Iz o COKS - Center odprte kode Slovenije

Redakcija: 12:13, 10. oktober 2007

O COKS

Vse o Odprti kodi

OK Programska oprema

Pomoč in svetovanje

Dogodki/Koledar prireditev

https://www.linuxtoday.com/biglt.rss

Slashdot

Code.org Hacked, Emails and Locations Data of Volunteers Compromised

An anonymous reader allegedly quoting an email from Code.org, claims that the database of the non-profit organization has been breached: Some personal data was accessed on our web site by a firm exploiting a client-side vulnerability. Your email address and your location, if you provided it, were compromised and may have been read. The exploit was limited to engineers and others who volunteered to help in classrooms. No student or teacher accounts were impacted, nor passwords or additional information. The exploit did not give hackers access to any of our servers. Earlier this week, a volunteer engineer told us he received an unsolicited recruiting email from a technical freelancing firm in Singapore. We determined the firm was able to retrieve the volunteer's private email address by exploiting a client-side vulnerability on our volunteer map. We've since had 6 similar cases reported. We've fixed the problem, and all private data was secured against future attacks late Friday. We also inspected and secured the rest of our site from similar vulnerabilities. Code.org has confirmed to Slashdot that it has indeed suffered a beach. The non-profit separately wrote in a blog post that a Singapore-based recruiting firm had exploited a vulnerability on its website to send emails to Code.org members. Following is an email sent by the recruiting firm to Hadi Partovi, CEO, Code.org. "Sorry about this... our intention was we thought it'd be good to get them more opportunities to improve their own Computer Science skills beyond the opportunities available in their geographical boundaries / location. We've told our team to stop this with immediate effect. No one should be receiving anymore e-mails from us from this point onwards. You have my word that we will delete their email addresses from our mailing lists. They should not receive anymore emails from us."

Read more of this story at Slashdot.

Google Chrome Extension Caught Stealing Bitcoin From Users

An anonymous reader writes: Bitcoin exchange portal Bitstamp is warning users of a Google Chrome extension that steals their Bitcoin when making a transfer. According to Bitstamp, this extension contains malicious code that is redirecting payments to its own Bitcoin address. Bitcoin web app developer Devon Weller confirmed Bitstamp's findings, saying that the extension was secretly replacing Bitcoin QR codes with its own. The extension's name is BitcoinWisdom Ads Remover and is still available on the Google Chrome Web Store. In July 2015, many users reported having similar issues with the same extension.

Read more of this story at Slashdot.

Study Finds 3 Laws Could Reduce Firearm Deaths By 90%

An anonymous reader writes: The study, published in The Lancet, used a cross-sectional, state-level dataset relating to a host of topics associated with firearm mortality including gun ownership and even unemployment from across the U.S. to examine the relationship between recorded gun deaths and gun-control legislation. The study found that some laws, such as those that restrict gun access to children through locks and age restrictions, were simply ineffective while others, such as the stand-your-ground law that allows individuals to use deadly force in self-defense, actually increase gun-related deaths significantly. According to the study's model, a federal law expanding background checks for all gun purchases could reduce the national gun death rate by 57%, lowering it from 10.35 to 4.46 per 100,000 people while background checks for all ammunition purchases could lower the rate by 81% to 1.99 per 100,000 and firearm identification could reduce it by 83% to 1.81 per 100,000. If the federal government implemented all three laws, the scholars predict that the overall national rate of firearm deaths would drop by over 90% to 0.16 per 100,000.

Read more of this story at Slashdot.

Children To Parents: 'Don't Post About Me On Facebook Without Asking Me'

