Australia

Australian Officials Want Encryption Laws To Fight 'Terrorist Messaging' (arstechnica.com) 19

An anonymous reader quotes Ars Technica: Two top Australian government officials said Sunday that they will push for "thwarting the encryption of terrorist messaging" during an upcoming meeting next week of the so-called "Five Eyes" group of English-speaking nations that routinely share intelligence... According to a statement released by Attorney General George Brandis, and Peter Dutton, the country's top immigration official, Australia will press for new laws, pressure private companies, and urge for a new international data sharing agreement amongst the quintet of countries... "Within a short number of years, effectively, 100 per cent of communications are going to use encryption," Brandis told Australian newspaper The Age recently. "This problem is going to degrade if not destroy our capacity to gather and act upon intelligence unless it's addressed"... Many experts say, however, that any method that would allow the government access even during certain situations would weaken overall security for everyone.
America's former American director of national intelligence recently urged Silicon Valley to "apply that same creativity, innovation to figuring out a way that both the interests of privacy as well as security can be guaranteed." Though he also added, "I don't know what the answer is. I'm not an IT geek, but I just don't think we're in a very good place right now."
Education

Why So Many Top Hackers Come From Russia (krebsonsecurity.com) 46

Long-time Slashdot reader tsu doh nimh writes: Brian Krebs has an interesting piece this week on one reason that so many talented hackers (malicious and benign) seem to come from Russia and the former Soviet States: It's the education, stupid. Krebs's report doesn't look at the socioeconomic reasons, but instead compares how the U.S. and Russia educate students from K-12 in subjects which lend themselves to a mastery in coding and computers -- most notably computer science. The story shows that the Russians have for the past 30 years been teaching kids about computer science and then testing them on it starting in elementary school and through high school. The piece also looks at how kids in the U.S. vs. Russia are tested on what they are supposed to have learned.
Fossbytes also reports that Russia claimed the top spot in this year's Computer Programming Olympics -- their fourth win in six years -- adding that "the top 9 positions out of 14 were occupied by Russian or Chinese schools." The only two U.S. schools in the top 20 were the University of Central Florida (#13) and MIT (#20).
Intel

New HyperThreading Flaw Affects Intel 6th And 7th Generation Skylake and Kaby Lake-Based Processors (hothardware.com) 50

MojoKid writes: A new flaw has been discovered that impacts Intel 6th and 7th Generation Skylake and Kaby Lake-based processors that support HyperThreading. The issue affects all OS types and is detailed by Intel errata documentation and points out that under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers, as well as their corresponding wider register (e.g. RAX, EAX or AX for AH), may cause unpredictable system behavior, including crashes and potential data loss. The OCaml toolchain community first began investigating processors with these malfunctions back in January and found reports stemming back to at least the first half of 2016.

The OCaml team was able pinpoint the issue to Skylake's HyperThreading implementation and notified Intel. While Intel reportedly did not respond directly, it has issued some microcode fixes since then. That's not the end of the story, however, as the microcode fixes need to be implemented into BIOS/UEFI updates as well and it is not clear at this time if all major vendors have included these changes in their latest revisions.

Security

Anthem To Pay $115 Million In The Largest Data Breach Settlement Ever (cnet.com) 27

An anonymous reader quotes CNET: Anthem, the largest health insurance company in the U.S., has agreed to settle a class action lawsuit over a 2015 data breach for a record $115 million, according to lawyers for the plaintiffs. The settlement still has to be approved by US District Court Judge Lucy Koh, who is scheduled to hear the case on August 17 in San Jose, California. And Anthem, which didn't immediately respond to a request for confirmation and comment, isn't admitting any admitting any wrongdoing, according to a statement it made to CyberScoop acknowledging the settlement.

But if approved, it would be the largest data breach settlement in history, according to the plaintiffs' lawyers, who announced the agreement Friday. The funds would be used to provide victims of the data breach at least two years of credit monitoring and to reimburse customers for breach-related expenses. The settlement would also guarantee a certain level of funding for "information security to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls," the plaintiff attorneys said.

The breach compromised data for 80 million people, including their social security numbers, birthdays, street addresses (and email addresses) as well as income data. The $115 million settlement averages out to $1.43 for every person who was affected.
Space

SpaceX Livestreams Sunday's Rocket Launch (space.com) 42

An anonymous reader quotes Space.com: A SpaceX Falcon 9 rocket carrying the 10 satellites for Iridium Communications is scheduled to liftoff from Vandenberg Air Force Base in California at 1:25 p.m. PDT (4:25 p.m. EDT/2025 GMT). The live webcast is expected to begin about 1 hour before the opening of the launch window, and you can watch it on SpaceX's website, or at Space.com. This is the second of eight planned Iridium launches with SpaceX. The launches will deliver a total of 75 satellites into space for the $3 billion Iridium NEXT global communications network. "Iridium NEXT will replace the company's existing global constellation in one of the largest technology upgrades ever completed in space," according to a statement from Iridium. "It represents the evolution of critical communications infrastructure that governments and organizations worldwide rely upon to drive business, enable connectivity, empower disaster relief efforts and more."
After the mission the booster rocket will attempt to land on a droneship. The droneships name is "Just Read The Instructions."
The Almighty Buck

