×
Security

US Government Finds New Malware From North Korea (engadget.com) 78

Days after the historic North Korea-United States summit, the Department of Homeland Security issued a report on Thursday warning of a new variant of North Korean malware to look out for. Called Typeframe, the malware is able to download and install additional malware, proxies and trojans; modify firewalls; and connect to servers for additional instructions. Engadget reports: Since last May, the DHS has issued a slew of alerts and reports about North Korea's malicious cyber activity. The department also pointed out that North Korea has been hacking countries around the world since 2009. And of course, don't forget that the U.S. also labeled that country as the source of Wannacry cyberattack, which notably held data from the UK's National Health Service hostage, and wreaked havoc across Russia and Ukraine. CNN was first to report the news.
United Kingdom

Prosecution of UK News Photographer Collapses After Recording Disproves Police Testimony (wordpress.com) 186

Slashdot reader Andy Smith writes: Slashdot reported last September how I was arrested while standing in a field near a road accident, as I photographed the scene for a newspaper. I was initially given a police warning for "obstruction", but the warning was then cancelled and I was prosecuted for resisting arrest and breach of the peace. These are serious charges and I was facing a prison sentence. Fortunately we had one very strong piece of evidence: A recording of my arrest. Not only did the recording prove that two police officers' testimony was false, but it caught one of them boasting about how he had conspired with a prosecutor to arrest and prosecute me. Yesterday the case was dropped, and now the two police officers and the prosecutor face a criminal investigation.
Programming

America's Former CTO Remembers Historic Coders (bard.edu) 85

Long-time Slashdot reader theodp writes: In her Bard College commencement speech, ex-Google VP and former U.S. CTO Megan Smith revealed to graduates that she gave President Obama a computing history lesson on the same day he learned to code in 2014. "I walked into the Oval Office to do coding with President Obama, and, interestingly, Prince William had just stepped out," Smith explained (YouTube). "They had just had a meeting. I said to President Obama, you know what you and I are about to do is related to Prince William, and he said, how's that. Well, the Prince's wife Kate, her mother and grandmother were codebreakers at Bletchley Park, where they cracked the Nazi Enigma codes...." [Presumably Smith meant to say Kate's great-aunt, not mother — Carole Middleton wasn't born until 1955.]

To be fair to the President, Smith once confessed to not knowing much about computing history herself, explaining in a 2012 Official Google Blog post that she and other visiting tech luminaries were embarrassingly clueless about who Ada Lovelace was in a 2011 visit to England. "Last year, a group of us were lucky enough to visit the U.K. Prime Minister's residence at 10 Downing Street, as part of the Silicon Valley Comes to the U.K. initiative," Smith wrote. "While there, we asked about some of the paintings on the wall. When we got to a large portrait of a regally dressed woman, our host said 'and of course, that's Lady Lovelace'... You can imagine our surprise when we learned she was considered by some to be the world's first computer programmer -- having published the first algorithm intended for use on Charles Babbage's Analytical Engine." One imagines Smith might also have been surprised to learn that many programmers older than Smith were already very aware of Lady Ada at that time thanks to the Department of Defense, who tried in vain to make Ada a household name for decades, but had little success popularizing the Ada programming language, which was named after Augusta Ada King, Countess of Lovelace.

Open Source

'Open Source Security' Loses in Court, Must Pay $259,900 To Bruce Perens (theregister.co.uk) 109

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. Now he's just won a legal victory in court. "Open Source Security, maker of the grsecurity Linux kernel patches, has been directed to pay Bruce Perens and his legal team almost $260,000 following a failed defamation claim," reports The Register. Slashdot reader Right to Opine writes: The order requires Spengler and his company to pay $259,900.50, with the bill due immediately rather than allowing a wait for the appeal of the case. The Electronic Frontier Foundation's attorneys will represent Perens during OSS/Spengler's appeal of the case.

Perens was sued for comments on his blog and here on Slashdot that suggested that OSS's Grsecurity product could be in violation of the GPL license on the Linux kernel. The court had previously ruled that Perens' statements were not defamatory, because they were statements by a non-attorney regarding an undecided issue in law. It is possible that Spengler is personally liable for any damages his small company can't pay, since he joined the case as an individual in order to preserve a claim of false light (which could not be brought by his company), removing his own corporate protection.

