You are here

Slashdot

Subscribe to Slashdot feed Slashdot
News for nerds, stuff that matters
Updated: 2 hours 32 min ago

Zero-Day iOS HomeKit Vulnerability Allowed Remote Access To Smart Accessories Including Locks

Sat, 12/09/2017 - 01:45
Apple has issued a fix to a vulnerability that allowed unauthorized control of accessories, including smart locks and garage door openers. "Our understanding is Apple has rolled out a server-side fix that now prevents unauthorized access from occurring while limiting some functionality, and an update to iOS 11.2 coming next week will restore that full functionality," reports 9to5Mac. From the report: The vulnerability, which we won't describe in detail and was difficult to reproduce, allowed unauthorized control of HomeKit-connected accessories including smart lights, thermostats, and plugs. The most serious ramification of this vulnerability prior to the fix is unauthorized remote control of smart locks and connected garage door openers, the former of which was demonstrated to 9to5Mac. The issue was not with smart home products individually but instead with the HomeKit framework itself that connects products from various companies. The vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple's mobile operating system, connected to the HomeKit user's iCloud account; earlier versions of iOS were not affected.

Read more of this story at Slashdot.

Categories: Tech/Science News

'Process Doppelganging' Attack Bypasses Most Security Products, Works On All Windows Versions

Sat, 12/09/2017 - 01:03
An anonymous reader quotes a report from Bleeping Computer: Yesterday, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelganging." This new attack works on all Windows versions and researchers say it bypasses most of today's major security products. Process Doppelganging is somewhat similar to another technique called "Process Hollowing," but with a twist, as it utilizes the Windows mechanism of NTFS Transactions. "The goal of the technique is to allow a malware to run arbitrary code (including code that is known to be malicious) in the context of a legitimate process on the target machine," Tal Liberman & Eugene Kogan, the two enSilo researchers who discovered the attack told Bleeping Computer. "Very similar to process hollowing but with a novel twist. The challenge is doing it without using suspicious process and memory operations such as SuspendProcess, NtUnmapViewOfSection. In order to achieve this goal we leverage NTFS transactions. We overwrite a legitimate file in the context of a transaction. We then create a section from the modified file (in the context of the transaction) and create a process out of it. It appears that scanning the file while it's in transaction is not possible by the vendors we checked so far (some even hang) and since we rollback the transaction, our activity leaves no trace behind." The good news is that "there are a lot of technical challenges" in making Process Doppelganging work, and attackers need to know "a lot of undocumented details on process creation." The bad news is that the attack "cannot be patched since it exploits fundamental features and the core design of the process loading mechanism in Windows." More research on the attack will be published on the Black Hat website in the following days.

Read more of this story at Slashdot.

Categories: Tech/Science News

Google Puts Android Accessibility Crackdown On Hold

Sat, 12/09/2017 - 00:20
Last month, Google issued a warning to Android app developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically used to help users with "disabilities." Since a lot of password managers use the Accessibility API, as well as poplar apps like Tasker automation and Greenify battery saver, there was a large amount of backlash from developers and users alike. According to SlashGear, Google is putting the Android accessibility crackdown on hold. From the report: Google has now sent another email that basically says "we'll think about it." It is evaluating "responsible and innovative use" of those services on a case to case basis. It is also requiring developers to explicitly inform users why they are asking for accessibility permissions rather than just informing them. This, of course, puts a heavier burden on Google, as it has to be more involved in the screening of apps rather than just rely on good ol' machine learning and automation. Developers and users probably won't mind, if it means still having access to those features that make Android a platform above all the rest.

Read more of this story at Slashdot.

Categories: Tech/Science News

Elon Musk Says Tesla Is Building Dedicated Chips For Autopilot

Fri, 12/08/2017 - 23:40
Elon Musk says Tesla is developing its own chip to run the Autopilot system in future vehicles from the firm. The news was revealed at a Tesla party that took place at the intelligence conference NIPS. Attendees at the party told The Register that Musk said, "I wanted to make it clear that Tesla is serious about AI, both on the software and hardware fronts. We are developing custom AI hardware chips." From the report: Musk offered no details of his company's plans, but did tell the party that "Jim is developing specialized AI hardware that we think will be the best in the world." "Jim" is Jim Keller, a well-known chip engineer who was lead architect on a range of silicon at AMD and Apple and joined Tesla in 2016. Keller later joined Musk on a panel discussing AI at the Tesla Party alongside Andrej Karpathy, Tesla's Director of AI and chaired by Shivon Zilis, a partner and founding member at Bloomberg Beta, a VC firm. Musk is well known for his optimism about driverless cars and pessimism about whether AI can operate safely. At the party he voiced a belief that "about half of new cars built ten years from now will be autonomous." He added his opinion that artificial general intelligence (AGI) will arrive in about seven or eight years.

