Slashdot Mirror

In 2011 a gynecology doctor took his computer for repairs at Best Buy's Geek Squad. But the repair technician was a paid FBI informant -- one of several working at Geek Squad -- and the doctor was ultimately charged with possessing child pornography, according to OC Weekly. An anonymous reader quotes their new report: Recently unsealed records reveal a much more extensive secret relationship than previously known between the FBI and Best Buy's Geek Squad, including evidence the agency trained company technicians on law-enforcement operational tactics, shared lists of targeted citizens and, to covertly increase surveillance of the public, encouraged searches of computers even when unrelated to a customer's request for repairs. Assistant United States Attorney M. Anthony Brown last year labeled allegations of a hidden partnership as "wild speculation." But more than a dozen summaries of FBI memoranda filed inside Orange County's Ronald Reagan Federal Courthouse this month in USA v. Mark Rettenmaier contradict the official line...

Other records show how [Geek Squad supervisor Justin] Meade's job gave him "excellent and frequent" access for "several years" to computers belonging to unwitting Best Buy customers, though agents considered him "underutilized" and wanted him "tasked" to search devices "on a more consistent basis"... evidence demonstrates company employees routinely snooped for the agency, contemplated "writing a software program" specifically to aid the FBI in rifling through its customers' computers without probable cause for any crime that had been committed, and were "under the direction and control of the FBI." The doctor's lawyer argues Best Buy became an unofficial wing of the FBI by offering $500 for every time they found evidence leading to criminal charges.

Long-time Slashdot reader nickovs writes: Blue Origin was started as a "moon shot" company by Jeff Bezos and recently claimed that it would be offering an "Amazon-like" delivery service to the moon by 2020. In the mean time it seems their customers will be slightly closer to Earth: this week they announced that they now have a paying customer in the form of the satellite TV company Eutelsat. While this isn't a huge technical milestone, it is a major business milestone, turning Blue Origin from a hobby business into one which might eventually make a profit. According to a New York Times article, "The commercial partnership brings Blue Origin closer in line with SpaceX, created by Elon Musk, which has been launching satellites and taking NASA cargo to the International Space Station for several years."
Meanwhile, SpaceX announced last week that two space tourists have already put down "a significant deposit" for a week-long trip around the moon at the end of 2018, adding "Other flight teams have also expressed strong interest and we expect more to follow."

After WikiLeaks revealed data exposing information about the CIA's arsenal of hacking tools, Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code. PCWorld reports: The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter. In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a "Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant." The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system's hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell. The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system's current EFI or against an EFI image previously extracted from a system.

An anonymous reader quotes a report from TechCrunch: The feud between Oculus and ZeniMax Media is opening up once again, this time with the CTO of Oculus, John Carmack, suing his former employer for earnings that he claims are still owed to him. The suit is largely unrelated to the $6 billion trade secrets suit which ended last month with a $500 million judgment against Oculus. Instead, Carmack is suing ZeniMax Media for $22.5 million that he says has not been paid to him for the 2009 sale of his game studio, id Software, known for such pioneering video game classics as Doom and Quake. The lawsuit reveals that ZeniMax Media paid $150 million for the game studio. The document details that Carmack was set to earn $45 million from the id acquisition. In 2011, Carmack converted half of that note into a half-million shares of ZeniMax common stock, but has yet to receive the other half of his earnings in cash or common stock from the company, despite formal requests being made. The lawsuit was reported first by Dallas News.

An anonymous reader quotes a report from The Verge: Verizon is taking a page out of AT&T's book by zero rating its Fios cable TV service for all Verizon Wireless customers. That means that if you purchase your mobile data plan from Verizon Wireless and your cable TV plan from Fios, you can now use the Fios Mobile app to stream live channels and on-demand shows and not have it count against your monthly data cap. (It should be noted that Verizon Wireless and Fios are separate subsidiaries, but both are owned by Verizon Communications.) This builds on Verizon's previous decision to zero rate its Go90 mobile app for customers of its own wireless service, which net neutrality advocates see as prioritizing its own products to the detriment of those from competitors and upstarts. One notable exception here is for customers with unlimited mobile data plans. Streaming Fios Mobile content will in fact count toward the unlimited plans' 22GB a month cap, after which Verizon will cap speeds. This caveat is not made clear in Verizon's marketing language, and instead is found only in the App Store release notes.

MojoKid writes from a report via HotHardware: NVIDIA is officially launching its most powerful gaming graphics card today, the GeForce GTX 1080 Ti. It was announced last week at the Game Developers Conference and pre-orders began shortly thereafter. However, the cards will begin shipping today and NVIDIA has lifted the veil on performance reviews. Though its memory complement and a few blocks within the GPU are reduced versus NVIDIA's previous top-end card, the Titan X, the GeForce GTX 1080 Ti makes up for its shortcomings with a combination of refinement and the brute force of higher memory clocks, based on new and improved Micron GDDR5X memory, faster core clocks and an improved cooler. For gamers, the good news is, the 1080 Ti retails for $699, versus $1200 for the Titan X, and it is in fact faster, for the most part. Throughout a battery of game tests and benchmarks, regardless of the resolution or settings used, the GeForce GTX 1080 Ti performed on par with or slightly faster than the NVIDIA Titan X and roughly 30-35% better than the standard GeForce GTX 1080 Founders Edition. Versus AMD's current flagship GPU, the Radeon R9 Fury X, there is no competition; the GeForce GTX 1080 Ti was nearly 2x faster than the Fury X in some cases.

The European Union's top court ruled in May 2014 that people could ask search engines, such as Google or Microsoft's Bing, to remove inadequate or irrelevant information from the web results produced from searches for people's names. Today, the court is limiting the so-called "right to be forgotten" principle, ruling that individuals cannot demand that personal data be erased from company records in an official register. Reuters reports: In Thursday's ruling the European Court of Justice said that company registers needed to be public to ensure legal certainty and to protect the interests of third parties. Company registers only contained a limited amount of personal information and, as executives in companies should disclose their identity and functions, it said. This did not constitute too severe an interference in their private lives and personal data. However, the court said there might be specific situations in which access to personal data in company registers could be limited, such as a long period after a company's dissolution. But this should be determined on a case-by-case basis.