HughPickens.com writes: Sites like Facebook and Instagram are now baked into the world of today's families. Many, if not most, new parents post images of their newborn online within an hour of birth, and some parents create social media accounts for the children themselves -- often to share photos and news with family, although occasionally in the pursuit of "Instafame" for their fashionably clad, beautifully photographed sons and daughters. Now, KJ Dell'Antonia writes in the NYT about the growing disconnect between parents and their children and the one surprising rule children want their parents to know: Don't post anything about me on social media without asking me. "As these children come of age, they're going to be seeing the digital footprint left in their childhood's wake," says Stacey Steinberg. "While most of them will be fine, some might take issue with it." Alexis Hiniker studied 249 parent-child pairs distributed across 40 states and found about three times more children than parents thought there should be rules about what parents shared on social media. "Twice as many children as parents expressed concerns about family members oversharing personal information about them on Facebook and other social media without permission," says co-author Sarita Schoenebeck. "Many children said they found that content embarrassing and felt frustrated when their parents continued to do it." When researchers asked kids what technology rules they wished their parents would follow -- a less common line of inquiry -- the answers fell into seven general categories: 1) Be present -- Children felt there should be no technology at all in certain situations, such as when a child is trying to talk to a parent. 2) Child autonomy -- Parents should allow children to make their own decisions about technology use without interference. 3) Moderate use -- Parents should use technology in moderation and in balance with other activities. 4) Supervise children -- Parents should establish and enforce technology-related rules for children's own protection. 5) Not while driving -- Parents should not text while driving or sitting at a traffic light. 6) No hypocrisy -- Parents should practice what they preach, such as staying off the Internet at mealtimes. 7) No oversharing -- Parents shouldn't share information online about their children without explicit permission.

Read more of this story at Slashdot.

VPN Provider's No-Logging Claims Tested In FBI Case

An anonymous reader writes from an article published on TorrentFreak: [A] criminal complaint details the FBI's suspicions that 25-year-old Preston McWaters had conveyed "false or misleading information regarding an explosive device." The FBI started digging and in February 2016 two search warrants against Twitter and Facebook required them to turn over information on several accounts. Both did and the criminal complaint makes it clear that the FBI believes that McWaters was behind the accounts and the threats. With McWaters apparently leaving incriminating evidence all over the place (including CCTV at Walmart where he allegedly purchased a pre-paid Tracfone after arriving in his own car), the FBI turned to IP address evidence available elsewhere. "During the course of the investigation, subpoenas and search warrants have been directed to various companies in an attempt to identify the internet protocol (IP) address from where the email messages are being sent," the complaint reads. "All the responses from [email provider] 1&1, Facebook, Twitter, and Tracfone have been traced by IP address back to a company named London Trust Media [doing business as] PrivateInternetAccess.com. A subpoena was sent to London Trust Media and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States," the FBI's complain reads. "However, London Trust did provide that they accept payment for their services through credit card with a vendor company of Stripe and/or Amazon. They also accept forms of payment online through PayPal, Bitpay, Bit Coin, Cash You, Ripple, Ok Pay, and Pay Garden." While McWaters is yet to be found guilty, it's a sad fact that some people will use anonymizing services such as VPNs, pre-paid phones and anonymous email providers to harass others. And thankfully, as this case shows, they'll need to hide a lot more than their IP address to get away with that level of crime.

Read more of this story at Slashdot.

U.S. Says North Korean Submarine Missing

An anonymous reader writes: The North Korean regime lost contact with one of its submarines earlier this week, three U.S. officials familiar with the latest information told CNN. According to CNN, the U.S. military had been observing the submarine operate off North Korea's east coast when the vessel stopped, and U.S. spy satellites, aircraft and ships have been secretly watching for days as the North Korean navy searched for the missing sub. The U.S. is unsure if the missing vessel is adrift under the sea or whether it has sunk, the officials said, but believes it suffered some type of failure during an exercise. This comes after North Korea has threatened to use nuclear weapons at any time and turn its military posture to "pre-emptive attack" mode.

Read more of this story at Slashdot.

Amazon Working On Education Platform To Offer Free Learning Materials

An anonymous reader writes: E-commerce giant Amazon is planning to launch a new education platform which would enable educators to upload, manage, share, and discover open education resources. Earlier this month, the company quietly opened an Amazon Education Wait List to allow educators to be alerted about the availability of the platform. The website currently reads, "The future of education is open. Someday soon, educators everywhere will have free and unlimited access to first-class course materials from a revolutionary platform. Get on the wait list to be notified when the platform is available for all schools and classrooms!" The webpage, do note, could be related to some other project. This isn't the first time Amazon has shown interest in the education sector. In 2013, it acquired TenMarks, a company that offers mathematics learning materials. Amazon, which lets you purchase or rent books for Kindle, is also a major name in the publishing world. Over the years, Apple, Google, and Microsoft have also become increasingly interested in seeing their hardware and software in classrooms.