Read more of this story at Slashdot.

Categories: Tech/Science News

Apple Is Reportedly Buying Shazam For Nearly Half a Billion Dollars

Fri, 12/08/2017 - 23:21
Apple is close to acquiring Shazam, one of the most recognized services for music recognition. While the exact amount is unknown, the service may be purchased by Apple for around $400 million. PhoneDog reports: Apple is close to acquiring Shazam, say sources speaking to TechCrunch. The deal will reportedly be signed this week and could be announced as early as next Monday. A report from Recode echoes the news of Apple acquiring Shazam, adding that Shazam will likely be valued at around $400 million. Apple -- and other companies -- already offer a music recognition service, but Apple must see something in Shazam's services that it thinks can help improve its own music recognition if it's going to drop nearly half a billion dollars on this deal. Shazam is able to identify TV shows, films, and advertisements in addition to music, so perhaps Apple sees some benefit to these abilities, too.

Read more of this story at Slashdot.

Categories: Tech/Science News

Chrome 63 Offers Even More Protection From Malicious Sites, Using Even More Memory

Fri, 12/08/2017 - 23:00
An anonymous reader quotes a report from Ars Technica: To further increase its enterprise appeal, Chrome 63 -- which hit the browser's stable release channel yesterday -- includes a couple of new security enhancements aimed particularly at the corporate market. The first of these is site isolation, an even stricter version of the multiple process model that Chrome has used since its introduction. Chrome uses multiple processes for several security and stability reasons. On the stability front, the model means that even if a single tab crashes, other tabs (and the browser itself) are unaffected. On the security front, the use of multiple processes makes it much harder for malicious code from one site to steal secrets (such as passwords typed into forms) of another. [...] Naturally, this greater use of multiple processes incurs a price; with this option enabled, Chrome's already high memory usage can go up by another 15 to 20 percent. As such, it's not enabled by default; instead, it's intended for use by enterprise users that are particularly concerned about organizational security. The other new capability is the ability for administrators to block extensions depending on the features those extensions need to use. For example, an admin can block any extension that tries to use file system access, that reads or writes the clipboard, or that accesses the webcam or microphone. Additionally, Google has started to deploy TLS 1.3, the latest version of Transport Layer Security, the protocol that enables secure communication between a browser and a Web server. In Chrome 63, this is only enabled between Chrome and Gmail; in 2018, it'll be turned on more widely.

Read more of this story at Slashdot.

Categories: Tech/Science News

The Neon Glow of Tokyo Modified Car Culture

Fri, 12/08/2017 - 22:25
Jason Kottke: New Zealand drift racer Mike Whiddett recently travelled to Japan to explore Tokyo's "extraordinary after-dark modified auto scene." He found people making California-style lowriders, Dekotora (my favorite, if only for the sheer spectacle), illegally modified cars, and a man who says with a straight face that "driving an unmodified Lamborghini is boring."

Read more of this story at Slashdot.

Categories: Tech/Science News

Jony Ive Returns To Apple Design Management Role After Two Years

Fri, 12/08/2017 - 21:44
Zac Hall, writing for 9to5Mac: Jony Ive, Apple's chief design officer, is returning to his management role within Apple's design group after handing off managerial duties in 2015. 9to5Mac noted that Ive's design deputies Dye and Haywarth were no longer listed on Apple's leadership page earlier today.

Read more of this story at Slashdot.