Security

17 Backdoored Images Downloaded 5 Million Times Removed From Docker Hub (bleepingcomputer.com) 35

An anonymous reader writes: "The Docker team has pulled 17 Docker container images that have been backdoored and used to install reverse shells and cryptocurrency miners on users' servers for the past year," reports Bleeping Computer. "The malicious Docker container images have been uploaded on Docker Hub, the official repository of ready-made Docker images that sysadmins can pull and use on their servers, work, or personal computers." The images, downloaded over 5 million times, helped crooks mine Monero worth over $90,000 at today's exchange rate. Docker Hub is now just the latest package repository to feature backdoored libraries, after npm and PyPl. Docker Hub is now facing criticism for taking months to intervene after user reports, and then going on stage at a developer conference and claiming they care about security.
Businesses

The Most Remote Island in the World is Home to Seals, Seabirds, and an Internet Top-Level Domain (ieee.org) 88

An anonymous reader shares a report: Bouvet Island has little to offer. The most remote island in the world is fewer than 20 square miles in size, and it's almost entirely covered by a glacier. Long ago, it was an active volcano, but those fiery days have long since passed. Now, it's home to hundreds of thousands of seabirds, a Norwegian research station, and its own top-level internet domain.

Top-level domains serve as part of the Internet's architecture. Aside from generic domains like .com and .edu, every country has a specific two-letter domain assigned to it. The United Kingdom, for example, uses .uk; Japan uses .jp. The United States has .us, though it's not widely used. The original idea was that each country could manage the websites registered by individuals and organizations within its borders by issuing them websites that use their country-specific domain.

But here's the weird thing about Bouvet Island having its own top-level domain: It's uninhabited. It's always been uninhabited. Located in the southern Atlantic, the closest land to Bouvet Island is the coast of Antarctica, 1,100 miles to the south. The closest inhabited land is the island Tristan da Cunha, a British overseas territory located 1,400 miles to the north (Interestingly enough, Tristan da Cunha does not have its own top-level domain).

EU

Kaspersky Halts Europol Partnership After Controversial EU Parliament Vote (bleepingcomputer.com) 104

An anonymous reader writes: Kaspersky Lab announced it was temporarily halting its cooperation with Europol following the voting of a controversial motion in the European Parliament. The Russian antivirus vendor will also stop working on the NoMoreRansom project that provided free ransomware decrypters for ransomware victims.

The company's decision comes after the EU Parliament voted a controversial motion that specifically mentions Kaspersky as a "confirmed as malicious" software and urges EU states to ban it as part of a joint EU cyber defense strategy. The EU did not present any evidence for its assessment that Kaspersky is malicious, but even answered user questions claiming it has no evidence. The motion is just a EU policy and has no legislative power, put it is still an official document. Kaspersky software has been previously banned from Government systems in the US, UK, Netherlands, and Lithuania.

Security

Britain's Dixons Carphone Discovers Data Breach Affecting 5.9 Million Payment Cards (betanews.com) 32

Mark Wilson shares a report from BetaNews: Another week, another cyberattack. This time around, it's the Dixons Carphone group which says it has fallen victim to not one but two major breaches. The bank card details of 5.9 million customers have been accessed by hackers in the first breach. In the second, the personal records of 1.2 million people have been exposed. Dixons Carphone says that it is investigating an attack on its card processing system at Currys PC World and Dixons Travel in which there was an attempt to compromise 5.9 million cards. The company stressed that the vast majority -- 5.8 million -- of these cards were protected by chip and PIN, and that the data accessed did not include PINS, CVVs or any other authentication data that could be used to make payments or identify the card owners. The report goes on to mention that 105,000 non-EU issued payment cards, which were not chip and PIN protected, were also affected. The company says it will be contacting those customers affected by the breaches.
Earth

Chile Becomes First Country In Americas To Ban Plastic Bags (ewn.co.za) 201

An anonymous reader quotes a report from Eyewitness News: Chile's Senate has passed a bill that will prohibit the use of plastic bags in stores, with a vote in their House of Representatives overwhelmingly in favor of the measure, with 134 supporting the bill and one abstention. According to The Independent, the new law would give large retailers one year to phase out the use of plastic bags, and smaller businesses two years. This makes Chile the first country in the Americas to ban plastic bags, and officially recognize how important such a ban would be in the effort to reduce unnecessary single-use plastic waste.