An anonymous reader shares a report: Software engineers in Seattle stay at companies an average of six months longer than do their counterparts in San Francisco, according to data from online job search giant Indeed. That may seem like a small difference, but it's actually quite significant when compared to the total time engineers tend to stay with a company. In Seattle, they average 29 months while San Francisco devs stick around for about 23 months. Doug Gray, Indeed's senior vice president of engineering, shared that finding along with other statistics during an event on attracting tech talent, hosted by the Seattle Chamber of Commerce on Thursday morning. "That is another thing that we should be promoting here in Seattle, is that greater loyalty, which leads to the ability for someone to have an impact in their company, for them to actually have greater career development within that company," said Gray.Also see: Scraping By On Six Figures? Tech Workers Feel Poor in Silicon Valley's Wealth Bubble

China has expressed concern over revelations in a trove of data released by Wikileaks purporting to show that the CIA can hack all manner of devices, including those made by Chinese companies. From a report on Reuters: Dozens of firms rushed to contain the damage from possible security weak points following the anti-secrecy organization's revelations, although some said they needed more details of what the U.S. intelligence agency was up to. Widely-used routers from Silicon Valley-based Cisco were listed as targets, as were those supplied by Chinese vendors Huawei and ZTE and Taiwan supplier Zyxel for their devices used in China and Pakistan. "We urge the U.S. side to stop listening in, monitoring, stealing secrets and internet hacking against China and other countries," Chinese Foreign Ministry spokesman Geng Shuang told a daily news briefing.

Uber has admitted it used a tool to thwart city regulators, and announced a review of its controversial Greyball technology. From a report on USA Today: Greyballing, a play on blackballing, was a way for Uber officials to remotely provide ghost driver information to a targeted individual. A March 3 report on the program in The New York Times cited a 2014 example where a regulator in Portland, Ore., a city in which Uber was operating without approval at the time, was unable to hail a car because of his Greyball-powered app. "We have started a review of the different ways this technology has been used to date," Joe Sullivan, Uber's chief security officer, wrote in a blog post. "In addition, we are expressly prohibiting its use to target action by local regulators going forward."

An anonymous reader quotes a report from Digital Trends: While Microsoft is addressing some other complaints about Windows 10 in the upcoming Creators Update -- such as privacy concerns over the data that's being transmitted and issues regarding how the operating system updates itself -- the company seems intent on retaining Windows 10's advertising functionality. In fact, it has apparently been adding OneDrive commercials to File Explorer, ExtremeTech reports. Basically, you might start seeing a new promotion for OneDrive when you're perusing your file structure in Windows 10. OneDrive is baked into Windows 10 and can't easily be uninstalled, and Microsoft wants to make sure you know that the 5GB of free OneDrive storage can be easily upgraded to significantly more space. Turning off the OneDrive advertising isn't without consequences. You can go to the View menu in File Explorer, then Options, and select "Change folder and search options." In the next window, select the View menu, then scroll down to and uncheck the "Show sync provider notifications" option. Note that while this should disable the OneDrive ads, it will also stop you from seeing potentially important notifications from OneDrive. The report notes that, while these OneDrive ads aren't new, "they seem to be showing up more often for more people."

A federal criminal investigation is being opened into WikiLeaks' publication of documents detailing alleged CIA hacking operations, CNN reports citing several U.S. officials. From the report: The officials said the FBI and CIA are coordinating reviews of the matter. The investigation is looking into how the documents came into WikiLeaks' possession and whether they might have been leaked by an employee or contractor. The CIA is also trying to determine if there are other unpublished documents WikiLeaks may have. The documents published so far are largely genuine, officials said, though they are not yet certain if all of them are and whether some of the documents may have been altered. One of the biggest concerns for the federal government is if WikiLeaks publishes critical computer code on how operations are conducted, other hackers could take that code and cause havoc overseas. Security expert Robert Graham, wrote on Tuesday: The CIA didn't remotely hack a TV. The docs are clear that they can update the software running on the TV using a USB drive. There's no evidence of them doing so remotely over the Internet. The CIA didn't defeat Signal/WhatsApp encryption. The CIA has some exploits for Android/iPhone. If they can get on your phone, then, of course they can record audio and screenshots. Technically, this bypasses/defeats encryption -- but such phrases used by Wikileaks are highly misleading, since nothing related to Signal/WhatsApp is happening. [...] This hurts the CIA a lot. Already, one AV researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak. We can develop anti-virus and intrusion-detection signatures based on this information that will defeat much of what we read in these documents. This would put a multi-year delay in the CIA's development efforts. Plus, it'll now go on a witch-hunt looking for the leaker, which will erode morale.

A federal criminal investigation is being opened into WikiLeaks' publication of documents detailing alleged CIA hacking operations, CNN reports citing several U.S. officials. From the report: The officials said the FBI and CIA are coordinating reviews of the matter. The investigation is looking into how the documents came into WikiLeaks' possession and whether they might have been leaked by an employee or contractor. The CIA is also trying to determine if there are other unpublished documents WikiLeaks may have. The documents published so far are largely genuine, officials said, though they are not yet certain if all of them are and whether some of the documents may have been altered. One of the biggest concerns for the federal government is if WikiLeaks publishes critical computer code on how operations are conducted, other hackers could take that code and cause havoc overseas. Security expert Robert Graham, wrote on Tuesday: The CIA didn't remotely hack a TV. The docs are clear that they can update the software running on the TV using a USB drive. There's no evidence of them doing so remotely over the Internet. The CIA didn't defeat Signal/WhatsApp encryption. The CIA has some exploits for Android/iPhone. If they can get on your phone, then, of course they can record audio and screenshots. Technically, this bypasses/defeats encryption -- but such phrases used by Wikileaks are highly misleading, since nothing related to Signal/WhatsApp is happening. [...] This hurts the CIA a lot. Already, one AV researcher has told me that a virus they once suspected came from the Russians or Chinese can now be attributed to the CIA, as it matches the description perfectly to something in the leak. We can develop anti-virus and intrusion-detection signatures based on this information that will defeat much of what we read in these documents. This would put a multi-year delay in the CIA's development efforts. Plus, it'll now go on a witch-hunt looking for the leaker, which will erode morale.