Ethereum Exchange Reimburses Customer Losses After 'Flash Crash' (gdax.com) 44

An anonymous reader writes: "The price of ethereum crashed as low as 10 cents from around $319 in about a second on the GDAX cryptocurrency exchange on Wednesday," reports CNBC, calling it "a move that is being blamed on a 'multimillion dollar market sell' order... As the price continued to fall, another 800 stop loss orders and margin funding liquidations caused ethereum to trade as low as 10 cents." An executive for the exchange said "Our matching engine operated as intended throughout this event and trading with advanced features like margin always carries inherent risk."

Though some users complained they lost money, the price rebounded to $325 -- and according to a report on one trading site, "one person had an order in for just over 3,800 ethereum if the price fell to 10 cents on the GDAX exchange," reports CNBC. "Theoretically this person would have spent $380 to buy these coins, and when the price shot up above $300 again, the trader would be sitting on over $1 million." Yet the currency exchange announced Friday that they're honoring everyone's gains, while also reimbursing customers who suffered losses. "We view this as an opportunity to demonstrate our long-term commitment to our customers and belief in the future of this industry."

Crime

90 Cities Install A Covert Technology That Listens For Gunshots (businessinsider.com) 168

An anonymous reader quotes Business Insider: In more than 90 cities across the US, including New York, microphones placed strategically around high-crime areas pick up the sounds of gunfire and alert police to the shooting's location via dots on a city map... ShotSpotter also sends alerts to apps on cops' phones. "We've gone to the dot and found the casings 11 feet from where the dot was, according to the GPS coordinates," Capt. David Salazar of the Milwaukee Police Dept. told Business Insider. "So it's incredibly helpful. We've saved a lot of people's lives."

When three microphones pick up a gunshot, ShotSpotter figures out where the sound comes from. Human analysts in the Newark, California, headquarters confirm the noise came from a gun (not a firecracker or some other source). The police can then locate the gunshot on a map and investigate the scene. The whole process happens "much faster" than dialing 911, Salazar said, though he wouldn't disclose the exact time.

The company's CEO argues their technology deters crime by demonstrating to bad neighborhoods that police will respond quickly to gunshots. (Although last year Forbes discovered that in 30% to 70% of cases, "police found no evidence of a gunshot when they arrived.") And in a neighborhood where ShotSpotter is installed, one 60-year-old man is already complaining, "I don't like Big Brother being in all my business."
Transportation

Self-Driving Cars Are Safer When They Talk To Each Other (engadget.com) 80

An anonymous reader quotes Engadget: A University of Michigan public-private partnership called Mcity is testing V2V, or vehicle to vehicle communication, and has found that it makes their autonomous prototypes even safer. V2V works by wirelessly sharing data such as location, speed and direction. Using DSRC, or Dedicated Short Range Communication, V2V can send up to 10 messages per second. This communication allows cars to see beyond what is immediately in front of them -- sensing a red light around a blind curve, or automatically braking for a car that runs a stop sign... The catch of V2V? It has to be installed in the majority of cars and infrastructure (such as traffic lights) to function adequately.
Earth

Los Angeles Tests Reflective 'Cool Pavement' On Streets (dailynews.com) 86

mikeebbbd writes: As reported in the Los Angeles Daily News, during the current heatwave various officials swooped down on streets coated with an experimental light-gray sealer that makes the old asphalt into a "cool street" -- and it works, with average temperature differences between coated streets and adjacent old asphalt around 10F. At a large parking lot, the temperature reduction was over 20F. If the material holds up and continues to meet other criteria, LA plans to use it on more pavement rehab projects, which could eventually make a difference in the heat island effect. The "CoolSeal" coating is apparently proprietary to a company named GuardTop LLC, costs $25-40K/mile, and lasts 5-7 years. At that price, it's might not be used a lot, at least at first; typical slurry seals run $15-30K/mile.
Cellphones

Software Developer Explains Why The Ubuntu Phone Failed (itwire.com) 86

troublemaker_23 quotes ITWire: A developer who worked with the Ubuntu Phone project has outlined the reasons for its failure, painting a picture of confusion, poor communication and lack of technical and marketing foresight. Simon Raffeiner stopped working with the project in mid-2016, about 10 months before Canonical owner Mark Shuttleworth announced that development of the phone and the tablet were being stopped.
Raffeiner says, for example, that "despite so many bugs being present, developers were not concentrating on fixing them, but rather on adding support for more devices." But he says he doesn't regret the time he spent on the project -- though now he spends his free time "traveling the world, taking photographs and creating bad card games, bad comics and bad games."