At first, the measure was only meant to ban plastic bags in Patagonia, but it was approved by both the senate and president for the entire country. The Association of Plastic Industries registered Chile as using 3,400 million plastic bags per year, or 200 per person. Telesur reports that the Minister of the Environment, Marcela Cubillos, said the country needs a larger cultural change for people to start replacing plastic with reusable bags.

United Kingdom

UK Watchdog Issues $334K Fine For Yahoo's 2014 Data Breach (theregister.co.uk) 29

An anonymous reader quotes a report from The Register: Yahoo's U.K. limb has finally been handed a $334,300 (250,000 GBP) fine for the 2014 cyber attack that exposed data of half a million Brit users. Today, the Information Commissioner's Office issued Yahoo U.K. Services Ltd a $334,300 (250,000 GBP) fine following an investigation that focused on the 515,121 U.K. accounts that the London-based branch of the firm had responsibility for. The ICO said "systemic failures" had put user data at risk as the U.K. arm of Yahoo did not take appropriate technical and organizational measures to prevent a data breach of this size.

In particular, the watchdog said there should have been proper monitoring systems in place to protect the credentials of Yahoo employees who could access customer's data, and to ensure that instructions to transfer very large quantities of personal data from Yahoo's servers would be flagged for investigation. It also noted that, as a data controller, Yahoo U.K. services Ltd had a responsibility to ensure its processors -- in this case Yahoo, whose U.S. servers held the data on U.K. users -- complied with data protection standards.

EU

Internet Luminaries Urge EU To Kill Off Automated Copyright Filter Proposal (theregister.co.uk) 40

A large group of Internet pioneers have sent an open letter to the European Union urging it to scrap a proposal to introduce automated upload filters, arguing that it could damage the internet as we know it. The Register: The European Parliament's Legal Affairs (Juri) Committee will vote on the proposal contained in Article 13 of the Copyright in the Digital Single Market Directive next week. The proposal would see all companies that "store and provide to the public access to large amounts of works" obliged to "prevent the availability... of works... identified by rightholders." Despite the inclusion of language that says such measures need to be "appropriate and proportionate," it has caused many to worry that the law will lead to a requirement for all platforms to introduce automated content filtering, and shift liability for any copyrighted material that appears online from the user that posts it to the platform itself.

"By inverting this liability model and essentially making platforms directly responsible for ensuring the legality of content in the first instance, the business models and investments of platforms large and small will be impacted," warns the letter [PDF] signed by "Father of the Internet" Vint Cerf, world world web inventor Tim Berners-Lee, as well a host of other internet luminaries including Wikipedia's Jimmy Wales, security expert Bruce Schneier and net neutrality namer Tim Wu.

United Kingdom

Digital IDs Needed To End 'Mob Rule' Online, Says UK's Security Minister (independent.co.uk) 508

Digital IDs should be brought in to end online anonymity that permits "mob rule" and lawlessness online, the security minister of United Kingdom has said. From a report: Ben Wallace said authentication used by banks could also by employed by internet firms to crack down on bullying and grooming, as he warned that people had to make a choice between "the wild west or a civilised society" online. He also took aim at the "phoniness" of Silicon Valley billionaires, and called for companies such as WhatsApp to contribute to society over the negative costs of their technology, such as end-to-end encryption. It comes after Theresa May took another step against tech giants, saying they would be ordered to clamp down on vile attacks against women on their platforms. The prime minister will target firms such as Facebook and Twitter as she makes the pitch at the G7 summit this weekend, where she will urge social media firms to treat violent misogyny with the same urgency as they do terror threats. Mr Wallace told The Times: "A lot of the bullying on social media and the grooming is because those people know you cannot identify them. It is mob rule on the internet. You shouldn't be able to hide behind anonymity."
Piracy

'Pirates' Tend To Be the Biggest Buyers of Legal Content, Study Shows (vice.com) 108

