's largest refiner, worked with powerful oil-industry groups and a conservative policy network financed by the billionaire industrialist Charles G. Koch to run a stealth campaign to roll back car emissions standards, a New York Times investigation has found. The campaign's main argument for significantly easing fuel efficiency standards -- that the United States is so awash in oil it no longer needs to worry about energy conservation -- clashed with decades of federal energy and environmental policy. "With oil scarcity no longer a concern," Americans should be given a "choice in vehicles that best fit their needs," read a draft of a letter that Marathon helped to circulate to members of Congress over the summer. Official correspondence later sent to regulators by more than a dozen lawmakers included phrases or sentences from the industry talking points, and the Trump administration's proposed rules incorporate similar logic. The industry had reason to urge the rollback of higher fuel efficiency standards proposed by former President Barack Obama. A quarter of the world's oil is used to power cars, and less-thirsty vehicles mean lower gasoline sales.

Read more of this story at Slashdot.

Apple to splash $10bn raisin' American bit barns

TheRegister - Thu, 12/13/2018 - 11:23
Cupertino pats own back for forking over dollars in home country

Apple has said it will spend $10bn on data centres in the US over the next five years, and will set up a new $1bn campus in Texas.…

Syndicate content