"Please note that this post does not apply to the UBPorts project, which continues to work on the phone operating system, Unity 8 and other components."
Wireless Networking

How A Contractor Exploited A Vulnerability In The FCC Website (wirelessestimator.com) 59

RendonWI writes: A Wisconsin wireless contractor discovered a flaw in the FCC's Antenna Structure Registration (ASR) database, and changed the ownership of more than 40 towers from multiple carriers and tower owners into his company's name during the past five months without the rightful owners being notified by the agency, according to FCC documents and sources knowledgeable of the illegal transfers. Sprint, AT&T and key tower companies were targeted in the wide-ranging thefts... Changing ASR ownership is an easy process by applying online for an FCC Registration Number (FRN) which is instantly granted whether the factual or inaccurate information is provided. Then, once logged in, an FRN holder can submit a form stating that they are the new owner of any or multiple structures in the database. As soon as it is submitted, the change is immediately reflected in the ASR.
Earth

What Happens When Geoengineers 'Hack The Planet'? (thebulletin.org) 158

Dan Drollette shares an article by an Oxford physics professor who's concerned about the popularity of radical new proposals to fight global warming. The Christian Science Monitor wonders if it's time to re-engineer our climate. MIT's Technology Review basically thinks the answer is "yes," having described it earlier as "cheap and easy." The Atlantic seems quite smitten with Economist writer Oliver Morton's vision of remaking the planet, which geoengineering booster Jane Long breathlessly called "geopoetry." The idea received recent coverage (much of it favorable) by New Scientist, NBC, and in TED talks; I myself have recently participated in an NPR panel discussion on the subject... But what has really catapulted the idea into the public eye is Harvard's reckless plan for a privately-funded field trial testing some of the key elements needed... Proceeding to field experimentation crosses a thin red line beyond which lies the slippery slope down to ever-larger field trials and ultimately deployment.
Harvard's experiment -- which is partially funded by Bill Gates -- is "subject to no governance save what Harvard chooses to impose upon itself," according to the article. The experiment involves "putting something in the atmosphere to reflect more sunlight back out into space," which the article warns will create "enduring" effects -- and require humanity to commit to maintaining the same atmospheric conditions forever.
United States

Does US Have Right To Data On Overseas Servers? We're About To Find Out (arstechnica.com) 227

Long-time Slashdot reader quotes Ars Technica: The Justice Department on Friday petitioned the US Supreme Court to step into an international legal thicket, one that asks whether US search warrants extend to data stored on foreign servers. The US government says it has the legal right, with a valid court warrant, to reach into the world's servers with the assistance of the tech sector, no matter where the data is stored.

The request for Supreme Court intervention concerns a 4-year-old legal battle between Microsoft and the US government over data stored on Dublin, Ireland servers. The US government has a valid warrant for the e-mail as part of a drug investigation. Microsoft balked at the warrant, and convinced a federal appeals court that US law does not apply to foreign data.

According to the article, the U.S. government told the court that national security was at risk.
Security

Account Registrations Enable 'Password Reset Man In The Middle' Attacks (helpnetsecurity.com) 69

"Attackers that have set up a malicious site can use users' account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications, researchers have demonstrated." Orome1 quotes Help Net Security: The Password Reset Man in the Middle attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource. Once the user initiates the account registration process by entering their email address, the attacker can use that information to initiate a password reset process on another website that uses that piece of information as the username (e.g. Google, YouTube, Amazon, Twitter, LinkedIn, PayPal, and so on). Every request for input from that site is forwarded to the potential victim, and then his or her answers forwarded back to that particular site.
Interestingly, it can also beat two-factor authentication -- since the targeted user will still input the phone code into the man-in-the-middle site.
EU

Germany Cracks Down On Illegal Speech On Social Media. (smh.com.au) 395

ArmoredDragon writes: German police have raided 36 homes of people accused of using illegal speech on Facebook and Twitter. Much of it was aimed at political speech. According to the article, "Most of the raids concerned politically motivated right-wing incitement, according to the Federal Criminal Police Office, whose officers conducted home searches and interrogations. But the raids also targeted two people accused of left-wing extremist content, as well as one person accused of making threats or harassment based on someone's sexual orientation."

This comes just as a new law is being debated that can fine social media platforms $53 million for not removing 70% of illegal speech (including political, defamatory, and hateful speech) within 24 hours of it being posted, which Facebook argues will make it obligatory for them to delete posts and ban users for speech that isn't clearly illegal.

Slashdot Top Deals