Read more of this story at Slashdot.

Hotel Experience With Android Lightswitches

jones_supa writes: The hotel in which Matthew Garrett was staying at, had decided that light switches are unfashionable and replaced them with a series of Android tablets. In his tour to the system, one was quickly met with a glitch message "UK_bathroom isn't responding." Anyway, two of the tablets had convenient-looking ethernet cables plugged into the wall, so MacGyver began hacking. He managed to borrow a couple of USB ethernet adapters, set up a transparent bridge and then stick his laptop between the tablet and the wall. Tcpdump showed traffic, and Wireshark revealed that it was Modbus over TCP. Modbus is a pretty trivial protocol, and does not implement authentication. The Pymodbus tool could be used to control lights, turn the TV on/off, and even close and open the curtains. Then he noticed something. His room number was 714. The IP address he was communicating with was 172.16.207.14. They wouldn't, would they? Indeed, he could access the control systems on every floor and query other rooms to figure out whether the lights were on or not, which strongly implies that he could control them as well.

Read more of this story at Slashdot.

Windows 10 Upgrade Reportedly Starting Automatically On Windows 7 PCs

An anonymous reader writes: Many users have confirmed in the comment section of a popular reddit post that "Windows 7 computers are being reported as automatically starting the Windows 10 upgrade without permission." It's no secret that Microsoft wants users to upgrade to their new OS. Earlier in the year, Windows 10 was set as a 'recommended update' so when you install new security or bug patches, the new OS is selected by default as well. Terry Myerson, head of the OS group at Microsoft, warned users about the possibility of the OS automatically installing. "Depending upon your Windows Update settings, this may cause the upgrade process to automatically initiate on your device. Before the upgrade changes the OS of your device, you will be clearly prompted to choose whether or not to continue," he said. Whether or not the recent outcry is caused from users forgetting to deselect the Windows 10 upgrade in the update list or Microsoft updating Windows 7 PCs without users' permission, the good news is that you have 30 days to downgrade to the previous version of the OS.

Read more of this story at Slashdot.

Wi-Fi Hotspot Blocking Persists Despite FCC Crackdown

An anonymous reader writes: An examination of consumer complaints to the FCC over the past year and a half shows that the practice of Wi-Fi hotspot device blocking continues even though the agency has slapped organizations such as Marriott and Hilton more than $2 million in total for doing this. Venues argue they need to block hotspots for security reasons, but the FCC and consumers say the organizations are doing this to force people to pay for pricey Internet access. "Consumers who purchase cellular data plans should be able to use them without fear that their personal Internet connection will be blocked by their hotel or conference center," FCC Enforcement Bureau chief Travis LeBlanc said in a statement. "It is unacceptable for any hotel to intentionally disable personal hotspots while also charging consumers and small businesses high fees to use the hotel's own Wi-Fi network. This practice puts consumers in the untenable position of either paying twice for the same service or forgoing Internet access altogether." Consumers have filed many complaints about Wi-Fi hotspot blocking to the FCC.

Read more of this story at Slashdot.

TP-Link Blocks Open Source Router Firmware To Comply With FCC Rules

An anonymous reader points to an official announcement made by TP-Link, which confirms a report from last month that it is blocking open source firmware: The FCC requires all manufacturers to prevent users from having any direct ability to change RF parameters (frequency limits, output power, country codes, etc.) In order to keep our products compliant with these implemented regulations, TP-LINK is distributing devices that feature country-specific firmware. Devices sold in the United States will have firmware and wireless settings that ensure compliance with local laws and regulations related to transmission power. As a result of these necessary changes, users are not able to flash the current generation of open-source, third-party firmware. We are excited to see the creative ways members of the open-source community update the new firmware to meet their needs. However, TP-LINK does not offer any guarantees or technical support for customers attempting to flash any third-party firmware to their devices. Don't lose all your hopes yet. Developer Sebastian Gottschall, who works on DD-WRT Linux-based firmware, believes that TP-Link hasn't blocked third-party firmware. He adds, "Just the firmware header has been a little bit changed and a region code has been added. This has been introduced in September 2015. DD-WRT for instance does still provide compatible images... in fact it's no lock." Furthermore, Cisco insists that FCC's existing or proposed rules doesn't limit or eliminate the ability of a developer to use open source software.

Read more of this story at Slashdot.

Hertz Had Sheriffs On Hand the Day It Cut IT

dcblogs writes: About 300 Hertz IT employees, most located in Oklahoma City, are being impacted [by] a decision to expand its outsourcing to IBM. About 75 will be hired by IBM and those workers [are expected] to receive offers this week while others are facing layoffs. The news was a shock for IT employees. There was "anger, resentment," especially by employees who "sacrificed that work/life balance to keep things going here," said one employee. Hertz took precautions. On the day that IT employees learned that their work was shifting to IBM, employees noticed Oklahoma sheriff patrol vehicles in the building's parking lot. They believed plainclothes officers were inside the building. "We consider the safety and security of our people whenever there are circumstances or events that could increase the risk of a disturbance or some form of workplace violence," said Bill Masterson, a Hertz spokesman. "Knowing that this was a difficult announcement, we had additional security on hand," said Masterson. "Going forward, Hertz IT resources will be focused on development of future products and services for customers," he said. The majority of services will be cloud-based. According to the Computerworld article, along with severance pay, benefits also include three months of outplacement assistance. IT employees can receive up to $4,000 toward retraining or skill certification, said Masterson. IBM India Private Limited, a IBM subsidiary, has filed paper for H-1B visa workers for Hertz Technology offices.

Read more of this story at Slashdot.

The Source of All Major Android Banking Trojans Just Got Updated To V2

An anonymous reader writes: Apparently, during the past months it has started coming to the surface the fact that most top-tier Android malware was actually related, coming from a common malware variant called GM Bot, and sold for only $5,000 on underground hacking forums. Taking advantage of his new found glory, the coder behind that malware has now released a second version, three times the price of the first, complete with 3 exploits that can guarantee root access on older versions of Android (which are plenty thanks to [ignorant] OEMs and carriers). Some of the malware that originated from GM Bot includes: SimpleLocker (first crypto-ransomware for Android), AceCard (considered the most sophisticated Android malware to date), Bankosy and SlemBunk (banking trojan and backdoor), and Mazar Bot (banking trojan, backdoor and ransomware). To make things worse, GM Bot v1's source code also got leaked online, making it available to any halfwit developer that wants a crack at a cybercrime career.

Read more of this story at Slashdot.

Intel's Optane SSD Compatible With NVMe; Could Boost MacBook Storage Speeds By 1000x

More details have emerged about Intel's Optane, a new kind of memory and SSD that utilizes 3D Xpoint. The upcoming 3D Xpoint technology, which is supposedly 10 times denser than DRAM and 1,000 times faster than flash storage, will be compatible with NVMe, a storage protocol that allows an SSD to make effective use of a high-speed PCIe. Several MacBook Pro models already support NVMe technology. Apple is often among the first companies to adopt emerging standards and technologies, which has led many to believe that the Cupertino-based company might leverage Intel's Optane solid state drives for super fast performance speeds in its next batch of laptops. Apple is expected to announce the refreshed MacBook lineup sporting Intel Skylake processor later this year.

Read more of this story at Slashdot.

Alpha Go Takes the Match, 3-0

mikejuk writes: Google's AlphaGo has won the Deep Mind Challenge, by winning the third match in a row of five against the 18-time world champion Lee Se-dol. AlphaGo is now the number three Go player in the world and this is an event that will be remembered for a long time. Most AI experts thought that it would take decades to achieve but now we know that we have been on the right track since the 1980s or earlier. AlphaGo makes use of nothing dramatically new — it learned to play Go using a deep neural network and reinforcement learning, both developments on classical AI techniques. We know now that we don't need any big new breakthroughs to get to true AI. The results of the final two games are going to be interesting but as far as AI is concerned the match really is all over.

Read more of this story at Slashdot.