"Don't let the millennial buzz fool you. Older workers handle and adapt to new systems better than younger people," writes CIO magazine. Slashdot reader itwbennett writes: A survey by London-based market research firm Ipsos Mori, sponsored by Dropbox, found that older workers are less likely to find using technology in the workplace stressful and experience less trouble working with multiple devices than the younger cohort.
Millennials "are used to using tech in their personal lives that's pretty darn good," suggests one Dropbox executive, "and that raises the expectations of what tech can be in their professional lives... So younger people will feel frustration at tools that are not up to snuff." Out of 4,000 information workers who were surveyed in the U.S. and Europe, 37% of the 18-34-year-old group reported trouble with multiple devices, compared to just 13% of respondents over 55.
Popular operating systems by Microsoft, Apple, and Google could possibly soon nuke torrents downloaded (PDF, non-English language) from The Pirate Bay and other websites that offer copyright infringing content, warns a report published by Black Market Watch and the Global Initiative against Transnational Organized Crime. The report adds that the aforementioned companies are in an ideal position to deter piracy, and could be requested by the authority to put a system in place to block pirated content on the operating system level. Via a TorrentFreak report: "Other players that possess the potential ability to limit piracy are the companies that own the major operating systems which control computers and mobile devices such as Apple, Google and Microsoft," one of the main conclusions reads. "The producers of operating systems should be encouraged, or regulated, for example, to block downloads of copyright infringing material," the report adds. The report references last year's Windows 10 controversy, noting that these concerns were great enough for some torrent sites to block users with the new operating system. While Sweden doesn't have enough influence to make an impact on these global software manufacturers, applying pressure through the international community and trade groups may have some effect.
An anonymous reader quotes a report from KABC-TV: In the midst of a five-hour standoff that turned deadly, Facebook granted an emergency request from the Baltimore County Police Department to take offline the social media accounts belonging to a woman who wielded a shotgun at officers. Baltimore County Police officers shot and killed Korryn Gaines, 23, after she barricaded herself inside her Randallstown apartment with her 5-year-old son and pointed a shotgun at officers attempting to serve an arrest warrant. Police Chief Jim Johnson said Tuesday that the department made the emergency request to have Gaines' social media accounts suspended after she posted videos online showing the standoff. People who saw the postings, Johnson said, responded by encouraging her to not comply with police. Videos posted on Facebook and Instagram appeared to show Gaines, who was black, talking with police in the doorway to her apartment and to her son during the standoff. The standoff Monday began after three officers went to Gaines' apartment to serve arrest warrants on her and her boyfriend, Kareem K. Courtney, 39, according to police. Gaines' bench warrant stemmed from charges during a March 10 stop, including disorderly conduct and resisting arrest. Authorities said she was armed with a 12-gauge pistol grip shotgun that was legally purchased last year and toward the end of the negotiations pointed it directly at an officer and said, "If you don't leave, I'm going to kill you." An officer shot at her and Gaines fired two shots, but missed the officers, who returned fire and killed her, police said. Facebook's policy says that it may grant law enforcement permission to suspend accounts in cases where there is a substantial risk of harm. Facebook has received roughly 855 requests for emergency disclosures of information to government agencies due to the threat of harm or violence between July and December 2015, according to their Government Request Report. About 73 percent of those requests were granted.
At least some applications on Fosshub, a free project hosting service appear to have been compromised, according to several reports. (Update: Fosshub has acknowledged the hack.) The software portal, furthermore, is serving malware payloads, reports add. Catalin Cimpanu of Softpedia says that a hacking group which goes by the name of PeggleCrew is responsible for the hack. "In short, a network service with no authentication was exposed to the internet," the hacker told Softpedia in an email. "We were able to grab data from this network service to obtain source code and passwords that led us further into the infrastructure of FOSSHub and eventually gain control of their production machines, backup and mirror locations, and FTP credentials for the caching service they use, as well as the Google Apps-hosted email." The hacker group told the publication that they have compromised the entire website, "including the administrator's email. He also revealed he didn't dump the site's database but claimed that "passwords weren't salted." A user on Reddit, who has since received lots of upvotes, adds: Some popular apps that have links to FossHub that may be infected include: Audacity, WinDirStat, qBittorrent, MKVToolNix, Spybot Search&Destroy, Calibre, SMPlayer, HWiNFO, MyPhoneExplorer, and IrfanView.Another application which has reportedly been compromised is Classic Shell. It is ostensibly overwriting the MBR on users' computers. Many users are upset with the timing of hack, noting that plenty of people were looking for Classic Shell amid the release of Windows 10 Anniversary Update. Update: 08/03 17:30 GMT by M :In a blog post, Audacity said that Fosshub was serving a hacked copy of its audio editing software for three hours. It adds that "no Audacity Team infrastructure was compromised." Fosshub team writes: Last night we had a security incident caused by a group of hackers that allowed them to log-in to FossHub developer *through* an user that was compromised. Shortly after, we noticed two users that were compromised. They simply logged-in using their passwords and this allowed them to escalate. [...] Several hours later, we noticed the attackers were able to gain access through an FTP account and we decided to shut down the main server immediately to prevent any further infection/damage. FossHub.com is down on purpose until we are able to identify the way hackers were able to escalate. Fosshub insists that the hacked copy of Classic Shell was only downloaded 300 times. In the meantime, if you know someone who may have downloaded the compromised copy of Classic Shell, here's what they need to do next.
Enlarge / FTC Chief Technologist Lorrie Cranor speaking at PasswordsCon 2016, part of the Bsides security conference in Las Vegas.
Shortly after Carnegie Mellon University professor Lorrie Cranor became chief technologist at the Federal Trade Commission in January, she was surprised by an official agency tweet that echoed some oft-repeated security advice. It read: "Encourage your loved ones to change passwords often, making them long, strong, and unique." Cranor wasted no time challenging it.
The reasoning behind the advice is that an organization's network may have attackers inside who have yet to be discovered. Frequent password changes lock them out. But to a university professor who focuses on security, Cranor found the advice problematic for a couple of reasons. For one, a growing body of research suggests that frequent password changes make security worse. As if repeating advice that's based more on superstition than hard data wasn't bad enough, the tweet was even more annoying because all six of the government passwords she used had to be changed every 60 days.
"I saw this tweet and I said, 'Why is it that the FTC is going around telling everyone to change their passwords?'" she said during a keynote speech at the BSides security conference in Las Vegas. "I went to the social media people and asked them that and they said, 'Well, it must be good advice because at the FTC we change our passwords every 60 days."
When the Republican presidential nominee Donald Trump asked Russia -- wittingly or otherwise -- to launch hack attacks to find Hillary Clinton's missing emails, it caused a stir of commotion. Russia is allegedly behind DNC's leaked emails. But The Washington Post is reminding us that U.S.'s efforts in the cyber-security world aren't much different. (could be paywalled; same article syndicated elsewhere From the report: The U.S. approach to this digital battleground is pretty advanced. For example: Did you know that the military uses its submarines as underwater hacking platforms? In fact, subs represent an important component of America's cyber strategy. They act defensively to protect themselves and the country from digital attack, but -- more interestingly -- they also have a role to play in carrying out cyberattacks, according to two U.S. Navy officials at a recent Washington conference. "There is a -- an offensive capability that we are, that we prize very highly," said Rear Adm. Michael Jabaley, the U.S. Navy's program executive officer for submarines. "And this is where I really can't talk about much, but suffice to say we have submarines out there on the front lines that are very involved, at the highest technical level, doing exactly the kind of things that you would want them to do." The so-called "silent service" has a long history of using information technology to gain an edge on America's rivals. In the 1970s, the U.S. government instructed its submarines to tap undersea communications cables off the Russian coast, recording the messages being relayed back and forth between Soviet forces. (The National Security Agency has continued that tradition, monitoring underwater fiber cables as part of its globe-spanning intelligence-gathering apparatus. In some cases, the government has struck closed-door deals with the cable operators ensuring that U.S. spies can gain secure access to the information traveling over those pipes.) These days, some U.S. subs come equipped with sophisticated antennas that can be used to intercept and manipulate other people's communications traffic, particularly on weak or unencrypted networks. "We've gone where our targets have gone" -- that is to say, online, said Stewart Baker, the National Security Agency's former general counsel, in an interview. "Only the most security-conscious now are completely cut off from the Internet." Cyberattacks are also much easier to carry out than to defend against, he said.
Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available. Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol. This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading. What do you use?Let's get this going.
Reader BobSwi writes: More changes in the Windows Anniversary update, due August 2nd, are being discovered. After yesterday's news about Cortana not able to be turned off in the Windows Anniversary update, certain registry entries and group policies have been found to be updated with a note stating that they only apply to Enterprise and Education editions. Win 10 Pro users will no longer be able to turn off policies such as the Microsoft Consumer Experience, Show Windows Tips, Do not display the lock screen, and Disable all apps from the Windows Store.
IEEE Spectrum, a highly regarded magazine edited by the Institute of Electrical and Electronics Engineers, has released its annual programming languages list, sharing with the world how several languages fared against each other. To assess the languages the publication says it worked with a data journalist and looked into 10 online sources -- including social chatter, open-source code production, and job postings. The publication has rated C as the top programming language this year, followed by Java, Python, C++, and R. From their article:After two years in second place, C has finally edged out Java for the top spot. Staying in the top five, Python has swapped places with C++ to take the No. 3 position, and C# has fallen out of the top five to be replaced with R. R is following its momentum from previous years, as part of a positive trend in general for modern big-data languages that Diakopoulos analyses in more detail here. Google and Apple are also making their presence felt, with Google's Go just beating out Apple's Swift for inclusion in the Top Ten. Still, Swift's rise is impressive, as it's jumped five positions to 11th place since last year, when it first entered the rankings. Several other languages also debuted last year, a marked difference from this year, with no new languages entering the rankings.The publication has explained in detail the different metrics it uses to evaluate a language.
An anonymous reader quotes a report from NY Daily News: Federal officials charged a $3.5 billion Malaysian money-laundering scheme helped finance the Leonardo DiCaprio movie "Wolf of Wall Street" -- the Hollywood tale that parallels the corruption charges. U.S. officials seek to recover $1.3 billion of the missing funds, including profits from the Martin Scorsese-directed movie that earned five Oscar nominations. The conspirators used some of their illicit cash to fund Scorsese's tale of "a corrupt stockbroker who tried to hide his own illicit profits in a perceived foreign safe haven," said U.S. Assistant Attorney General Leslie Caldwell. DiCaprio famously played the lead role of convicted fraudster Jordan Belfort, who was ordered to repay $110 million to 1,500 victims of his scam. The identified conspirators included movie producer Riza Shahriz Abdul Aziz, the prime minister's stepson, and businessman Low Taek John, a friend of Najib's family. A third scammer identified only as "Malaysian Official 1" was widely believed to be Najib. Court papers indicated that $681 million from a 2013 bond sale went directly into the official's private account. The nation's attorney-general, Mohamed Apandi, came to Najib's defense Thursday, expressing his "strong concerns at the insinuations and allegations" brought against the 1Malaysia Development Berhad (1MDB). Apandi's office, after investigating the $681 million bank deposit, announced in January that the funds were a donation from the Saudi royal family. The prime minister wound up returning most of the cash. Federal officials, in their California court filing, indicated they were hoping to seize proceeds from the 2013 movie, along with luxury properties in New York and California, artwork by Vincent Van Gogh and Claude Monet, and a $35 million private jet. Investigations of 1MDB are already underway in Switzerland and Singapore, with officials in the latter announcing Thursday that they had seized assets worth $176 million. This is shaping up to be the largest U.S. Justice Department asset recovery action in history.
For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle.
The vulnerability resides in the Windows Print Spooler, which manages the process of connecting to available printers and printing documents. A protocol known as Point-and-Print allows people who are connecting to a network-hosted printer for the first time to automatically download the necessary driver immediately before using it. It works by storing a shared driver on the printer or print server and eliminates the hassle of the user having to manually download and install it.
Researchers with security firm Vectra Networks discovered that the Windows Print Spooler doesn't properly authenticate print drivers when installing them from remote locations. The failure makes it possible for attackers to use several different techniques that deliver maliciously modified drivers instead of the legitimate one provided by the printer maker. The exploit effectively turns printers, printer servers, or potentially any network-connected device masquerading as a printer into an internal drive-by exploit kit that infects machines whenever they connect.
A day after the Brexit, former UK Independence Party (UKIP) leader Nigel Farage admitted he had misled the public on a key issue. He admitted that UK's alleged 350M Euro weekly contribution to the EU would not be directed to the National Health Service, and that this commitment was never made official. Journalists worldwide tweeted photos of the campaign ads -- posted in conspicuous places like the sides of buses -- debunking the lie. This incident illustrates the need for more political fact-checking as a public service, to enable the voters to make more informed and rational decisions about matters affecting their daily lives. Fact-checking is supposed to be a part of the normal journalistic process. When gathering information, a journalist should verify its accuracy. The work is then vetted by an editor, a person with more professional experience who may correct or further amend some of the information. A long-form article on The Guardian today underscores the challenges publications worldwide are facing today -- most of them don't have the luxury to afford a fact-checker (let alone a team of fact-checkers), and the advent of social media and forums and our reliance (plenty of people get their news on social media now) have made it increasingly difficult to vet the accuracy of anything that is being published. From The Guardian article:When a fact begins to resemble whatever you feel is true, it becomes very difficult for anyone to tell the difference between facts that are true and "facts" that are not.Global Voices' adds:But the need for fact-checking hasn't gone away. As new technologies have spawned new forms of media which lend themselves to the spread of various kinds of disinformation, this need has in fact grown. Much of the information that's spread online, even by news outlets, is not checked, as outlets simply copy-past -- or in some instances, plagiarize -- "click-worthy" content generated by others. Politicians, especially populists prone to manipulative tactics, have embraced this new media environment by making alliances with tabloid tycoons or by becoming media owners themselves. The other issue is that many people do not care about the source of the information, and it has become increasingly hard to tell whether a news article you saw on your Facebook is credible or not. This, coupled with how social networking websites game the news feed to show you what you are likely to find interesting as opposed to giving you news from trustworthy sources, has made things even worse. As you may remember, Facebook recently noted that it is making changes to algorithms to show you updates from friends instead of news articles from publications you like. The Guardian adds:Algorithms such as the one that powers Facebook's news feed are designed to give us more of what they think we want -- which means that the version of the world we encounter every day in our own personal stream has been invisibly curated to reinforce our pre-existing beliefs. [...] In the news feed on your phone, all stories look the same -- whether they come from a credible source or not. And, increasingly, otherwise-credible sources are also publishing false, misleading, or deliberately outrageous stories.
Here is the front door of a fictitious social networking site that study participants thought was real. All participants, US university students, agreed to terms that included demanding their first born as payment. The privacy policy they all checked off said their data would be shared with the NSA and employers. (credit: Biggest Lie on the Internet)
A recent study concludes what everybody already knows: nobody reads the lengthy terms of service and privacy policies that bombard Internet users every day. Nobody understands them. They're too long, and they often don't make sense.
A study out this month made the point all too clear. Most of the 543 university students involved in the analysis didn't bother to read the terms of service before signing up for a fake social networking site called "NameDrop" that the students believed was real. Those who did glossed over important clauses. The terms of service required them to give up their first born, and if they don't yet have one, they get until 2050 to do so. The privacy policy said that their data would be given to the NSA and employers. Of the few participants who read those clauses, they signed up for the service anyway.
"This brings us to the biggest lie on the Internet, which anecdotally, is known as 'I agree to these terms and conditions,'" the study found.
An anonymous Slashdot reader writes:
"The code that took America to the moon was just published to GitHub, and it's like a 1960s time capsule," reports Quartz. Two lines of code include the comment "# TEMPORARY, I HOPE HOPE HOPE," and there's also a quote from Shakespeare's play Henry VI. In addition, the keyboard and display system program is named PINBALL_GAME_BUTTONS_AND_LIGHT, and "There's also code that appears to instruct an astronaut to 'crank the silly thing around.'"
A former NASA intern uploaded the thousands of lines of assembly code to GitHub, working from a 2003 transcription made from scans inherited by MIT from a Colorado airplane pilot, and developers are already using GitHub to submit funny issue tickets for the 40-year-old code -- for example, "Extension pack for picking up Matt Damon". Another issue complains that "A customer has had a fairly serious problem with stirring the cryogenic tanks with a circuit fault present." Because this issue succinctly describes the Apollo 13 mission in 1970, the issue has been marked "closed".