Mozilla has confirmed that Firefox 52, the new version of its browser it made available earlier this week, will be the last major version to support two legacy operating systems - Windows XP and Windows Vista. The company said future versions will require Windows users to be on a machine that has at a minimum Windows 7 running on it.

Cindy Cohn, writing for EFF: The dark side of this story is that the documents confirm that the CIA holds on to security vulnerabilities in software and devices -- including Android phones, iPhones, and Samsung televisions -- that millions of people around the world rely on. The agency appears to have failed to accurately assess the risk of not disclosing vulnerabilities to responsible vendors and failed to follow even the limited Vulnerabilities Equities Process. As these leaks show, we're all made less safe by the CIA's decision to keep -- rather than ensure the patching of -- vulnerabilities. Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans.

An anonymous reader quotes a report from BleepingComputer: The number of Dark web services has gone down significantly following the Freedom Hosting II hack that took place at the start of February, and only consists of around 4,400 services, according to a recently published OnionScan report. Previous research published in April 2016 by threat intelligence firm Deep Light had the total number of Dark Web services at around 30,000. Comparing the two numbers, the report shows a decrease of over 85% in the overall size of Dark Web in the last year alone. According to the recent OnionScan statistics, the Dark Web is laughably small, with around 4,000 HTTP websites, 250 TLS (HTTPS) endpoints, 100 SMTP services, and only 10 FTP nodes.

Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report. 1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.
2) Doing so would make apps like Signal, Telegram and WhatsApp entirely insecure. Encrypted messaging apps are only as secure as the devices they are used on -- if an operating system is compromised, then the messages can be read before they are encrypted and sent to the other user(s).
3) The CIA could use smart TVs to listen in on conversations that happened around them. One of the most eye-catching programs detailed in the documents is "Weeping Angel." That allows intelligence agencies to install special software that allows TVs to be turned into listening devices -- so that even when they appear to be switched off, they're actually on.
4) The agency explored hacking into cars and crashing them, allowing "nearly undetectable assassinations." Many of the documents reference tools that appear to have dangerous and unknown uses. One file, for instance, shows that the CIA was looking into ways of remotely controlling cars and vans by hacking into them.
5) The CIA hid vulnerabilities that could be used by hackers from other countries or governments. Such bugs were found in the biggest consumer electronics in the world, including phones and computers made Apple, Google and Microsoft. But those companies didn't get the chance to fix those exploits because the agency kept them secret in order to keep using them, the documents suggest.
6) More information is coming. The documents have still not been looked through entirely. There are 8,378 pages of files, some of which have already been analyzed but many of which haven't. And that's not to mention the other sets of documents that are coming. The "Year Zero" leaks are just the first in a series of "Vault 7" dumps, Julian Assange said. You can view the Vault 7 Part 1 'Year Zero' release here via WikiLeaks. The Intercept has an in-depth report focusing on how the "CIA Could Turn Smart TVs Into Listening Devices."

An anonymous reader quotes a report from Associated Press: Amazon dropped its fight against a subpoena issued in an Arkansas murder case after the defendant said he wouldn't mind if the technology giant shared information that may have been gathered by an Amazon Echo smart speaker. James Andrew Bates has pleaded not guilty to first-degree murder in the death of Victor Collins, who was found dead in a hot tub at Bates' home. In paperwork filed Monday, Bates said Amazon could share the information and Amazon said it handed over material on Friday. The Echo "listens" for key words and may have recorded what went on before Collins was found dead in November 2015. Amazon had fought a subpoena, citing its customers' privacy rights. A hearing had been set for Wednesday on whether any information gathered was even pertinent.

An anonymous reader quotes a report from Associated Press: Amazon dropped its fight against a subpoena issued in an Arkansas murder case after the defendant said he wouldn't mind if the technology giant shared information that may have been gathered by an Amazon Echo smart speaker. James Andrew Bates has pleaded not guilty to first-degree murder in the death of Victor Collins, who was found dead in a hot tub at Bates' home. In paperwork filed Monday, Bates said Amazon could share the information and Amazon said it handed over material on Friday. The Echo "listens" for key words and may have recorded what went on before Collins was found dead in November 2015. Amazon had fought a subpoena, citing its customers' privacy rights. A hearing had been set for Wednesday on whether any information gathered was even pertinent.

An anonymous reader quotes a report from Ars Technica: Speculation that Sprint will merge with T-Mobile USA or another competitor has ramped up since the inauguration of President Donald Trump. That continued Friday when a report from The New York Times suggested that Sprint could be combined with either T-Mobile or Comcast, the nation's largest cable company. Masayoshi Son, founder and CEO of Sprint owner SoftBank, "and his financial advisers are weighing several major possible deals for Sprint," the Times wrote. "Be it a tie-up with T-Mobile U.S., Sprint's closest competitor, or a more ambitious marriage with the cable colossus Comcast, a transaction would allow Mr. Son to fulfill a long-held ambition to invest aggressively in wireless networks in the United States and enable next-generation mobile technology." Titled "The World's Top Tech Investor Is Betting Big on Trump," the Times report says that "the Trump administration's push for lighter regulation and lower taxes has been a powerful lure for cash-rich investors the world over." SoftBank, which is based in Japan, had several of its executives "spen[d] a day in Washington talking to senior members of Mr. Trump's economic team" last month, according to bankers who were briefed on the meetings, the Times report said. U.S. regulators opposed wireless consolidation during the Obama administration, preventing potential mergers between AT&T and T-Mobile and later between Sprint and T-Mobile. With four major nationwide carriers, U.S. wireless competition recently led to an expansion of unlimited data plans.

Early Monday morning North Korea fired four ballistic missiles into the sea of Japan, lending a new urgency to Saturday's revelation from the New York Times of America's "secret cyberwar" with North Korea. Slashdot reader Frosty Piss summarizes its suspected effects succinctly: "Soon after ex-President Obama ordered the secret program three years ago, North Korean missiles began exploding, veering off course, or crashing into the sea."