Categories: Tech/Science News

Twitter Says It Accidentally Banned A Bunch Of Accounts

Fri, 12/08/2017 - 21:02
An anonymous reader shares a report: Over the past 24 hours, some Twitter users had their profiles replaced with a notice saying their accounts were now being "withheld in: Worldwide." The "country withheld" program run by Twitter typically prevents users based in a specific country from from seeing tweets sent by a withheld account. This was the first time people could recall the company withholding accounts globally, which was in effect a total ban for the user. At the time of writing, BuzzFeed News had identified 21 accounts that were being withheld worldwide, and users on Twitter were beginning to wonder if this was a new method being used by the company to suspend accounts. But a Twitter spokesperson tells BuzzFeed News that the worldwide withholdings were in fact the result of a bug. "We have identified a bug that incorrectly impacted certain accounts. We have identified a fix, are working to resolve the issue, and anticipate it will be fully resolved shortly," the spokesperson told BuzzFeed News.

Read more of this story at Slashdot.

Categories: Tech/Science News

YouTube to Launch New Music Subscription Service in March

Fri, 12/08/2017 - 20:25
An anonymous reader shares a report: YouTube plans to introduce a paid music service in March, according to people familiar with the matter, a third attempt by parent company Alphabet Inc. to catch up with rivals Spotify and Apple. The new service could help appease record-industry executives who have pushed for more revenue from YouTube. Warner Music Group, one of the world's three major record labels, has already signed on, said the people, who asked not to be identified discussing private talks. YouTube is also in talks with the two others, Sony Music Entertainment and Universal Music Group, and Merlin, a consortium of independent labels, the people said.

Read more of this story at Slashdot.

Categories: Tech/Science News

'Nature' Editorial Juxtaposes FOIA Email Release With Illegal Hacking

Fri, 12/08/2017 - 19:45
Jason Koebler and Sarah Emerson, reporting for Motherboard: Private emails between scientists working on a controversial genetic technology called "gene drive" were released last week. Obtained through a Freedom of Information Act (FOIA) request, their publication has been criticized by some as an attempt to discredit the science community. Gene drives are a genetic engineering approach with huge implications. They're meant to seed genetic traits -- one that stops mosquitoes from carrying malaria, for instance, or hampers invasive rodents' ability to reproduce -- in a population, and with terrifyingly high odds of inheritance. If things go wrong, gene drives could destabilize ecosystems. (So far, they've only been applied to yeast, fruit flies, and mosquitoes in a lab setting.) More ideally, they could wipe out deadly plagues by targeting their vectors, or give threatened species a fighting chance. Like any young technology, there are a lot of unknowns, and stakeholders are hoping to provide clarity at the United Nations Convention on Biological Diversity next year; the same convention where a proposed gene drive moratorium was rejected in 2016. The emails and other documents reveal details about gene drive's biggest funders, including DARPA, the US military's research agency.

Read more of this story at Slashdot.

Categories: Tech/Science News

Zimbabwe's Internet Went Down for About Five Hours. The Culprit Was Reportedly a Tractor.

Fri, 12/08/2017 - 19:04
Zimbabweans lost internet access en masse on Tuesday when a tractor reportedly cut through key fiber-optic cables in South Africa and another internet provider experienced simultaneous issues with its primary internet conduits. From a report: The outage began shortly before noon local time and persisted for more than five hours, affecting not only citizens' day-to-day internet usage but businesses that rely upon web access. And while five internet-free hours might sound unfathomable to those of us accustomed to having the web constantly at our fingertips, large-scale internet outages -- from inadvertent lapses caused by ship anchors to government-calculated blackouts designed to showcase political power -- do happen, and maybe more frequently than you'd thought. According to local news sources, a tractor in South Africa damaged cables belonging to Liquid Telecom, which has an 81.5 percent market share of Zimbabwe's international-equipped internet bandwidth as of the second quarter of 2017 and leases capacity to other internet providers. In a bad coincidence, city council employees in Kuwadzana, a suburb of Zimbabwe's capitol city of Harare, cut an additional TelOne cable around the same time. (According to NewsDay Zimbabwe, it was an accident. The company blamed "faults that occurred on our main links through South Africa and Botswana" in a statement.)

Read more of this story at Slashdot.

Categories: Tech/Science News

Bangladesh Bank, NY Fed Discuss Suing Manila Bank For Heist Damages

Fri, 12/08/2017 - 18:22
An anonymous reader shares a report: Bangladesh's central bank has asked the Federal Reserve Bank of New York to join a lawsuit it plans to file against a Philippines bank for its role in one of the world's biggest cyber-heists, several sources said. The Fed is yet to respond formally, but there is no indication it would join the suit. Unidentified hackers stole $81 million from Bangladesh Bank's account at the New York Fed in February last year, using fraudulent orders on the SWIFT payments system. The money was sent to accounts at Manila-based Rizal Commercial Banking Corp and then disappeared into the casino industry in the Philippines.

