DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Security

A Sophisticated Grey Hat Vigilante Protects Insecure IoT Devices (arstechnica.com) 15

Ars Technica reports on Hajime, a sophisticated "vigilante botnet that infects IoT devices before blackhats can hijack them." Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as "just a white hat, securing some systems." But unlike the bare-bones functionality found in Mirai, Hajime is a full-featured package that gives the botnet reliability, stealth, and reliance that's largely unparalleled in the IoT landscape...

Hajime doesn't rashly cycle through a preset list of the most commonly used user name-password combinations when trying to hijack a vulnerable device. Instead, it parses information displayed on the login screen to identify the device manufacturer and then tries combinations the manufacturer uses by default... Also, in stark contrast to Mirai and its blackhat botnet competitors, Hajime goes to great lengths to maintain resiliency. It uses a BitTorrent-based peer-to-peer network to issue commands and updates. It also encrypts node-to-node communications. The encryption and decentralized design make Hajime more resistant to takedowns by ISPs and Internet backbone providers.

Pascal Geenens, a researcher at security firm Radware, watched the botnet attempt 14,348 hijacks from 12,000 unique IP addresses around the world, and says "If Hajime is a glimpse into what the future of IoT botnets looks like, I certainly hope the IoT industry gets its act together and starts seriously considering securing existing and new products. If not, our connected hopes and futures might depend on...grey hat vigilantes to purge the threat the hard way."

And long-time Slashdot reader The_Other_Kelly asks a good question. "While those with the ability and time can roll their own solutions, what off-the-shelf home security products are there, for non-technical people to use to protect their home/IoT networks?"
AI

VC Founder Predicts AI Will Take 50% Of All Human Jobs Within 10 Years (cnbc.com) 104

An anonymous reader quotes CNBC: Robots are likely to replace 50 percent of all jobs in the next decade, according to Kai-Fu Lee, founder of venture capital firm Sinovation Ventures and a top voice on tech in China. Artificial intelligence is the wave of the future, the influential technologist told CNBC, calling it the "singular thing that will be larger than all of human tech revolutions added together, including electricity, [the] industrial revolution, internet, mobile internet -- because AI is pervasive"...

For example, he said, companies in which his firm has invested can accomplish feats such as recognizing 3 million faces at the same time, or dispersing loans in eight seconds. "These are things that are superhuman, and we think this will be in every industry, will probably replace 50% of human jobs, create a huge amount of wealth for mankind and wipe out poverty," Lee said, later adding that he expected that displacement to occur in the next 10 years.

Cellphones

Neowin: Microsoft's Windows Phone Business 'Is Dead' (neowin.net) 79

An anonymous reader quote Neowin: If you've been expecting Microsoft to issue a press release formally announcing the end of its Windows phone business, you're probably hoping for a bit too much. But make no mistake: its phone hardware business is dead. RIP-dead. Send-flowers-dead. Worm-food-dead. Some fans, and even some in the media, have consistently refused to acknowledge this, despite the clear signs in recent quarters. Now, Microsoft's own figures, and its statements regarding its phone division, should make it irrefutably clear that there is no life left in its Windows phone business.

During the quarter ending in December, Microsoft's phone revenue dropped to just $200 million, which included some sales of feature phones, before the company completed its sale of that business unit to Foxconn in November. That figure has now dropped to virtually nothing... Today, as Microsoft published its earnings report for Q3 FY2017, it revealed that its "Phone revenue declined $730 million". Based on its earlier financial disclosures, that means the company's phone hardware revenue fell to just $5 million for the entire quarter ending March 31, 2017. During Microsoft's earnings call today, its chief financial officer, Amy Hood, acknowledged this, stating that there was "no material phone revenue this quarter". The outlook for the next few months is similarly bleak, as Hood predicted "negligible revenue from Phone" in the coming quarter.

Piracy

Hacker Leaks 'Orange Is the New Black' Episodes After Failing To Extort Netflix (bleepingcomputer.com) 76

An anonymous reader writes: "A hacker (or hacker group) known as The Dark Overlord (TDO) has leaked the first ten episodes of season 5 of the "Orange Is The New Black" show after two failed blackmail attempts, against Larson Studios and Netflix," reports BleepingComputer. The hacker said he stole hundreds of gigabytes of audio files from Larson Studios last December. "TDO claims the studio initially agreed to pay a ransom of 50 Bitcoin ($67,000) by January 31, and the two parties even signed a contract, albeit TDO signed it using the name 'Adolf Hitler.'" This might have been the reason why the company thought this was a joke and didn't pay the ransom as initially agreed.

At this point, the hacker turned from the studio to Netflix, but the company didn't want to pay either. As a warning, the hacker leaked the first episode of season 5, but half a day later, he leaked 9 more. "According to Netflix's website, season 5 is supposed to have 13 episodes and is scheduled for release in June, this year." The hacker also claims he's in possession of shows and movies from other movie studios and television channels, such as FOX, IFC, NAT GEO, and ABC. Some of the titles include "Celebrity Apprentice," "NCIS Los Angeles," "New Girl," and "XXX The return of Xander Cage".

Privacy

Massive Tinder Photo Scrape Has Users Upset (techcrunch.com) 58

Images of Tinder users "were swept up in a massive grab of some 40,000 photos from the dating app by a dataset collector who plans to use the selfies in artificial intelligence training," writes Slashdot reader Frosty Piss, sharing this summary of a report in TechCrunch. Tinder said in a statement that the photo sweeper "violated the terms of our service" and "we are taking appropriate action and investigating further." The creator of the data set, Stuart Colianni, has released it under a CC0: Public Domain License and also uploaded his scraper script to GitHub.

He describes it as a "simple script to scrape Tinder profile photos for the purpose of creating a facial dataset," saying his inspiration for creating the scraper was disappointment working with other facial data sets. He also describes Tinder as offering "near unlimited access to create a facial data set," and says scraping the app offers "an extremely efficient way to collect such data."

The article notes that Tinder's API has already been used for other "weird, wacky, and creepy" projects, including "hacking it to automatically like every potential date to save on thumb-swipes; offering a paid look-up service for people to check up on whether a person they know is using Tinder; and even building a catfishing system to snare horny bros and make them unwittingly flirt with each other.

"So you could argue that anyone creating a profile on Tinder should be prepared for their data to leech outside the community's porous walls in various different ways -- be it as a single screenshot, or via one of the aforementioned API hacks. But the mass harvesting of thousands of Tinder profile photos to act as fodder for feeding AI models does feel like another line is being crossed."
Programming

Developer Hacks Together Object-Oriented HTML (github.com) 105

An anonymous reader writes: Ever since I started coding, I have always loved object-oriented design patterns. I built an HTML preprocessor that adds inheritance, polymorphism, and public methods to this venerable language. It offers more freedom than a templating engine and has a wider variety of use cases. Pull requests appreciated!
Transportation

E-Commerce Is Clogging City Streets With Delivery Trucks (citylab.com) 146

The Atlantic's CityLab describes "a massive surge in deliveries to residential dwellings...creating a traffic nightmare." An anonymous reader quotes their report: While truck traffic currently represents about 7% of urban traffic in American cities, it bears a disproportionate congestion cost of $28 billion, or about 17% of the total U.S. congestion costs, in wasted hours and gas. Cities, struggling to keep up with the deluge of delivery drivers, are seeing their curb space and streets overtaken by double-parked vehicles, to say nothing of the bonus pollution and roadwear produced thanks to a surfeit of Amazon Prime orders... Often, the box trucks will double-park in a two-lane street if there's no loading zone to pull into, snarling traffic behind them... "The streets were not designed for that kind of activity," says Alison Conway, an assistant professor of civil engineering at the City College of New York.

Scott Kubly, director of the Seattle Department of Transportation, says "With the volume of deliveries, ticketing isn't effective for us in terms of managing the street. UPS and FedEx will just negotiate a lump sum payment for all the tickets they get instead of fighting every ticket"... In 2011 in Washington, D.C., UPS alone received just shy of 32,000 tickets. Instead of adjudicating each ticket, many large cities will strike agreements or introduce programs through which delivery companies can pay off all tickets in one swoop.

The article points out online retails sales have grown 15% every year this decade in the U.S. -- calling it the other side of the "retail apocalypse" that's killing brick-and-mortar stores.
Education

Microsoft And Apple Target Schools In War With Chromebook (techcrunch.com) 114

An anonymous reader writes: "Google [is] commanding 58% of U.S. K-12 schools. Windows is in second with around 22% and the combined impact of MacOS and iOS are close behind at 19%," reports TechCrunch, citing figures from consulting firm Futuresource. But now Chromebooks are under fire from cheaper iPads and Microsoft's upcoming Windows 10 Cloud laptop with its cloud-based software. "For many schools, the dream of a one-device-per-child experience has finally been realized through a consumer technology battle waged by the biggest names in the industry... Fostering an entire generation of first-time computer users with your software and device ecosystem could mean developing lifelong loyalties, which is precisely why all this knock-down, drag-out fight won't be drawing to a close any time soon." That raises an interesting question. Do Slashdot readers remember the computers that were used in their own high schools -- and did that instill any lifelong brand loyalty?
Australia

Australia Wants ISPs To Protect Customers From Viruses (sophos.com) 80

An anonymous reader quotes Sopho's Naked Security blog: In a column in The West Australian, Dan Tehan, Australia's cybersecurity minister, wrote: "Just as we trust banks to hold our money, just as we trust doctors with our health, in a digital age we need to be able to trust telecommunications companies to protect our information from threats." A companion news article in the same newspaper cited Tehan as arguing that "the onus is on telecommunications companies to develop products to stop their customers being infected with viruses"...

Tehan's government roles include assisting the prime minister on cybersecurity, so folks throughout Australia perked up when he said all this. However, it's not clear if there's an actual plan behind Tehan's observations -- or if there is, whether it will be backed by legal mandates... Back home in Australia, some early reactions to the possibility of any new government interference weren't kind. In iTWire, Sam Varghese said, "Dan Tehan has just provided the country with adequate reasons as to why he should not be allowed anywhere near any post that has anything to do with online security."

The West Australian also reports Australia's prime minister met telecommunications companies this week, "where he delivered the message the Government expected them to do more to shut dodgy sites and scams," saying the government will review current legislation to "remove any roadblocks that may be preventing the private sector and government from delivering such services."
Privacy

How To Delete Your Data From Google's 'My Activity' (vortex.com) 32

Last summer Google revealed personalized data dashboards for every Google account, letting users edit (or delete) items from their search history as well as their viewing history on YouTube. Now Slashdot reader Lauren Weinstein writes: Since posting "The Google Page That Google Haters Don't Want You to Know About" last week, I've received a bunch of messages from readers asking for help using Google's "My Activity" page to control, inspect, and/or delete their data on Google. The My Activity portal is quite comprehensive and can be used in many different ways, but to get you started I'll briefly outline how to use My Activity to delete activity data.
CNET points out you can also access the slightly-creepier "Google Maps location history" by clicking the menu icon in the upper left corner and selecting "Other Google activity." But Weinstein writes, "I have no problems with Google collecting the kinds of data that provide their advanced services, so long as I can choose when that data is collected, and I can inspect and delete it on demand. The google.com/myactivity portal provides those abilities and a lot more."
Stats

As Print Surges, Ebook Sales Plunge Nearly 20% (cnn.com) 168

An anonymous reader quotes CNN: Sales of consumer ebooks plunged 17% in the U.K. in 2016, according to the Publishers Association. Sales of physical books and journals went up by 7% over the same period, while children's books surged 16%. The same trend is on display in the U.S., where ebook sales declined 18.7% over the first nine months of 2016, according to the Association of American Publishers. Paperback sales were up 7.5% over the same period, and hardback sales increased 4.1%...

Sales of e-readers declined by more than 40% between 2011 and 2016, according to consumer research group Euromonitor International. "E-readers, which was once a promising category, saw its sales peak in 2011. Its success was short-lived, as it spiraled downwards within a year with the entry of tablets," Euromonitor said in a research note.

The article includes an even more interesting statistic: that one-third of adults tried a "digital detox" in 2016, limiting their personal use of electronics. Are any Slashdot readers trying to limit their own screen time -- or reading fewer ebooks?
Transportation

Why Elon Musk Doesn't Like Flying Cars (yahoo.com) 150

boley1 quotes Business Insider: According to Elon Musk, the main challenges with flying cars are that they'll be noisy and generate lots of wind because of the downward force required to keep them in the air. Plus, there's an anxiety factor. "Let's just say if something is flying over your head...that is not an anxiety-reducing situation," he said. "You don't think to yourself 'Well, I feel better about today. You're thinking 'Is it going to come off and guillotine me as it comes flying past?'"
Businesses

Intel-Powered Broadband Modems Highly Vulnerable To DoS Attack (dslreports.com) 55

"It's being reported by users from the DSLReports forum that the Puma 6 Intel cable modem variants are highly susceptible to a very low-bandwidth denial-of-service attack," writes Slashdot reader Idisagree. The Register reports: Effectively, if there's someone you don't like, and they are one of thousands upon thousands of people using a Puma 6-powered home gateway, and you know their public IP address, you can kick them off the internet, we're told... According to one engineer...the flaw would be "trivial" to exploit in the wild, and would effectively render a targeted box useless for the duration of the attack... "It can be exploited remotely, and there is no way to mitigate the issue."

This is particularly frustrating for Puma 6 modem owners because the boxes are pitched as gigabit broadband gateways: the devices can be potentially choked and knocked out simply by receiving traffic that's a fraction of the bandwidth their owners are paying for... The Puma 6 chipset is used in a number of ISP-branded cable modems, including some Xfinity boxes supplied by Comcast in the US and the latest Virgin Media hubs in the UK.

The original submission also notes there's already a class action lawsuit over the performance of cable modems with Intel's Puma 6 chipset, and adds "It would appear the Atom chip was never going to live up to the task it was designed for."
Google

Advertisers Are Still Boycotting YouTube Over Offensive Videos (go.com) 133

An anonymous reader quotes the Associated Press:The fallout from the YouTube boycott is likely to be felt through the rest of this year. Skittish advertisers have curtailed their spending until they are convinced Google can prevent their brands from appearing next to extremist clips promoting hate and violence... At one point, about 250 advertisers were boycotting YouTube... The list included big-spending marketers such as PepsiCo, Wal-Mart Stores, Starbucks, AT&T, Verizon, Johnson & Johnson, and Volkswagen.

It's unclear how many, if any, of those have returned to YouTube since Google promised to hire more human reviewers and upgrade its technology to keep ads away from repugnant videos. Both Verizon and AT&T, two companies that are trying to expand their own digital ad networks to compete with Google, told The Associated Press that they are still boycotting YouTube. FX Networks confirmed that it isn't advertising on YouTube either. Several other boycotting marketers contacted by AP didn't respond.

Thursday CEO Sundar Pichai told analysts that responding to the boycott, Google held "thousands and thousands" of conversations with advertisers, and one analyst now estimates reduced ad spending on YouTube and Google could cost the company $300 million this year alone.
Robotics

Humans Are Already Harassing Security Robots (cnn.com) 153

An anonymous reader quotes CNN: As robots begin to appear on sidewalks and streets, they're being hazed and bullied. Last week, a drunken man allegedly tipped over a 300-pound security robot in Mountain View, California... Knightscope, which makes the robot that was targeted in Mountain View, said it's had three bullying incidents since launching its first prototype robot three years ago. In 2014, a person attempted to tackle a Knightscope robot. Last year in Los Angeles, people attempted to spray paint a Knightscope robot. The robot sensed the paint and sounded an alarm, alerting local security and the company's engineers... the robot's cameras filmed the pranksters' license plate, making it easy to track them down.
The company's security robots are deployed with 17 clients in five states, according to the article, which notes that at best the robots' cameras allow them to "rat out the bullies." But with delivery robots now also hitting the streets in San Francisco and Washington D.C., "the makers of these machines will have to figure out how to protect them from ill-intentioned humans."

Slashdot Top Deals