DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Security

About 90% of Smart TVs Vulnerable To Remote Hacking Via Rogue TV Signals (bleepingcomputer.com) 52

An anonymous reader quotes a report from Bleeping Computer: A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting -- Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Scheel's method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV's background processes, meaning users won't notice when an attacker compromises their TVs. The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA's Weeping Angel toolkit, which makes his work even more impressing. Furthermore, Scheel says that "about 90% of the TVs sold in the last years are potential victims of similar attacks," highlighting a major flaw in the infrastructure surrounding smart TVs all over the globe. At the center of Scheel's attack is Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable providers and smart TV makers that "harmonizes" classic broadcast, IPTV, and broadband delivery systems. TV transmission signal technologies like DVB-T, DVB-C, or IPTV all support HbbTV. Scheel says that anyone can set up a custom DVB-T transmitter with equipment priced between $50-$150, and start broadcasting a DVB-T signal.
IT

More Than Ever, Employees Want a Say in How Their Companies Are Run (qz.com) 162

Two readers share a report: While workers have traditionally looked to unions to address their grievances, a new generation is trusting in the power of petitions to force changes. At the Wall Street Journal, 160 reporters and editors, delivered a letter to their managers protesting the lack of women and minorities running the organization, Business Insider reported yesterday. "Nearly all the people at high levels at the paper deciding what we cover and how are white men," the letter read. IBM employees are circulating an online petition objecting to the tone of CEO Ginni Rometty's letter to US president Donald Trump, and calling on her affirm what they call the company's progressive values. [...] Other employee petitions call for Oracle to oppose US president Donald Trump's second travel ban, and to let men who work at US regional supermarket Publix grow beards. Employee petitions are now so popular there's a website, coworker.org, devoted to hosting them. In some cases, the campaigns work: Starbuck's relaxed its rules about visible tattoos and unnatural hair color for baristas after thousands signed petitions asking for a change. Sometimes, they fail disastrously. Interns at one (unnamed) company described in a blog about being fired en masse after signing a petition asking for a more relaxed dress code.
Android

What Killed Adobe Flash? (daringfireball.net) 200

An employee, who claims to have worked on the development of Flash, writes: Apparently, the world settled on the "One True Cause" for why Flash "died". Take for example this blogpost by John Gruber about FedEx... it ends with this consideration on Steve Jobs' "Thoughts on Flash": "If it had been an angry rant, it would have been easily dismissed without needing to be factually refuted -- "That's just Jobs being a prick again." The fact that it wasn't angry, and because it was all true, made it impossible to refute."

Impossible to refute. There's no doubt that this was the beginning of the end for Flash, right? Except that this is utterly wrong. I worked on Flash, and I worked on the thing that actually killed Flash. It is my strong belief, based on what I observed, that Steve Jobs' letter had little impact in the final decision -- it was really Adobe who decided to "kill" Flash. Yes, Flash was a bad rap for Adobe, and Steve's letter didn't help. But ultimately, what was probably decisive was the fact that developing Flash cost Adobe a ton of money.
John Gruber, responding to the blogpost: To be clear, I don't think Jobs's letter killed Flash. But I don't think Adobe did either. Eventually Adobe accepted Flash's demise. What killed Flash was Apple's decision not to support it on iOS, combined with iOS's immense popularity and the lucrative demographics of iOS users. If Jobs had never published "Thoughts on Flash", Flash would still be dead. The letter explained the decision, but the decision that mattered was never to support it on iOS in the first place. It's possible that Flash would have died even if Apple had decided to allow it on iOS. Android tried that, and the results were abysmal. Web page scrolling stuttered, and video playback through Flash Player halved battery life compared to non-Flash playback.
Oracle

Oracle Hires Global Specialists To Explore Feasibility of Buying Accenture 58

Paul Kunert writes in an exclusive report via The Register: Oracle has hired global specialists to explore the feasibility of buying multi-billion dollar consultancy Accenture, sources have told us. The database giant has engaged a team of consultants to conduct due diligence to "explore the synergies that could be created if they [Oracle] bought Accenture lock stock and barrel," one source claimed. On top of the financial considerations, the consultants are evaluating the pros and cons including the potential impact on Oracle's wider channel. "While these things have a habit of fizzling out there are some fairly serious players around the table," a contact added. Another claimed the process was at an early stage. "If buying Accenture was a 100 meter race, Oracle is at the 10 to 15 meter stage now." [T]his buy would be an immensely bold, complicated and pricey move: NYSE-listed Accenture has a market cap of $77.5 billion, and shareholders will expect a premium offer. A deal would dwarf Oracle's $10 billion buy of PeopleSoft, its $7.4 billion deal for Sun Microsystems, and more recently, the $9.3 billion splashed on Netsuite. In buying Accenture, Oracle would be taking a leaf out of the mid-noughties handbook - when HP fatefully bought EDS and IBM acquired PWC to carve out a brighter future.
Businesses

DJI Proposes New Electronic 'License Plate' For Drones (digitaltrends.com) 101

linuxwrangler writes: Chinese drone maker DJI proposed that drones be required to transmit a unique identifier to assist law enforcement to identify operators where necessary. Anyone with an appropriate receiver could receive the ID number, but the database linking the ID with the registered owner would only be available to government agencies. DJI likens this to a license plate on a car and offers it as a solution to a congressional mandate that the FAA develop methods to remotely identify drone operators. "The best solution is usually the simplest," DJI wrote in a white paper on the topic, which can be downloaded at this link. "The focus of the primary method for remote identification should be on a way for anyone concerned about a drone flight in close proximity to report an identifier number to the authorities, who would then have the tools to investigate the complaint without infringing on operator privacy. [...] No other technology is subject to mandatory industry-wide tracking and recording of its use, and we strongly urge against making UAS the first such technology. The case for such an Orwellian model has not been made. A networked system provides more information than needed, to people who don't require it, and exposes confidential business information in the process."
Government

Hong Kong Government Loses Laptops Containing Personal Data of 3.7 Million Voters (hongkongfp.com) 19

New submitter fatp writes: Hong Kong Free Press reports that the Registration and Electoral Office (REO) has lost two laptops containing the personal data of all 3.7 million voters after the chief executive election [on Sunday]. The REO said "the personal data was encrypted and there was no evidence that it had been leaked." Only 1,194 people had right to vote in the election.
Software

Ask Slashdot: What's the Best Working Environment For a Developer? 351

New submitter Dorgendubal writes: I work for a company with more than a thousand developers and I'm participating in activities aimed at improving the work experience of developers. Our developers receive an ultrabook that is rather powerful but not really adapted for development (no admin rights, small storage capacity, restrictive security rules, etc.). They also have access to VDIs (more flexibility) but often complain of performance issues during certain hours of the day. Overall, developers want to have maximum autonomy, free choice of their tools (OS, IDE, etc.) and access to internal development environments (PaaS, GIT repositories, continuous delivery tools, etc.) . We recently had a presentation of VMWare on desktop and application virtualization (Workstation & Horizon), which is supposedly the future of the desktops. It sounds interesting on paper but I remain skeptical.

What is the best working environment for a developer, offering flexibility, performance and some level of free choice, without compromising security, compliance, licensing (etc.) requirements? I would like you to share your experiences on BYOD, desktop virtualization, etc. and the level of satisfaction of the developers.
Databases

Facial Recognition Database Used By FBI Is Out of Control, House Committee Hears (theguardian.com) 90

The House oversight committee claims the FBI's facial recognition database is out of control, noting that "no federal law controls this technology" and "no court decision limits it." At last week's House oversight committee hearing, politicians and privacy campaigners presented several "damning facts" about the databases. "About 80% of photos in the FBI's network are non-criminal entries, including pictures from driver's licenses and passports," reports The Guardian. "The algorithms used to identify matches are inaccurate about 15% of the time, and are most likely to misidentify black people than white people." From the report: "Facial recognition technology is a powerful tool law enforcement can use to protect people, their property, our borders, and our nation," said the committee chair, Jason Chaffetz, adding that in the private sector it can be used to protect financial transactions and prevent fraud or identity theft. "But it can also be used by bad actors to harass or stalk individuals. It can be used in a way that chills free speech and free association by targeting people attending certain political meetings, protests, churches, or other types of places in the public." Furthermore, the rise of real-time face recognition technology that allows surveillance and body cameras to scan the faces of people walking down the street was, according to Chaffetz, "most concerning." "For those reasons and others, we must conduct proper oversight of this emerging technology," he said.
Microsoft

Microsoft Yanks Docs.com Search After Complaints of Exposed Sensitive Files (zdnet.com) 55

Microsoft has quietly removed a feature on its document sharing site Docs.com that allowed anyone to search through millions of files for sensitive and personal information. From a report on ZDNet: Users had complained over the weekend on Twitter that anyone could use the site's search box to trawl through publicly-accessible documents and files stored on the site, which were clearly meant to remain private. Among the files reviewed by ZDNet, and seen by others who tweeted about them, included password lists, job acceptance letters, investment portfolios, divorce settlement agreements, and credit card statements -- some of which contained Social Security and driving license numbers, dates of birth, phone numbers, and email and postal addresses. The company removed the site's search feature late on Saturday, but others observed that the files were still cached in Google's search results, as well as Microsoft's own search engine, Bing.
Government

Laptop Ban on Planes Came After Plot To Put Explosives in iPad (theguardian.com) 278

Last week, United States and United Kingdom officials announced new restrictions for airline passengers from eight Middle Eastern countries, forbidding passengers to carry electronics larger than a smartphone into an airplane cabin. Now The Guardian reports, citing a security source, the ban was prompted in part by a plot involving explosives hidden in a fake iPad. From the report: The security source said both bans were not the result of a single specific incident but a combination of factors. One of those, according to the source, was the discovery of a plot to bring down a plane with explosives hidden in a fake iPad that appeared as good as the real thing. Other details of the plot, such as the date, the country involved and the group behind it, remain secret. Discovery of the plot confirmed the fears of the intelligence agencies that Islamist groups had found a novel way to smuggle explosives into the cabin area in carry-on luggage after failed attempts with shoe bombs and explosives hidden in underwear. An explosion in a cabin (where a terrorist can position the explosive against a door or window) can have much more impact than one in the hold (where the terrorist has no control over the position of the explosive, which could be in the middle of luggage, away from the skin of the aircraft), given passengers and crew could be sucked out of any subsequent hole.
Microsoft

Class Action Lawsuit Launched Over Forced Windows 10 Upgrades (courthousenews.com) 346

Slashdot reader AmiMoJo quotes The Register: Three people in Illinois have filed a lawsuit against Microsoft, claiming that its Windows 10 update destroyed their data and damaged their computers. The complaint, filed in Chicago's U.S. District Court on Thursday, charges that Microsoft Windows 10 [installer] is a defective product, and that its maker failed to provide adequate warning about the potential risks posed by Windows 10 installation -- specifically system stability and data loss... The attorneys representing the trio are seeking to have the case certified as a class action that includes every person in the U.S. who upgraded to Windows 10 from Windows 7 and suffered data loss or damage to software or hardware within 30 days of installation. They claim there are hundreds or thousands of affected individuals.
Microsoft responded that they'd offered free customer service and other support options for "the upgrade experience," adding "We believe the plaintiffs' claims are without merit." But the complaint argues Windows 10's installer "does not check the condition of the PC and whether or not the hard drive can withstand the stress of the Windows 10 installation," according to Courthouse News, which adds that the lead plaintiff "says her hard drive failed after Windows 10 installed without her express approval, and she had to buy a new computer."
Encryption

After 20 Years, OpenSSL Will Change To Apache License 2.0, Seeks Past Contributors (openssl.org) 107

After nearly 20 years and 31,000 commits, OpenSSL wants to change to Apache License v2.0. They're now tracking down all 400 contributors to sign new license agreements, a process expected to take several months. Slashdot reader rich_salz shares links to OpenSSL's official announcement (and their agreement-collecting web site). "This re-licensing activity will make OpenSSL, already the world's most widely-used FOSS encryption software, more convenient to incorporate in the widest possible range of free and open source software," said Mishi Choudhary, Legal Director of Software Freedom Law Center and counsel to OpenSSL. "OpenSSL's team has carefully prepared for this re-licensing, and their process will be an outstanding example of 'how to do it right.'"
Click through for some comments on the significance of this move from the Linux Foundation, Intel, and Oracle.
United Kingdom

London Terrorist Used WhatsApp, UK Calls For Backdoors (yahoo.com) 357

Wednesday 52-year-old Khalid Masood "drove a rented SUV into pedestrians on Westminster Bridge before smashing it into Parliament's gates and rushing onto the grounds, where he fatally stabbed a policeman and was shot by other officers," writes the Associated Press. An anonymous reader quotes their new report: Westminster Bridge attacker Khalid Masood sent a WhatsApp message that cannot be accessed because it was encrypted by the popular messaging service, a top British security official said Sunday. British press reports suggest Masood used the messaging service owned by Facebook just minutes before the Wednesday rampage that left three pedestrians and one police officer dead and dozens more wounded.... Home Secretary Amber Rudd used appearances on BBC and Sky News to urge WhatsApp and other encrypted services to make their platforms accessible to intelligence services and police trying to carrying out lawful eavesdropping. "We need to make sure that organizations like WhatsApp -- and there are plenty of others like that -- don't provide a secret place for terrorists to communicate with each other," she said...

Rudd also urged technology companies to do a better job at preventing the publication of material that promotes extremism. She plans to meet with firms Thursday about setting up an industry board that would take steps to make the web less useful to extremists.

Businesses

Over 14K 'Let's Encrypt' SSL Certificates Issued To PayPal Phishing Sites (bleepingcomputer.com) 250

BleepingComputer reports: During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word 'PayPal' in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites, according to an analysis carried out on a small sample of 1,000 domains, by Vincent Lynch, encryption expert for The SSL Store... Lynch, who points out the abuse of Let's Encrypt's infrastructure, doesn't blame the Certificate Authority (CA), but nevertheless, points out that other CAs have issued a combined number of 461 SSL certificates containing the term "PayPal" in the certificate information, which were later used for phishing attacks... Phishers don't target these CAs because they're commercial services, but also because they know these organizations will refuse to issue certificates for certain hot terms, like "PayPal," for example. Back in 2015, Let's Encrypt made it clear in a blog post it doesn't intend to become the Internet's HTTPS watchdog.
Of course, some web browsers don't even check whether a certificate has been revoked. An anonymous reader writes: Browser makers are also to blame, along with "security experts" who tell people HTTPS is "secure," when they should point out HTTPS means "encrypted communication channel," and not necessarily that the destination website is secure.
Robotics

US Workers Face A Higher Risk Of Being Replaced By Robots (cnn.com) 276

There's a surprising prediction for the next 15 years from the world's second largest professional services firm. An anonymous reader quotes CNN: Millions of workers around the world are at risk of losing their jobs to robots -- but Americans should be particularly worried. Thirty-eight percent of jobs in the U.S. are at high risk of being replaced by robots and artificial intelligence over the next 15 years, according to a new report by PwC. Meanwhile, only 30% of jobs in the U.K. are similarly endangered. The same level of risk applies to only 21% of positions in Japan.
61% of America's financial service jobs "are at a high risk of being replaced by robots," according to the article, vs. just 32% of the finance jobs in the U.K. (Those U.S. finance jobs tend to be "domestic retail operations" like small-town bank tellers, whereas U.K. finance jobs concentrate more in international finance and investment banking.) The firm's chief economist sees a world where new jobs are more likely to go to higher-skilled workers, and he ultimately predicts "a restructuring of the jobs market... The gap between rich and poor could get even wider."
Businesses

Comcast Launches New 24/7 Workplace Surveillance Service (philly.com) 152

America's largest ISP just rolled out a new service that allows small and medium-sized business owners "to oversee their organization" with continuous video surveillance footage that's stored in the cloud -- allowing them to "improve efficiency." An anonymous reader quotes the Philadelphia Inquirer: Inventory is disappearing. Workplace productivity is off. He said/she said office politics are driving people crazy. Who you gonna call...? Comcast Business hopes it will be the one, with the "SmartOffice" surveillance offering formally launched this week in Philadelphia and across "70 percent of our national [internet] service footprint," said Christian Nascimento, executive director of premise services for the Comcast division. Putting a "Smart Cities" (rather than "Big Brother is watching you") spin on "the growing trend for...connected devices across the private and public sectors," the SmartOffice solution "can provide video surveillance to organizations that want to monitor their locations more closely," Nascimento said...
The surveillance cameras are equipped with zoom lenses, night-vision, motion detection, and wide-angle lenses, while an app allows remote access to the footage from smartphones and tablets (though the footage can also be downloaded, or stored online for up to a month). Last year Comcast was heavily involved in an effort to provide Detroit's police department with real-time video feeds from over 120 local businesses, which the mayor said wouldn't have been successful "Without the complete video technology system Comcast provides."
Security

Anti-Virus Vendors Scramble To Patch Hijacking Exploit Involving Microsoft Tool (securityweek.com) 48

"A zero-day attack called Double Agent can take over antivirus software on Windows machines," Network World reported Wednesday. wiredmikey writes: The attack involves the Microsoft Application Verifier, a runtime verification tool for unmanaged code that helps developers find subtle programming errors in their applications... [The exploit] allows a piece of malware executed by a privileged user to register a malicious DLL for a process associated with an antivirus or other endpoint security product, and hijack its agent.
Patches were released by Malwarebytes, AVG, and Trend Micro, the security researchers told BleepingComputer earlier this week. Kaspersky Lab told ZDNet "that measures to detect and block the malicious scenario have now been added to all its products," while Norton downplayed the exploit, saying the attack "would require physical access to the machine and admin privileges to be successful," with their spokesperson "adding that it has deployed additional detection and blocking protections in the unlikely event users are targeted."

BetaNews reports that the researchers "say that it is very easy for antivirus producers to implement a method of protection against this zero-day, but it is simply not being done. 'Microsoft has provided a new design concept for antivirus vendors called Protected Processes...specially designed for antivirus services...the protected process infrastructure only allows trusted, signed code to load and has built-in defense against code injection attacks.'"
Government

After Healthcare Defeat, Can The Trump Administration Fix America's H-1B Visa Program? (bloomberg.com) 543

Friday the Trump administration suffered a political setback when divisions in the president's party halted a move to repeal healthcare policies passed in 2010. But if Trump hopes to turn his attention to how America's H-1B visa program is affecting technology workers, "time is running out," writes Slashdot reader pteddy. Bloomberg reports: [T]he application deadline for the most controversial visa program is the first week of April, which means new rules have to be in place for that batch of applicants or another year's worth of visas will be handed out under the existing guidelines... There probably isn't enough time to pass legislation on such a contentious issue. But Trump could sign an executive order with some changes. The article points out that under the current system, one outsourcing firm was granted 6.5 times as many U.S. visas as Amazon. There's also an interesting map showing which countries' workers received the most H-1B visas in 2015 -- 69.4% went to workers in India, with another 10.5% going to China -- and a chart showing which positions are most in demand, indicating that two-thirds of the visa applications are for tech workers.
Stats

Stack Overflow Reveals Results From 'Largest Developer Survey Ever Conducted' (stackoverflow.com) 139

More than 64,000 developers from 213 countries participated in this year's annual survey by Stack Overflow -- the largest number ever -- giving a glimpse into the collective psyche of programmers around the world. An anonymous reader quotes their announcement: A majority of developers -- 56.5% -- said they were underpaid. Developers who work in government and non-profits feel the most underpaid, while those who work in finance feel the most overpaid... While only 13.1% of developers are actively looking for a job, 75.2% of developers are interested in hearing about new job opportunities...

When asked what they valued most when considering a new job, 53.3% of respondents said remote options were a top priority. 65% of developers reported working remotely at least one day a month, and 11.1% say they're full-time remote or almost all the time. Also, the highest job satisfaction ratings came from developers who work remotely full-time.

62.5% of the respondents reported using JavaScript, while 51.2% reported SQL, with 39.7% using Java and 34.1% using C# -- but for the #5 slot, "the use of Python [32.0%] overtook PHP [28.1%] for the first time in five years." Yet as far as which languages developers wanted to continue using, "For the second year in a row, Rust was the most loved programming language... Swift, last year's second most popular language, ranked as fourth. For the second year in a row, Visual Basic (for 2017, Visual Basic 6, specifically) ranked as the most dreaded language; 88.3% of developers currently using Visual Basic said they did not want to continue using it."
China

Microsoft Delivers Secure China-Only Cut of Windows 10 (theregister.co.uk) 98

Earlier this week, CEO of Microsoft Greater China, Alain Crozier, told China Daily that the company is ready to roll out a version of Windows 10 with extra security features demanded by China's government. "We have already developed the first version of the Windows 10 government secure system. It has been tested by three large enterprise customers," Crozier said. The Register reports: China used Edward Snowden's revelations to question whether western technology products could compromise its security. Policy responses included source code reviews for foreign vendors and requiring Chinese buyers to shop from an approved list of products. Microsoft, IBM and Intel all refused to submit source code for inspection, but Redmond and Big Blue have found other ways to get their code into China. IBM's route is a partnership with Dalian Wanda to bring its cloud behind the Great Firewall. Microsoft last year revealed its intention to build a version of Windows 10 for Chinese government users in partnership with state-owned company China Electronics Technology Group Corp. There's no reason to believe Crozier's remarks are incorrect, because Microsoft has a massive incentive to deliver a version of Windows 10 that China's government will accept. To understand why, consider that China's military has over two million active service personnel, the nation's railways employ similar numbers and Microsoft's partner China Electronics Technology Group Corp has more than 140,000 people on its books. Not all of those are going to need Windows, but plenty will.

Slashdot Top Deals