The Times reports the program was started when Obama "concluded that the $300 billion spent since the Eisenhower era on traditional anti-missile systems...had failed the core purpose of protecting the continental United States," with tests of missile interceptors showing an overall failure rate of at least 56%. But after interviewing government officials, the Times concludes that the U.S. "still does not have the ability to effectively counter the North Korean nuclear and missile programs." Options include escalating the cyber and electronic warfare, trying to negotiate a freeze, asking the Chinese to cut off trade and support, or preparing for direct missile strikes on the launch sites, "which Obama also considered, but there is little chance of hitting every target." The New York Times article concludes: The White House is looking at military options against North Korea, a senior Trump administration official said. Putting U.S. tactical nuclear weapons back in South Korea -- they were withdrawn a quarter-century ago -- is also under consideration, even if that step could accelerate an arms race with the North.

Early Monday morning North Korea fired four ballistic missiles into the sea of Japan, lending a new urgency to Saturday's revelation from the New York Times of America's "secret cyberwar" with North Korea. Slashdot reader Frosty Piss summarizes its suspected effects succinctly: "Soon after ex-President Obama ordered the secret program three years ago, North Korean missiles began exploding, veering off course, or crashing into the sea."

The Times reports the program was started when Obama "concluded that the $300 billion spent since the Eisenhower era on traditional anti-missile systems...had failed the core purpose of protecting the continental United States," with tests of missile interceptors showing an overall failure rate of at least 56%. But after interviewing government officials, the Times concludes that the U.S. "still does not have the ability to effectively counter the North Korean nuclear and missile programs." Options include escalating the cyber and electronic warfare, trying to negotiate a freeze, asking the Chinese to cut off trade and support, or preparing for direct missile strikes on the launch sites, "which Obama also considered, but there is little chance of hitting every target." The New York Times article concludes: The White House is looking at military options against North Korea, a senior Trump administration official said. Putting U.S. tactical nuclear weapons back in South Korea -- they were withdrawn a quarter-century ago -- is also under consideration, even if that step could accelerate an arms race with the North.

Early Monday morning North Korea fired four ballistic missiles into the sea of Japan, lending a new urgency to Saturday's revelation from the New York Times of America's "secret cyberwar" with North Korea. Slashdot reader Frosty Piss summarizes its suspected effects succinctly: "Soon after ex-President Obama ordered the secret program three years ago, North Korean missiles began exploding, veering off course, or crashing into the sea."

The Times reports the program was started when Obama "concluded that the $300 billion spent since the Eisenhower era on traditional anti-missile systems...had failed the core purpose of protecting the continental United States," with tests of missile interceptors showing an overall failure rate of at least 56%. But after interviewing government officials, the Times concludes that the U.S. "still does not have the ability to effectively counter the North Korean nuclear and missile programs." Options include escalating the cyber and electronic warfare, trying to negotiate a freeze, asking the Chinese to cut off trade and support, or preparing for direct missile strikes on the launch sites, "which Obama also considered, but there is little chance of hitting every target." The New York Times article concludes: The White House is looking at military options against North Korea, a senior Trump administration official said. Putting U.S. tactical nuclear weapons back in South Korea -- they were withdrawn a quarter-century ago -- is also under consideration, even if that step could accelerate an arms race with the North.

Sprint "may have just scored its biggest payout yet," reports Ars Technica, pointing out that Sprint's been filing lawsuits over its VoIP patents for more than a decade. An anonymous reader quotes their report: On Friday, a jury in Sprint's home district of Kansas City said that Time Warner Cable, now part of Charter Communications, must pay $139.8 million for infringing several patents related to VoIP technology. The jury found that TWC's infringement was willful, which means that the judge could increase the damage award up to three times its value... Sprint filed the lawsuits that led to Friday's verdict in 2011, when it sued TWC along with Comcast, Cox, and Cable One, saying the competing companies violated 12 different Sprint business VoIP patents.
The article points out that Comcast's response was to immediately file a countersuit, which so far has resulted in an early $7.5 million verdict in their favor.

An anonymous reader writes: Federal prosecutors just dropped charges against a child pornography suspect rather than reveal the source code for their Tor exploit. Of the 200 cases they're prosecuting nationwide, this is only the second one where the FBI has asked that the case be dismissed. "Disclosure is not currently an option," federal prosecutors wrote in a court ruling Friday. The Department of Justice is still prosecuting 135 different people believed to have accessed an illegal child pornography web site. Before shutting it down, the FBI seized the site and operated it themselves for 13 more days, which allowed them to deploy malware to expose the users' real IP addresses.

An anonymous reader writes: "A vulnerability discovered by Google Project Zero security researchers and left without a patch by Microsoft received a temporary fix from third-party security vendor ACROS Security," according to Bleeping Computer. Microsoft is set to officially patch the flaw on March 15, after it previously pushed back February's Patch Tuesday for next month.

"According to Google researchers, attackers could leverage malformed EMF files to expose data found in the victim's memory, which can then be leveraged to bypass ASLR protection and execute code on the user's computer... ACROS Security has issued a temporary patch that can be applied to Windows computers via its product, called 0patch, a platform that applies fixes for zero-days, unpatched vulnerabilities, end-of-life and unsupported products, for legacy OSes, vulnerable 3rd party components, and customized software." When Microsoft issues an official update, the temporary patch will stop working immediately.

An anonymous reader writes: "A vulnerability discovered by Google Project Zero security researchers and left without a patch by Microsoft received a temporary fix from third-party security vendor ACROS Security," according to Bleeping Computer. Microsoft is set to officially patch the flaw on March 15, after it previously pushed back February's Patch Tuesday for next month.

"According to Google researchers, attackers could leverage malformed EMF files to expose data found in the victim's memory, which can then be leveraged to bypass ASLR protection and execute code on the user's computer... ACROS Security has issued a temporary patch that can be applied to Windows computers via its product, called 0patch, a platform that applies fixes for zero-days, unpatched vulnerabilities, end-of-life and unsupported products, for legacy OSes, vulnerable 3rd party components, and customized software." When Microsoft issues an official update, the temporary patch will stop working immediately.

Munich's "LiMux" project brought FOSS software to their city's IT administration -- until a vote last month on whether to abandon Linux and return to Windows. "Since this decision was reached, the majority of media have reported that a final call was made to halt LiMux and switch back to Microsoft software," reports the Free Software Foundation Europe. "This is, however, not an accurate representation of the outcome of the city council meeting." An anonymous reader quotes their report: The opposing parties were overruled, but the decision was amended such that the strategy document must specify which LiMux-applications will no longer be needed, the extent in which prior investments must be written off, and a rough calculation of the overall costs of the desired unification... [Only then will the city council make their final decision...] We succeeded thus far in forcing the mayor Dieter Reiter to postpone the final decision, and this was possible through the unwavering pressure created by joint efforts between The Document Foundation, KDE, OSBA, and the FSFE together with all the individuals who wrote to city council members and took the issue to the media.

Although the mandate is highly suggestive in that it suggests that the existing vendor-neutral approach is to be replaced with a proprietary solution, it leaves the door open... The new mandate buys us some time. And we will keep going.
Some politicians said they'd never received this much input from the public before, and the Free Software Foundation Europe says the city's issues were caused "from organizational problems, including lack of clear structures and responsibilities," which should not be attributed to the Linux operating system. "LiMux as such is still one of the best examples of how to create a vendor-neutral administration based on Free Software."

Its volunteer-edited web directory formed the basis for early search offerings from Netscape, AOL, and Google. But 19 years later, there's some bad news. koavf writes: As posted on the DMOZ homepage, the Open Directory Project's web listing will go offline on March 14, 2017. Founded in 1998 as "Gnuhoo", the human-curated directory once powered Google and served as a model for Wikipedia.
A 1998 Slashdot editorial prompted Richard Stallman and the Free Software Foundation to complain about how "Gnu" was used in the site's name. "We renamed GnuHoo to NewHoo," a blog post later explained, "but then Yahoo objected to the 'Hoo' (and our red letters, exclamation point, and 'comical font')." After being acquired for Netscape's "Open Directory Project," their URL became directory.mozilla.org, which was shortened to DMOZ. Search Engine Land predicts the memory of the Open Directory Project will still be kept alive by the NOODP meta tag.

The site was so old that its hierarchical categories were originally based on the hierarchy of Usenet newsgroups. As it nears its expiration date, do any Slashdot readers have thoughts or memories to share about DMOZ?

ZDNet's Networking blog calls Firefox "the default web browser for most Linux distributions" and "easily the most popular Linux web browser" (with 51.7% of the vote in a recent survey by LinuxQuestions, followed by Chrome with 15.67%). But is it the fastest? An anonymous reader writes: ZDNet's Networking blog just ran speed tests on seven modern browsers -- Firefox, Chrome, Chromium, Opera (which is also built on Chromium), GNOME Web (formerly Epiphany), and Vivaldi (an open-source fork of the old Opera code for power-users). They subjected each browser to the JavaScript test suites JetStream, Kraken, and Octane, as well as reaction speed-testing by Speedometer and scenarios from WebXPRT, adding one final test for compliance with the HTML5 standard.

The results? Firefox emerged "far above" the other browsers for the everyday tasks measured by WebXPRT, but ranked near the bottom in all of the other tests. "Taken all-in-all, I think Linux users should look to Chrome for their web browser use," concludes ZDNet's contributing editor. "When it's not the fastest, it's close to being the speediest. Firefox, more often than not, really isn't that fast. Of the rest, Opera does reasonably well. Then, Chromium and Vivaldi are still worth looking at. Gnome Web, however, especially with its dreadful HTML 5 compatibility, doesn't merit much attention."
The article also reports some formerly popular Linux browsers are no longer being maintained, linking to a KDE forum discussion that concludes that Konqueror and Rekonq "are both more or less dead."

JavaScript developer (and JSON proponent) Douglas Crockford recently described "a theoretical post-JavaScript World," according to InfoWorld. Crockford "believes the web development staple needs a successor that can fix multiple programming nuances." An anonymous reader summarizes their report: Despite its status as the world's most popular language, Crockford told an audience at the Oracle Code conference, "It would be sad if JavaScript turns out to be the last language." He complained that JavaScript has two different ways of declaring variables -- let and var -- as well as two different "bottom variables" with no value -- both null and undefined. "There's an argument among language designers, should we have bottom values at all? But there's nobody who thinks you should have two of them."

According to InfoWorld, Crockford "also presented a scenario with JavaScript being turned into a purely functional programming language by getting rid of 'impurities' like date, the delete operation, math.random and object.assign. Afterward, he stressed replacing JavaScript rather than adding functional capabilities to it... The next language also should be better able to deal with multiple cores. Most languages have followed the sequential model of Fortran, executing one operation after another, he said. 'That's not how the world works anymore. We now have lots of cores available to us, which all want to be running at the same time.'"
In other news, Crockford also proposed ending the "spaces vs. tabs" debate by simply eliminating tabs altogether.

"Starting April 3, 2017, U.S. Citizenship and Immigration Services will temporarily suspend premium processing for all H-1B petitions," read Friday's announcement, which says the suspension "may last up to 6 months." Slashdot reader elrous0 sees it as part of the "ongoing efforts to curb abuses in the controversial H-1B program." The San Francisco Chronicle reports: While it could be difficult to divorce the move Friday from the Trump administration's broader immigration crackdown, some experts believed the agency's decision to be apolitical. "It has everything to do with an understaffed, overworked, U.S. Citizenship and Immigration Services," said Jason Finkelman, an Austin, Texas, immigration attorney, adding that the wait time for an H-1B visa in California is currently about eight months. However, Vivek Wadhwa, an adjunct professor at Carnegie Mellon University's Silicon Valley campus in NASA Ames Research Center at Moffett Field, said the suspension seems like a message from the government that you "can't buy your way into America."
Whatever the motivation, Engadget believes this will impact large tech companies. "Financial Times quotes a lawyer saying that 'close to 100 percent' of applications from companies like Microsoft utilize the option."

Jolla released their Android-free mobile Linux OS (Sailfish) on their own smartphones, "but has always intended to offer it to other manufacturers," according to Silicon. The next Sailfish smartphone was the Inex Aqua Fish, and people with Sony Xperia phones can now also run Sailfish through the Sony Open Devices Program. But their next big customer is the nation of China. Mickeycaskill quotes Silicon. The Sailfish China Consortium has gained the exclusive rights and license to develop a Chinese operating system based on Sailfish. Russia is also using Sailfish to build a national mobile OS in a bid to reduce its reliance on Western technology and reduce the risk of foreign surveillance. Jolla claimed that there have been many attempts to build a national OS on Android but these had been unsuccessful because of Google's control over the code.
One of the consortium's investors claims "several" major Chinese companies are already interested in joining them, adding "I have been closely following Sailfish OS development, and seen many Chinese projects fail, while Jolla's Sailfish OS has been steadily progressing. Sailfish OS is the only viable alternative for China."

An anonymous reader quotes a report from Ars Technica: The FCC in 2015 made it clear that voice service providers can offer call blocking tools to customers, but commissioners said at the time that more needed to be done about Caller ID spoofing. FCC Chairman Ajit Pai has now scheduled a preliminary vote for March 23 on new rules designed to solve the problem. "One particularly pernicious category of robocalls is spoofed robocalls -- i.e., robocalls where the caller ID is faked, hiding the caller's true identity," the proposal says. "Fraudsters bombard consumers' phones at all hours of the day with spoofed robocalls, which in some cases lure consumers into scams (e.g., when a caller claims to be collecting money owed to the Internal Revenue Service) or lead to identity theft." The proposed rules would let providers "block spoofed robocalls when the spoofed Caller ID can't possibly be valid." Providers would be able to block numbers that aren't valid under the North American Numbering Plan and block valid numbers that haven't been allocated to any phone company. They'd also be able to block valid numbers that have been allocated to a phone company but haven't been assigned to a subscriber. The proposal would also codify the FCC's previous guidance that phone companies can block calls when requested by the spoofed number's subscriber. The upcoming vote on March 23 is for a Notice of Proposed Rulemaking (NPRM), which means the rules won't take effect immediately. The FCC uses NPRMs to seek comment on proposals before issuing final rules.

Less than a week after Elon Musk's SpaceX announced it would soon offer space tourists a cruise around the moon, Blue Origin founder Jeff Bezos has announced that he would be launching an Amazon-like service shipping supplies, experiments, and crew to the Moon by 2020. From a report: Amazon billionaire Jeff Bezos' Blue Origin space venture has proposed sending a robotic lander to the moon's south polar region by 2020, as an initial step toward an "Amazon-like" lunar delivery system and eventually a permanently inhabited moon base. The report says the company's seven-page proposal, dated Jan. 4, has been circulating among NASA's leadership and President Donald Trump's transition team. It's only one of several proposals aimed at turning the focus of exploration beyond Earth orbit to the moon and its environs during Trump's term.

Last year, a Washington Post investigation found several instances of miners -- including children -- labored in hazardous, even deadly, conditions at Congo's artisanal cobalt supply chain. Amnesty International and other human rights groups also have alleged problems. Earlier this week, British broadcaster Sky New published an investigation that alleged continued problems in the cobalt supply chain. The Washington Post now reports: Apple said it has temporarily stopped buying cobalt mined by hand in Congo while it continues to deal with problems with child labor and harsh work conditions. The Post connected this troubling trade to Zhejiang Huayou Cobalt Company, a Chinese firm that is the largest buyer of artisanal cobalt in Congo and whose minerals are used in Apple products. Last year, Apple pledged to clean up its cobalt supply chain, but the tech giant said it wanted to avoid hurting the Congolese miners by cutting them off. Mining provides vital income for hundreds of thousands of people in one of the poorest countries in the world. Now, Apple says it has stopped -- for now -- buying cobalt from artisanal mines (Editor's note: the link could be paywalled; alternate source). "We have been working with Huayou on a program that will verify individual artisanal mines, according to our standards," Apple said in a statement, "and these mines will re-enter our supply chain when we are confident that the appropriate protections are in place."

After Microsoft announced Xbox Game Pass earlier this week -- a monthly service coming this spring that will give you a selection of games you can download and play on your Xbox One for $9.99 a month, GameStop's stock price dropped nearly 8 percent. The news likely worries investors who view Xbox's instant game library a potential threat to GameStop's sales. VentureBeat reports: The brick-and-mortar retailer makes quite a lot of its money from secondhand sales where it resells products that consumers have traded in. If more people are playing digital games, that takes product out of the supply chain that could end up on GameStop store shelves. Additionally, Game Pass looks like it will primarily traffic in older games that people would typically would purchase used. Older releases like Mad Max, Saints Row IV, and Halo 5 are some of the big options that Microsoft is highlighting. Of course, GameStop isn't completely removed from the digital-gaming ecosystem. The retailer sells a lot of currency cards for the Xbox Store, the PlayStation Store, the Steam PC-gaming portal, and it's possible that people who don't like using a credit card will purchase cards to buy their subscription to Game Pass through GameStop. But that will likely not make up for a dearth of used-game sales or trade-ins if a lot of people adopt a Game Pass subscription.

An anonymous reader quotes a report from The Mercury News: Uber will apply for a state permit to test its self-driving cars on public roads [in California], the company said Thursday, more than a month after the California Department of Motor Vehicles shut down Uber's autonomous vehicle pilot program. The DMV already has reinstated the registrations for two of Uber's self-driving Volvos, which are back on the road in San Francisco, an Uber spokeswoman said. The cars will not go into self-driving mode until the permit is issued, she said. "These cars are legally registered and are being driven manually," an Uber spokeswoman said. "We are taking steps to complete our application to apply for a DMV testing permit. As we said in December, Uber remains 100 percent committed to California." DMV spokeswoman Jessica Gonzalez confirmed that regulators have been working with Uber on the application process. "Uber hasn't formally submitted their autonomous vehicle tester program application," Gonzalez wrote in an email, "but just as we would with any other manufacturer, the DMV is providing assistance with the steps necessary to apply for and receive a test permit."