Read more of this story at Slashdot.

Categories: Tech/Science News

Amazon Bringing Echo and Alexa To 80 Additional Countries in Major Global Expansion

Fri, 12/08/2017 - 17:40
Amazon is launching three of its Echo devices with Alexa in 80 additional countries starting today -- a major international expansion for the company's smart speakers and voice-based assistant. From a report: New markets for the Echo, Echo Dot, and Echo Plus include Mexico, China, Russia and other countries in regions and continents including Europe, Africa, South America, the Middle East and Asia. Other Echo devices, such as the touch-screen Echo Show, are not included as part of the international expansion. Echo devices were previously only available in the US, UK, Germany, India, Japan, and Canada. Amazon earlier announced plans to bring Echo and Alexa to Australia and New Zealand next year. In addition, Amazon says its Music Unlimited subscription streaming service is available in 28 additional countries, including many of those where the Echo is now expanding, as well. Recommended reading: Don't buy anyone an Amazon Echo speaker.

Read more of this story at Slashdot.

Categories: Tech/Science News

'Face Reality! We Need Net Neutrality!' Crowd Chants Across the Country

Fri, 12/08/2017 - 17:02
ArsTechnica staff took to the streets in Washington DC, New York, and San Francisco to capture rallies in support for net neutrality, a week before the FCC is scheduled to take a historic vote rolling back network neutrality regulations. From their report: Protestors say those regulations, which were enacted by the Obama FCC in 2015, are crucial for protecting an open Internet. Organizers chose to hold most of the protests outside of Verizon cell phone stores. Ajit Pai, the FCC Chairman who is leading the agency's charge to repeal network neutrality, is a former Verizon lawyer, and Verizon has been a critic of the Obama network neutrality rules. The protest that got the most attention from FCC decision makers took place on Thursday evening in Washington DC. The FCC was holding a dinner event at the Hilton on Connecticut Avenue, just north of the city's Dupont Circle area. Protestors gathered on the street corner outside the hotel, waving pro-net neutrality posters to traffic, blaring chants, projecting pro-net neutrality messages on a building across the street, and telling personal stories about what net neutrality meant to them via a megaphone. The FCC's two Democratic commissioners also joined the demonstration, Mignon Clyburn and Jessica Rosenworcel. They both gave brief speeches to the protestors, rallying for the cause and discussing the importance of a neutral Internet.

Read more of this story at Slashdot.

Categories: Tech/Science News

Nvidia Announces 'Nvidia Titan V' Video Card: GV100 for $3000

Fri, 12/08/2017 - 16:20
Nvidia has announced the Titan V, the "world's most powerful PC GPU." It's based on Nvidia's Volta, the same architecture as the Nvidia Tesla V100 GPUs behind Amazon Web Service's recently launched top-end P3 instances, which are dedicated to artificial-intelligence applications. From a report: A mere 7 months after Volta was announced with the Tesla V100 accelerator and the GV100 GPU inside it, Nvidia continues its breakneck pace by releasing the GV100-powered Titan V, available for sale today. Aimed at a decidedly more compute-oriented market than ever before, the 815 mm2 behemoth die that is GV100 is now available to the broader public. [...] The Titan V, by extension, sees the Titan lineup finally switch loyalties and start using Nvidia's high-end compute-focused GPUs, in this case the Volta architecture based V100. The end result is that rather than being Nvidia's top prosumer card, the Titan V is decidedly more focused on compute, particularly due to the combination of the price tag and the unique feature set that comes from using the GV100 GPU. Which isn't to say that you can't do graphics on the card -- this is still very much a video card, outputs and all -- but Nvidia is first and foremost promoting it as a workstation-level AI compute card, and by extension focusing on the GV100 GPU's unique tensor cores and the massive neural networking performance advantages they offer over earlier Nvidia cards.

Read more of this story at Slashdot.