An anonymous reader quotes a report from Motherboard: According to a paywalled survey of 1,000 UK residents by anti-piracy outfit MUSO first spotted by Torrent Freak, 60 percent of those surveyed admitted that they had illegally streamed or downloaded music, film, or TV shows sometime in the past. But the study also showed that 83 percent of those questioned try to find the content they are looking for through above board services before trying anything else. And while the study found that 86 percent of survey takers subscribe to a streaming subscription service like Netflix, that total jumped to 91 percent among those that admit to piracy. The survey found that the top reason that users pirate is the content they were looking for wasn't legally available (34 percent) was too cumbersome or difficult to access (34 percent), or wasn't affordable (35 percent). "The entertainment industry tends to envisage piracy audiences as a criminal element, and writes them off as money lost -- but they are wrong to do so," MUSO executive Paul Briley said of the study's findings. "The reality is that the majority of people who have gone through the effort of finding and accessing such unlicensed content are, first and foremost, fans -- fans who are more often than not trying to get content legally if they can," Briley added.
United Kingdom

UK Bank TSB Admits 1,300 Accounts Hit By Fraud Amid IT Meltdown (bbc.com) 28

An anonymous reader shares a BBC report: Life savings have been stolen from TSB accounts by fraudsters "exploiting" the bank's IT problems, with 1,300 people losing money. On occasions, people were waiting on the phone for up to nine hours to report cases, the bank's boss Paul Pester has told MPs. He said that 70 times the normal level of fraud attacks were seen last month. The introduction of a new IT system in April left customers struggling to make transactions and see their balances. The bank said it would compensate customers in full for any fraud they suffered. The evidence came after the financial regulator confirmed that it was investigating TSB and criticised Mr Pester for an "optimistic view" of services after the meltdown.
Microsoft

Microsoft Sinks Data Centre Off Orkney To Test Energy Efficiency (bbc.co.uk) 155

An anonymous reader writes: Microsoft has sunk a data centre in the sea off Orkney to investigate whether it can boost energy efficiency. The data centre, a white cylinder containing computers, could sit on the sea floor for up to five years. An undersea cable brings the data centre power and takes its data to the shore and the wider internet -- but if the computers onboard break, they cannot be repaired. The operation to sink the Orkney data centre has been an expensive multinational affair. The cylinder was built in France by a shipbuilding company, Naval, loaded with its servers and then sailed from Brittany to Stromness in Orkney. There, another partner, the European Marine Energy Centre (EMEC), provided help including the undersea cable linking the centre to the shore. "This is a crazy experiment that I hope will turn into reality" said Ben Cutler, who is in charge of what Microsoft has dubbed Project Natick. "But this is a research project right now -- and one reason we do different types of research into data centres is to learn what makes sense before we decide to take it to a larger scale."
Science

Scientists May Have Discovered a New Fundamental Particle: Sterile Neutrino (theregister.co.uk) 94

Artem Tashkinov writes: It needs more sigmas, but Fermilab boffins in America are carefully speculating that they may have seen evidence of a new fundamental particle: the sterile neutrino. The suggestion follows tests conducted by the MiniBooNE (Mini Booster Neutrino Experiment) instrument, located near Chicago. Its mission is to detect neutrino mass through their oscillations. In the Standard Model of physics, neutrinos, like all particles, are initially assumed to be massless, but some observations, like neutrino oscillation, suggest there's mass there. The experiment that possibly detected sterile neutrinos collected 15 years of data from its commissioning in 2002, and the results have only now reached pre-press outlet arXiv.

Over 15 years, MiniBooNE detected a few hundred more electron neutrinos than were predicted in Standard Model theory. The extra particles suggests there is a fourth, heavier flavor. The findings bring the MiniBooNE team tantalizingly close to a "result" -- it's a 4.8 sigma result, when "discovery" demands 5 sigma.

Security

Zip Slip Vulnerability Affects Thousands of Projects (theregister.co.uk) 127

Yhcrana writes: Considering the video in the story makes it pretty simple, this is not something I would like to have happen. Apparently it is a flaw in the libraries that are being used by Oracle, Apache, and others. The Register reports: "Booby-trapped archive files can exploit vulnerabilities in a swath of software to overwrite documents and data elsewhere on a computer's file system -- and potentially execute malicious code. Specifically, the flaws, dubbed "Zip Slip" by its discoverers at security outfit Snyk, is a path traversal flaw that can potentially be exploited to perform arbitrary code execution attacks. It affects .zip, .bz2, .tar, .xz, .war, .cpio, and .7z archives.

The bugs, according to Snyk, lie in code that unpacks compressed archives, hence the "Zip Slip" title. When software does not properly check and sanitize file names within the archive, attackers can set the destination path for an unpacked file to an existing folder or file elsewhere on a system. When that file is extracted, it will overwrite the existing data in that same path."

IT

Visa Card Payment Systems Go Down Across Europe (bleepingcomputer.com) 108

Catalin Cimpanu, reporting for BleepingComputer: The Visa card payment system is currently down across Europe. Users across the continent have reported problems during the day when attempting to make payments using their Visa cards. A Visa spokesperson confirmed the outage but did not reveal any other details, such as its cause or its scale. Bank social media accounts also confirmed the outage and informed customers of the issue. Users across the UK, Germany, France, Italy, Romania, and Hungary have confirmed problems with payments, but the problems are believed to affect all European countries.
Facebook

Now Even Russian Lawmakers Want a Piece of Mark Zuckerberg (qz.com) 73

PolygamousRanchKid shares a report from Quartz: In an ironic twist in the saga of Facebook's troubles, Russian lawmakers have declared that they, too, would like to question Mark Zuckerberg. According to the Moscow Times, senator Anton Belyakov yesterday offered to invite the Facebook CEO to address the upper chamber of the Russian parliament. "After all, he spoke about information security, not giving access to personal data, preventing the dissemination of harmful content," Belyakov reportedly said, referring to Zuckerberg's meetings with the U.S. Congress and European Parliament. Another reason for those meetings was to discuss whether the social network facilitated Russian meddling in foreign elections.

The U.S. company is in trouble with Russian authorities for disobeying a 2015 law that requires it to store the data of Russian citizens on the country's soil. In April, the state communications watchdog threatened that if Facebook didn't comply, it would face the same fate as LinkedIn, which was banned in the country last year. Much to the chagrin of UK politicians, he (Zuckerberg) has not agreed to multiple calls, and even a mild threat, to testify in front of a UK parliamentary committee.

AI

DeepMind Used YouTube Videos To Train Game-Beating Atari Bot (theregister.co.uk) 61

Artem Tashkinov shares a report from The Register: DeepMind has taught artificially intelligent programs to play classic Atari computer games by making them watch YouTube videos. Exploration games like 1984's Montezuma's Revenge are particularly difficult for AI to crack, because it's not obvious where you should go, which items you need and in which order, and where you should use them. That makes defining rewards difficult without spelling out exactly how to play the thing, and thus defeating the point of the exercise. For example, Montezuma's Revenge requires the agent to direct a cowboy-hat-wearing character, known as Panama Joe, through a series of rooms and scenarios to reach a treasure chamber in a temple, where all the goodies are hidden. Pocketing a golden key, your first crucial item, takes about 100 steps, and is equivalent to 100^18 possible action sequences.

To educate their code, the researchers chose three YouTube gameplay videos for each of the three titles: Montezuma's Revenge, Pitfall, and Private Eye. Each game had its own agent, which had to map the actions and features of the title into a form it could understand. The team used two methods: temporal distance classification (TDC), and cross-modal temporal distance classification (CDC). The DeepMind code still relies on lots of small rewards, of a kind, although they are referred to as checkpoints. While playing the game, every sixteenth video frame of the agent's session is taken as a snapshot and compared to a frame in a fourth video of a human playing the same game. If the agent's game frame is close or matches the one in the human's video, it is rewarded. Over time, it imitates the way the game is played in the videos by carrying out a similar sequence of moves to match the checkpoint frame.
In the end, the agent was able to exceed average human players and other RL algorithms: Rainbow, ApeX, and DQfD. The researchers documented their method in a paper this week. You can view the agent in action here.

Slashdot Top Deals