Kelly, who returned to Earth after 340 days in space last year, is working on a memoir about his experience in the space since, and how he has been seeing the planet since. Two excerpts from his article on Time: The mission that I prepared for was, for the most part, the mission I flew. The data is still being analyzed, but the scientists are excited about what they are seeing so far. The genetic differences that appeared between my twin brother Mark and me could unlock new knowledge, not only about what spaceflight does to our bodies but also about how we age here on Earth. Emerging results reveal the condition of my telomeres -- the ends of our chromosomes that indicate our genetic age -- actually improved while I was in space compared to Mark's, contrary to expectations. The studies I worked on show promise in helping scientists reach solutions to health problems that emerge in long-duration spaceflight -- problems such as bone loss, muscle deterioration, damage to vision and the effects of extended radiation exposure. [...] Personally, I've learned that nothing feels as amazing as water. The night my plane landed in Houston and I finally got to go home, I did exactly what I'd been saying all along I would do: I walked in the front door, walked out the back door and jumped into the swimming pool, still in my flight suit. I'll never take water for granted again. Russian cosmonaut Misha Kornienko says he feels the same way. I've learned that showing up early, whether it's to a job interview or a spacewalk, is the only way to stay ahead of the game and be successful. "If you're not five minutes early, you're already late."

Marco della Cava and Jessica Guynn, writing for USA Today: The former Uber engineer whose critical blog post has stirred a storm of controversy for the ride-hailing giant has retained an attorney, charging that her former employer is blaming her for a rash of app deletions. Susan Fowler, whose Feb. 19 essay detailed myriad examples of sexism, tweeted Thursday that "Uber names/blames me for account deletes, and has a different law firm - not Holders (sic) - investigating me."

Amazon is apologizing for the disruptions to its S3 storage service that knocked down and -- in some cases affected -- dozens of websites earlier this week. The company also outlined what caused the issue -- the event was triggered by human error. The company said an authorized S3 team member using an established playbook executed a command which was intended to remove a small number of servers for one of the S3 subsystems that is used by the S3 billing process. "Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended," the company said in a press statement Thursday. It adds: The servers that were inadvertently removed supported two other S3 subsystems. One of these subsystems, the index subsystem, manages the metadata and location information of all S3 objects in the region. This subsystem is necessary to serve all GET, LIST, PUT, and DELETE requests. The second subsystem, the placement subsystem, manages allocation of new storage and requires the index subsystem to be functioning properly to correctly operate. The placement subsystem is used during PUT requests to allocate storage for new objects. Removing a significant portion of the capacity caused each of these systems to require a full restart. While these subsystems were being restarted, S3 was unable to service requests. Other AWS services in the US-EAST-1 Region that rely on S3 for storage, including the S3 console, Amazon Elastic Compute Cloud (EC2) new instance launches, Amazon Elastic Block Store (EBS) volumes (when data was needed from a S3 snapshot), and AWS Lambda were also impacted while the S3 APIs were unavailable.

An anonymous reader quotes a report from Rob Pegoraro via Yahoo Finance: Two things unite almost every phone on display here at Mobile World Congress 2017: Android and a headphone jack. Apple doesn't exhibit its wares at this trade show, so the domination of Google's operating system is predictable. But the headphone jack's persistence did not look so inevitable when Apple cut it from the iPhone 7 and iPhone 7 Plus last September. Lenovo's Motorola subsidiary had already shipped a phone without a headphone hack, the Moto Z, and Apple's influence over the rest of the smartphone industry remains formidable -- indeed, within months, the Chinese firm LeEco had debuted a lineup of Android phones devoid of headphone jacks. As my colleague David Pogue predicted in a post approving Apple's move: "Other brands worldwide will be following suit." The hardware on display here at the world's largest mobile tech conference, though, suggests otherwise. Two days of walking around the show floor showed companies expressing a consistent unwillingness to abandon the humble headphone jack, even on models as thin as, or thinner than, the iPhone 7. The MWC floor revealed only one company willing to do away with the headphone jack: HTC. The Taiwan-based firm, which has struggled financially for years despite shipping such well-reviewed models as the HTC 10, used its exhibit to showcase the U Ultra and the U Play, which rely on their USB-C ports for audio output. Unlike, Apple, though, the company didn't make the move to save space, but rather to incorporate its "USonic" feature, which lets the phones' headphones calibrate themselves to your ears and provide noise cancellation.

Following two separate security breaches revealed last year that compromised the personal information of more than 1.5 billion users, Yahoo CEO Marissa Mayer announced today via her Tumblr page that she will be redistributing her annual bonus and equity stock grant to Yahoo employees. The Verge reports: Relevant to Mayer's admission here, an independent committee Yahoo brought on to investigate the hacks found the company to be at fault for not sufficiently responding to the security incidents. "While significant additional security measures were implemented in response to those incidents, it appears certain senior executives did not properly comprehend or investigate, and therefore failed to act sufficiently upon, the full extent of knowledge known internally by the company's information security team," reads the committee's findings, which are contained in Yahoo's 10-K report for 2016. As a result of the hacks, Yahoo's top lawyer, Ron Bell, has been fired, Recode reported today. Mayer has accumulated about $162 million during the five years she's spent as the company's CEO in both salary and stock awards, according to CNN. She's also due about $55 million in severance if she decides to leave the company following its acquisition by Verizon. So it's safe to say her bonus would involve a hefty amount of money now going to Yahoo employees who have weathered the storm throughout Mayer's tumultuous tenure.

Following two separate security breaches revealed last year that compromised the personal information of more than 1.5 billion users, Yahoo CEO Marissa Mayer announced today via her Tumblr page that she will be redistributing her annual bonus and equity stock grant to Yahoo employees. The Verge reports: Relevant to Mayer's admission here, an independent committee Yahoo brought on to investigate the hacks found the company to be at fault for not sufficiently responding to the security incidents. "While significant additional security measures were implemented in response to those incidents, it appears certain senior executives did not properly comprehend or investigate, and therefore failed to act sufficiently upon, the full extent of knowledge known internally by the company's information security team," reads the committee's findings, which are contained in Yahoo's 10-K report for 2016. As a result of the hacks, Yahoo's top lawyer, Ron Bell, has been fired, Recode reported today. Mayer has accumulated about $162 million during the five years she's spent as the company's CEO in both salary and stock awards, according to CNN. She's also due about $55 million in severance if she decides to leave the company following its acquisition by Verizon. So it's safe to say her bonus would involve a hefty amount of money now going to Yahoo employees who have weathered the storm throughout Mayer's tumultuous tenure.

An anonymous reader quotes a report from 9to5Mac: The U.S. Court of Appeals for the Federal Circuit made a decision today to throw out the verdict of a two-year old legal case against Apple based on data storage patents. The original verdict reached by a Texas jury stuck Apple with $533 million in damages. Smartflash LLC targeted game developers who largely all settled out of court in 2014, but Apple defended its use of data storage management and payment processing technology in court. Reuters has more on the new developments: "The trial judge vacated the large damages award a few months after a Texas federal jury imposed it in February 2015, but the U.S. Court of Appeals for the Federal Circuit said on Wednesday the judge should have ruled Smartflash's patents invalid and set aside the verdict entirely. A unanimous three-judge appeals panel said Smartflash's patents were too 'abstract' and did not go far enough in describing an actual invention to warrant protection."

It looks like Yahoo has yet to reach its lowest point. The company revealed today via a regulatory filing that about 32 million user accounts were accessed by hackers in the past two years using forged cookies that allowed them to log into their accounts without passwords. According to Yahoo, the attack is likely connected to the "same state-sponsored actor believed to be responsible for the 2014 [breach]," which resulted in the theft of user information from 500 million user accounts. CNET reports: "Based on the investigation, we believe an unauthorized third party accessed the company's proprietary code to learn how to forge certain cookies," Yahoo said in its annual filing to the Securities and Exchange Commission. The company went on to say that forged cookies have been invalidated to prevent further use on accounts. Yahoo revealed the attack in December but the news was largely overlooked because the company announced at the same time it had identified a separate security breach that took place in 2013 in which hackers stole information on 1 billion Yahoo accounts. Yahoo CEO Marissa Mayer also revealed today that she is giving yahoo employees her annual bonus to make up for the massive hacks.

An anonymous reader writes: "A researcher has discovered what he calls a "logic vulnerability" that allowed him to create a Python script that is fully capable of bypassing Google's reCAPTCHA fields using another Google service, the Speech Recognition API," reports BleepingComputer. The attack is incredibly simple and works by downloading a version of the reCAPTCHA audio challenge, feeding it into Google's Speech Recognition API, getting the text-version of the audio challenge, and feeding it back into the reCAPTCHA field. Proof-of-concept code is available on GitHub, and the researcher says Google has failed to patch the issue, albeit it's unclear if he ever notified the company. The attack also only works against reCAPTCHA v2, not other versions like v1, or the upcoming Invisible reCAPTCHA (v3). Because the source code for the exploit is available online, security experts expect to see it ported to JavaScript and used to create browser extensions that bypass reCAPTCHA fields, especially when using the Tor Browser.

In February 2015, health insurer Anthem said its database had been compromised, exposing personal information for 78.8 million people, including 60 million to 70 million of its current and former customers and employees. Two years later, much of how it happened, who did it, and what consequences Anthem will face remain unanswered. From a report: Anthem has not disclosed the value of its cyber insurance policy, which defrays some of the costs. The hackers were most likely working on behalf of a foreign government. Many security experts believe it was China, but that has not been proven yet. The FBI would not comment on the pending investigation. It's unclear if Anthem will face a federal penalty. It's by far the largest health care data breach, and the Department of Health and Human Services has imposed fines in the past. We don't know for sure that Anthem was fully protected from this type of attack, and a separate federal agency that had a contract with Anthem previously said the insurer did not have controls in place "to prevent rogue devices...from connecting to its networks." Class-action lawsuits are still pending, and fact-finding discovery ended in December. Anthem could escape big damages if people can't show concrete harm.

Applehu Akbar quotes a report from Washington Times: A transgender-issues activist and Democratic candidate for Congress says the advent of the space tourism industry could give private corporations a "frightening amount of power" to destroy the Earth with rocks because of the Moon's military importance. Brianna Wu, a prominent "social justice warrior" in the "Gamergate" controversy who now is running for the House seat in Massachusetts' 8th District, suggested in a since-deleted tweet that companies could drop rocks from the Moon. "The moon is probably the most tactically valuable military ground for earth," the tweet said. "Rocks dropped from there have power of 100s of nuclear bombs." After users on social media questioned her scientific literacy, the congressional candidate clarified that the tweet was "talking about dropping [rocks] into our gravity well." Small space rocks can indeed do nuclear-weapons-scale damage if hitting the Earth at orbital speeds. But launching one from the moon, even setting aside issues of aiming, would still require escaping the satellite's gravitational field, a task that requires the power and thrust contained in a huge rocket.

After a three-month investigation, the acting head of Samsung, Lee Jae-yong, has been charged with bribery and embezzlement in connection with the corruption scandal that led to the impeachment of South Korea's president Park Geun-hye. NPR reports: NPR's Elise Hu reported from Seoul that prosecutors announced the indictment after a three-month investigation: "Samsung acting head Lee Jae-Yong got ensnared after documents showed Samsung funneled some $36 million to the president's close confidant. Prosecutors say the money was paid to win government support of a controversial 2015 company merger. The merger did go through, after a vote of support from the government. In a statement, Samsung says it has not paid bribes or made improper requests to the government. Lee is currently in jail awaiting further proceedings in his case." Lee was arrested on Feb. 17, two months after President Park Geun-hye was impeached over allegations of corruption, influence-peddling and cult ties, as we reported. Those corruption allegations were directly tied to the charges brought against Lee, who also goes by the name Jay Y. Lee.