Categories: Tech/Science News

About 40 Percent of Bitcoin Is Held By 1,000 Users. If a Few of Them Want To Sell, That Could Tank Values

Fri, 12/08/2017 - 15:40
On Nov. 12, someone moved almost 25,000 bitcoins, worth about $159 million at the time, to an online exchange. The news soon rippled through online forums, with bitcoin traders arguing about whether it meant the owner was about to sell the digital currency. From a report on Bloomberg: Holders of large amounts of bitcoin are often known as whales. And they're becoming a worry for investors. They can send prices plummeting by selling even a portion of their holdings. And those sales are more probable now that the cryptocurrency is up nearly twelvefold from the beginning of the year. About 40 percent of bitcoin is held by perhaps 1,000 users; at current prices, each may want to sell about half of his or her holdings, says Aaron Brown, former managing director and head of financial markets research at AQR Capital Management. What's more, the whales can coordinate their moves or preview them to a select few. Many of the large owners have known one another for years and stuck by bitcoin through the early days when it was derided, and they can potentially band together to tank or prop up the market.

Read more of this story at Slashdot.

Categories: Tech/Science News

November Jobs Report: Economy Adds 228,000 Jobs; Unemployment Steady

Fri, 12/08/2017 - 15:00
An anonymous reader shares an NPR report: The U.S. economy added 228,000 jobs in November, according to the monthly jobs report from the Bureau of Labor Statistics. The unemployment rate remained steady at 4.1 percent, unchanged from October. "Employment growth has averaged 174,000 per month thus far this year, compared with an average monthly gain of 187,000 in 2016," the agency's Acting Commissioner William J. Wiatrowski said of the report. The number of unemployed people was "essentially unchanged at 6.6 million," the bureau said. Of that number, 1.6 million are considered to be long-term unemployed -- workers who have not had jobs for 27 weeks or more. "Among the major worker groups, the unemployment rate for teenagers increased to 15.9 percent in November," the Bureau of Labor Statistics said. Other groups saw little change from the previous month. As for wages, the agency says, "In November, average hourly earnings for all employees on private nonfarm payrolls rose by 5 cents to $26.55. Over the year, average hourly earnings have risen by 64 cents, or 2.5 percent."

Read more of this story at Slashdot.

Categories: Tech/Science News

Almost All Bronze Age Artifacts Were Made From Meteorite Iron

Fri, 12/08/2017 - 14:00
dryriver shares a report from Science Alert: According to a new study, it's possible that all iron-based weapons and tools of the Bronze Age were forged using metal salvaged from meteorites. The finding has given experts a better insight into how these tools were created before humans worked out how to produce iron from its ore. While previous studies had found specific Bronze Age objects to be made from meteoric metal -- like one of the daggers buried with King Tutankhamun -- this latest research answers the question of just how widespread the practice was. Albert Jambon, from the National Centre for Scientific Research (CNRS) in France, studied museum artifacts from Egypt, Turkey, Syria, and China, analyzing them using an X-Ray Fluorescence Spectrometer to discover they all shared the same off-world origins. "The present results complementing high quality analyses from the literature suggest that most or all irons from the Bronze Age are derived from meteoritic iron," writes Jambon in his published paper. "The next step will be to determine where and when terrestrial iron smelting appeared for the first time."

Read more of this story at Slashdot.

Categories: Tech/Science News

GE Cuts 12,000 Jobs In Response To Falling Demand For Fossil Fuel Energy

Fri, 12/08/2017 - 11:00
In response to the drop in demand for fossil fuel energy, General Electric -- the world's largest maker of gas turbines -- announced plans to cut 12,000 jobs. Quartz reports: Those cuts will mostly come from GE's power division, which makes energy-generation technologies. The reduction will account for 18% of the division's workforce and affect both professional and production employees, the company said in a statement. The majority of job losses will occur outside the U.S., Bloomberg reports. In a statement, Russell Stokes, the division's president and CEO, said disruptions to the power market were "driving significantly lower volumes in products and services." Demand for GE's power-generation equipment has stalled in part because of renewable energy growth, says Robert McCarthy, an analyst at Stifel Financial. The move is part of a larger restructuring effort under GE's new chief executive John Flannery, who has faced immense pressure to regain the company's footing since taking the helm in June of this year. GE's stock price plunged 44% this year, the worst performer on the Dow, according to Bloomberg. The company aims to cut $3.5 billion of expenses across its divisions by the end of 2018, including a $1 billion cut from the power division.

Read more of this story at Slashdot.

Categories: Tech/Science News

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer