Slashdot Mirror

An anonymous reader shares a report: One reason for this, if you live in Toronto like me (or anywhere else for that matter), is that there's basically nowhere to spend digital coins in the real world. Coinmap, a service that maps bitcoin-accepting locations all over the world, shows a few places that accept bitcoin in Toronto, but it's clearly out of date -- I called several businesses listed on the site and they had no idea what bitcoin even is. A bigger problem is perfectly illustrated in a Reddit post from Wednesday morning complaining that a bitcoin transaction worth just $9 still hasn't gone through the network after two days of waiting. Two. Days. The likely reason is that the fee attached to the transaction in order to incentivize faster confirmation -- 50 cents, which is about as much of a premium as I'd pay for a $9 transaction -- simply wasn't enough. "Should I have paid $3 on a $9 transfer to get it processed?" the person wrote.

From a report on Motherboard: Freedom of Information Act requests are used by journalists, private citizens, and government watchdogs to acquire public documents from government agencies. FOIAing NASA, however, can be an exercise in futility. In one recent case, Motherboard requested all emails from a specific NASA email address with a specific subject line. Other government agencies have completed similar requests with no problems. NASA, however, said it was "unclear what specific NASA records you are requesting." Possibly the only way to be more specific is to knock on NASA's door and show them a printout of what an email is. JPat Brown, executive editor of public records platform MuckRock, explained similarly frustrating experiences with NASA. "Even in cases where we've requested specific contracts by name and number, NASA has claimed that our request was too broad, and added insult to injury with a form letter rejection that includes the sentence 'we are not required to hunt for needles in bureaucratic haystacks,'" Brown told Motherboard in an email. Brown added that NASA has refused to process records unless presented with a requester's home address, something that is not included in the relevant code; and makes it more difficult for requests to obtain 'media' status.

New submitter gooddogsgotoheaven writes: DIY Powerwall builders from around the world are harvesting old laptop batteries and turning them into powerful batteries capable of supplying energy to their entire homes. "It's the future. It's clean, simple, efficient and powerful," Jehu Garcia, one of the most popular powerwall builders, told me. He and people like him are deciding for themselves what the future of alternative energy will look like, instead of waiting for technology companies to shape it for them. "The end result is being able to rely on something I not only built myself but understand the ins and outs of to power some or all of my electricity in my home. That is inspiring," Joe Williams, another powerwall builder, told me.

David Silverberg reports via Motherboard: One of the most staid and digitally conservative industries is on the verge of a robotic makeover. The global construction space isn't known for ushering new tech into their workforce, but a painful labour shortage, calls for increased worker safety and more low-cost housing, and the need to catch up to other tech-savvy sectors is giving upstarts in robotics and exoskeletons their big moment. The construction industry isn't immune to this phenomenon, but robots and humans may increasingly work hand-in-hand in industrial sectors, according to Brian Turmail, senior executive director of public affairs at the Associated General Contractors of America. This is especially true when the construction industry en masse uses exoskeleton vests, which aim to assist workers with heavy loads and thus reduce their risk of injury.

The Hadrian X is a bricklaying robot courtesy Australia's Fastbrick Robotics, which uses its 30-meter metal arm to lay bricks at a rate of 1,000 bricks per hour, compared to a human worker's average of 1,000 a day. Due for release in late 2017, Hadrian X can read a 3D CAD model of the house and then it follows those instructions precisely, working day and night. New York-based Construction Robotics has also developed its take on a bricklaying robot. SAM can lay 3,000 bricks a day, and the company said it's about time this industry got a whiff of the change almost every other market has been seeing.

Merely weeks after it was announced that Bitcoin was splitting into two separate entities, the initial version of bitcoin and it's new "bitcoin cash," the network is adding a third version, according to a report. From the article: On Wednesday, a group of bitcoiners scheduled yet another split for the network in November, which would create a third version of bitcoin. So, what makes this version different from the others? Right now, the bitcoin network can sometimes take a long time to process transactions due to so many people using it. This is because the "blocks" of transaction data that get added to bitcoin's public ledger, the blockchain, are getting full. In the weeks preceding the fork, bitcoin coalesced around a solution called "segregated witness," which will change how data is stored in blocks to free up some space when it kicks in later in August. But the size of the blocks themselves will stay at one megabyte on the original bitcoin blockchain. Still, some bitcoiners maintained that the only way to speed bitcoin up for the foreseeable future was to increase the size of blocks themselves. So, a group of bitcoin companies and developers got together and launched a fork called bitcoin cash, which does not include segregated witness. It bumped the size of blocks up to a maximum of eight megabytes. That fork was widely anticipated to be a failure before it happened, but at the time of writing, bitcoin cash is trading above $300 USD per coin, which is comparable to cryptocurrencies like ethereum. Sounds like everyone got what they wanted, right? Oh, no. There's a third group of bitcoin developers, companies, and users who advocate for a "best of both worlds approach." This group includes Bitmain, the largest bitcoin infrastructure company in the world, and legendary bitcoin developer Jeff Garzik. They got together back in May and signed what is known as the "New York Agreement," which bound them to implement a two megabyte block size increase alongside segregated witness via a hard fork within six months of the time of signing. They call the fork Segwit2x. Now, that's exactly what's happening. According to an announcement posted to the Segwit2x GitHub repository, a bitcoin block between one and two megabytes will be created at block 494,784.

An anonymous reader shares a report: On Wednesday, encrypted email provider ProtonMail claimed it had hacked someone who was impersonating its service in phishing emails, and the company then swiftly deleted the tweet. Early Wednesday morning, the security researcher known as x0rz tweeted out a series of screenshots allegedly showing someone sending emails that directed targets to a fake ProtonMail login screen. "You have an overdue invoice," the message read. In response, ProtonMail said it had taken action. "We also hacked the phishing site so the link is down now," ProtonMail tweeted. Depending on the context and what exactly the retaliating organization did, hacking back can be illegal. Hacking could violate the Computer Fraud and Abuse Act, or perhaps even wiretapping legislation. A recently proposed bill would attempt to legalize the practice. ProtonMail swiftly deleted its tweet, but not before x0rz could grab and subsequently tweet a screenshot. x0rz then deleted his own tweet at the request of ProtonMail.

After being shutdown by Google and GoDaddy, prominent neo-Nazi website The Daily Stormer has moved their site to the dark web. "The new site is now only available through the Tor network, which allows users to set up their own domains," reports VICE News. "The original site, Dailystormer.com, is now fully offline." From the report: The homepage, as of Tuesday morning, contained articles that make light of the car ramming attack that claimed the life of 32-year-old Heather Heyer; admonish the "Jew media;" liberally employ various racial epithets; and, in a less offensive post, provided an update on which characters are available on Pokemon Go. In a statement, the site's founder promised to bring his site back online. "The Daily Stormer will be live in internet prison with drug dealers, terrorists and perverts, which is where we've been exiled to, for all time," Andrew Anglin said in a statement sent to VICE News. "We should have a real domain online within 24 hours. If it gets shut down again, people will know we are on the black web."

An anonymous reader shares a report (condensed for space and clarity): For crate-diggers of all stripes, the internet is awesome for one reason: The crate never ends. There's always something new to find online, because people keep creating new things to throw into that crate. But that crate has a hole at the bottom. Stuff is falling out just as quickly, and pieces of history that would stick around in meatspace disappear in an instant online. So as a result, there aren't a lot of websites from 1995 that made it through to the present day. Gopher sites? Odds are low. Text files? Perhaps. The endless pace of linkrot has left books about the internet in a curious limbo -- they're dead trees about the dead-tree killer, after all. [...] Recently, I bought a book -- a reference book, the kind that you can still pick up at Barnes and Noble today. The book, titled Free $tuff From the Internet (Coriolis Group Books, 1994), promises to help you find free content online. And, crucially, it focuses less on the web, which was still quite young, than on many of the alternative protocols of the era. This book links to FTP sites, telnet servers, and Gopher destinations, and I've tried many of them in an effort to figure out whether something, anything in this book works in the present day. These FTP servers were often based at universities which have a vested interest in keeping information online for a long-term period -- think the University of North Carolina, or Kansas State University. But despite this, I could not get most of these servers to load -- they were long ago murdered by the World Wide Web.

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Monday, the well-known security researcher who became famous after helping to stop the destructive WannaCry ransomware outbreak pleaded "not guilty" to creating software that would later become banking malware. Marcus Hutchins -- better known by his online nickname MalwareTech -- was arrested in early August in Las Vegas after the hacking conference Def Con. The US government accuses Hutchins of writing software in 2014 that would later become the banking malware Kronos. After getting out on bail and traveling to Milwaukee, he stood in front a judge on Monday for his arraignment. Prosecutors also allege he helped a still unknown co-defendant market and sell Kronos. Hutchins's lawyer Brian Klein declared in a packed courtroom in Milwaukee that Hutchins was "not guilty" of six charges related to the alleged creation and distribution of malware. Hutchins will be allowed to travel to Los Angeles, where he will live while he awaits trial. He will also be represented by Marcia Hoffman, formerly of the Electronic Frontier Foundation. Under the terms of his release, Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware.

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Monday, the well-known security researcher who became famous after helping to stop the destructive WannaCry ransomware outbreak pleaded "not guilty" to creating software that would later become banking malware. Marcus Hutchins -- better known by his online nickname MalwareTech -- was arrested in early August in Las Vegas after the hacking conference Def Con. The US government accuses Hutchins of writing software in 2014 that would later become the banking malware Kronos. After getting out on bail and traveling to Milwaukee, he stood in front a judge on Monday for his arraignment. Prosecutors also allege he helped a still unknown co-defendant market and sell Kronos. Hutchins's lawyer Brian Klein declared in a packed courtroom in Milwaukee that Hutchins was "not guilty" of six charges related to the alleged creation and distribution of malware. Hutchins will be allowed to travel to Los Angeles, where he will live while he awaits trial. He will also be represented by Marcia Hoffman, formerly of the Electronic Frontier Foundation. Under the terms of his release, Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware.

An anonymous reader quotes Motherboard: If the esoteric programming language Asciidots looks like a mess, it is at least a very different-looking and even aesthetically pleasing mess. Simply, its mechanics and syntax are based on Ascii art... Asciidots is a unique sort of programming language known as a dataflow language. In this sort of language, we can imagine units of data (like our variable x) following a data go-kart track that's interrupted in different places with pit stops that change the value of the data go-kart that's following the track around. One pit stop might add 1 to the variable, while another might chop it in half. At some points, the track might even split, with the data go-kart picking one fork depending on its current value. If, say, it's greater than 2 it might go left; otherwise, it goes right...

In Asciidots, the aforementioned go-kart track is represented by lines (|,-,/,\)... Most of the other non-line symbols are mathematical operators, but there are also symbols that direct the program to request input from the user, set values, print values, and change the direction of the unit of data... Under the hood, Asciidots is a Python program. An Asciidots program is just fed into that underlying program and digested into normal Python code, which is then executed.
The article includes some examples, and argues that esoteric esolangs like Asciidots force programmers to consider fresh perspectives. And in addition, "it looks really cool."

In 1989 Mondo 2000 magazine ran an editorial promising they'd cover "the leading edge in hyperculture...the latest in human/technological interactive mutational forms as they happen." 28 years later, they're now heckling that editorial as they relaunch into a web site. Slashdot reader DevNull127 quotes Motherboard's interview with R.U. Sirius, the founder of Mondo 2000 (as well as its predecessors High Frontiers and Reality Hackers): "It was my idea to merge psychedelics and emerging technologies, and the culture around technology," Sirius said, citing Timothy Leary, writer Robert Anton Wilson and counterculture magazine The Whole Earth Catalog among his inspirations... "I kind of found my way into that particular stream of bohemian culture. It was probably a minority, but there had always been that idea of letting robots replace human work." Soon High Frontiers evolved into a glossy magazine, Reality Hackers ("Some distributors at the time thought it was about hacking people up, and put it on the shelf next to murder mystery magazines"), and later Mondo 2000, which ran from 1989 till 1998...

"We really had to work to convince people that technology was defining the future. Nobody really got it. Doug Rushkoff wrote his book Cyberia, and his first book company cancelled its publication because they said the internet was a fad and that it would be over by the time the book came out"... While he uses Facebook and Twitter, Sirius is critical of their role in colonising what was once a more democratic and open space. "People are being herded into little buildings -- or huge ones -- in what was supposed to be a wide open space in which everybody created their own sites. It's a complete corporate takeover of the net, Facebook in particular... It's definitely not what we were expecting."
Mondo 2000's new online relaunch includes audio of a conversation between William Gibson and Timothy Leary about a Neuromancer game to accompany a proposed film back in 1989. (Gibson complained "That was no interview! That was a drunken business meeting!" when first informed of the magazine's plans to publish it, though he eventually "became friendly.") There's also a 1987 discussion about mind technologies with 73-year-old William S. Burroughs (who was also "an advocate of high technology, and the 'brain machine'"), plus an unpublished John Shirley essay titled "The Next Fifty Years: Why I'm Optimistic Because Everything Will Be Terrible" and new pieces by Paul Krassner ("Alternative Facts") and M.Christian ("La Petite Mort: The Death Of Sex").

Jordan Pearson, writing for Motherboard: Satoshi Nakamoto is Bitcoin's anonymous creator and absentee head of state. In the years since she (or he, or they) disappeared into the ether and left the technology in the hands of a few high-profile developers, Nakamoto's words have become nigh-gospel for some in the Bitcoin world. On Friday, a user going by "CipherionX" on the Bitcointalk forum published five emails allegedly between Satoshi Nakamoto and former Bitcoin developer Mike Hearn. In an email to Motherboard, Hearn confirmed that he shared the emails with the user. While Hearn himself, who was one of the earliest Bitcoin developers, has previously quoted most of the juicy bits from his correspondence with Nakamoto, it appears to be the first time much of the material has been shared in full. None of the emails are included on a popular database of Nakamoto's writings collected from old emails and forum posts.

An anonymous reader quotes a report from Motherboard: A leading British global investment firm has a warning for its clients: If we keep consuming oil and gas at current rates, our planet is on course to experience a rise in global average temperatures of nearly 8 Celsius (14 Fahrenheit) by the end of the century. This would make Earth basically uninhabitable for humans. Although this is the darkest scenario we've seen so far, there's reason for cautious optimism: the new projections point out that it's unlikely investors will simply ignore this risk, meaning that our present level of fossil fuel consumption could decrease. Still, by current climate research standards, this is a pretty wild number. It is four times as high as the "safe limit" for increasing temperatures caused by climate change, internationally recognized to be around 2 Celsius (3.6 Fahrenheit) above pre-industrial levels. Schroders, the British investment firm which controls assets worth $542 billion, released this forecast as part of a range of potential scenarios in its "Climate Progress Dashboard" in late July.

Allison Tierney, reporting for Vice: An international anonymous photo-sharing site where people post explicit photos without consent is playing host to the victimization of countless women. In the Canadian section of Anon-IB alone, there are currently over a hundred threads -- often organized by region, city, or calling out for nudes of a specific woman to be posted publicly. "Hamilton hoes," "Nanaimo Thread!," and "Markham wins" are some titles of Canadian threads. (Language used on the site equates the word "win" with sexually explicit photos of women.) Many major Canadian cities are represented on the site, and some threads even focus on women from specific schools. While it's a crime to share an "intimate image" of a person without their consent in Canada, sites that host this kind of activity don't necessarily fall under this. "[In terms of organizing content], is it criminal? No. Is it illegal? No," Toronto-based lawyer Jordan Donich, of Donich Law, told VICE. "It's a newer version of an older problem -- sites like these have been around for a long time." Anon-IB is not a new site; its current domain was registered to a "private person" in 2015 and ends in an ".ru." However, the site was initially up several years before 2015, going offline briefly in 2014.

An anonymous reader writes: A hacker says he turned finding and exploiting flaws in popular MMO video games into a lucrative, full-time job. Manfred's character is standing still in the virtual world of the 2014 sci-fi online multiplayer game WildStar Online. Manfred, the real life person behind the character, is typing commands into a debugger. In a few seconds of what seems to be an extremely easy hack, Manfred's virtual currency skyrockets up to more than 18,000,000,000,000,000,000, or 18 quintillion. I'm watching this hack in a demo video recorded by Manfred as I stand next to him in a Las Vegas bar on Thursday. Manfred, who asked me not to reveal his real name, says he has been hacking several video games for 20 years, making a real-life living by using hacks like the one I just witnessed. His modus operandi has changed slightly from game to game, but, in essence, it consisted of tricking games into giving him items or currency he doesn't have a right to have. He would then sell those items and currency to other players (for real money) or wholesales them to online gray markets, such as the Internet Game Exchange, that then would sell those goods to individual players. At the current exchange rate, Manfred estimates he has $397 trillion worth of WildStar gold. This is obviously an outlandish number, but, essentially, his income was only limited by the real-life market for the in-game currency. When I spoke to Manfred ahead of his talk at the Def Con hacking conference, he said he wanted to go in, give his demo, and go out "as a ghost," never to be seen or heard from again. He said he wanted to be "invisible," just like he's been for the past two decades. He said he's found more than 100 publicly unknown vulnerabilities in more than 20 online video games, making hacking and trading virtual goods into his full time job.

Zack Whittaker, reporting for ZDNet: A security researcher who in May stopped an outbreak of the WannaCry ransomware has been arrested and detained after attending the Def Con conference in Las Vegas. Marcus Hutchins, 23, a British national, was arrested at Las Vegas airport on Wednesday by US Marshals, several close friends confirmed to ZDNet. A friend told ZDNet that he was "was pulled by Marshals at the lounge" after clearing security. He was briefly detained in a federal facility in Nevada until he was moved. "We went to see him this morning and we had already been moved," said the friend. Hutchins is now understood to be in custody at an FBI field office in the state. Motherboard first broke the story on Thursday. Update: A Motherboard reporter tweets, "Here's the indictment accusing @MalwareTechBlog of running the Kronos banking malware."
Update 2: New DOJ statement: Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as "Malwaretech," for his role in creating and distributing the Kronos banking Trojan.

schwit1 shares a report from Business Insider: On Tuesday, the Securities and Exchange Commission (SEC) said that "ICOs" (Initial Coin Offerings) can sometimes be considered securities -- and as such are subject to strict laws and regulations. For the uninitiated, ICOs are a fancy new way of fundraising enabled by digital currencies like Ethereum -- participants invest money and receive digital "tokens" in return. Thus far, it has been largely unregulated, with some ICO crowdfunding events raising hundreds of millions of dollars -- leading some observers to argue that it is a massive bubble. But the SEC's warning means that this free-for-all may not last forever.

"Going forward, according to the SEC, companies that are issuing tokens as part of an ICO (if they are considered securities) need to register with the commission," reports Motherboard. "This will force companies to comply with regulations that ask them to reveal their financial position and the identities of their management. The SEC also concluded that online exchanges where tokens are bought and traded may have to register as security exchanges."

schwit1 adds a quote from Benito Mussolini: "All within the state, nothing outside the state, nothing against the state."

An anonymous reader shares a report: A mysterious piece of malware has been infecting hundreds of Mac computers for years -- and no one noticed until a few months ago. The malware is called "FruitFly," and one of its variants, "FruitFly 2" has infected at least 400 victims over the years. FruitFly 2 is intriguing and mysterious: its goals, who's behind it, and how it infects victims, are all unknown. Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as "unique" and "intriguing." It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as "FruitFly." This first strain had researchers scratching their heads. On the surface, the malware seemed "simplistic." It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely, it went undetected since at least 2015. There was no indication of who could be behind it, and it contained "ancient" functions and "rudimentary" remote control capabilities, Malwarebytes's Thomas Reed wrote at the time.

Slashdot reader nielo tipped us off to more SoundCloud news. Motherboard reports: Last week, a group of volunteer digital preservationists known as The Archive Team announced they would be attempting to independently archive a 123.6 million track, 900-terabyte swath of SoundCloud, the popular streaming music and audio service that recently announced mass layoffs and office closures, sparking fears of an imminent closure. But just as the volunteer archive of SoundCloud was due to be getting started, it's been abruptly called off at the behest of the company... I reached out to SoundCloud for more information, and a spokesperson responded with the following written statement: "SoundCloud is dedicated to protecting the rights and content of the creators who share their work on SoundCloud. We requested the Archive Team halt their efforts as any action to take content from SoundCloud violates our Terms of Use and infringes on our users' rights... SoundCloud is not going away -- not in 50 days, not in 80 days or anytime in the foreseeable future..." But that hasn't stopped some individuals on Reddit's r/datahoarder subreddit from attempting to gather their own personal archives of as much of SoundCloud as they want and can afford to host.

Joseph Cox, reporting for Motherboard: On Thursday, US authorities announced the seizure of the largest dark web marketplace AlphaBay. Europol and Dutch police also claimed seizure of Hansa, another popular market. In their dark web investigations, law enforcement have increasingly turned to hacking tools, including the deployment of browser exploits on a mass scale. But tracking down the alleged AlphaBay administrator was much more mundane, officials said. Alexandre Cazes, who US authorities say used the handle alpha02 as administrator of the site, allegedly left his personal email in a welcome message to new AlphaBay members, according to the forfeiture complaint published on Thursday. The news echoes the arrest of Ross Ulbricht, the convicted creator of the original Silk Road, who made a similar security mistake. "In December 2016, law enforcement learned that CAZES' personal email was included in the header of AlphaBay's 'welcome email' to new users in December 2014," the complaint reads. Users received this message once they signed up to AlphaBay's forum and entered an email address. Cazes' email address -- Pimp_Alex_91@hotmail.com -- was also included in the header of the AlphaBay forum password recovery process, the complaint adds. From there, investigators found the address was linked to an Alexandre Cazes, and discovered his alleged front company, EBX Technologies.

An anonymous reader shares a report: According to a confidential document obtained by Motherboard, wireless communications lobby group CTIA took issue with an in-depth report by the Department of Homeland Security on mobile device security, including flaws with the SS7 network. In a white paper sent to members of Congress and the Department of Homeland Security, CTIA, a telecom lobbying group that represents Verizon, AT&T, and other wireless carriers, argued that "Congress and the Administration should reject the [DHS] Report's call for greater regulation" while downplaying "theoretical" security vulnerabilities in a mobile data network that hackers may be able to use to monitor phones across the globe, according to the confidential document obtained by Motherboard. However, experts strongly disagree about the threat these vulnerabilities pose, saying the flaws should be taken seriously before criminals exploit them. SS7, a network and protocol often used to route messages when a user is roaming outside their provider's coverage, is exploited by criminals and surveillance companies to track targets, intercept phone calls or sweep up text messages. In some cases, criminals have used SS7 attacks to obtain bank account two-factor authentication tokens, and last year, California Rep. Ted Lieu said that, for hackers, "the applications for this vulnerability are seemingly limitless."

New submitter Aliciadivo writes: A nasty vulnerability found in Axis security cameras could allow hackers to take full control of several types of Internet of Things devices, and in some cases, software programs, too. The Senrio research team found that devices and software programs using an open source software library called gSOAP to enable their product to communicate to the internet could be affected. Stephen Ridley, founder of Senrio, said: "I bet you all these other manufacturers have the same vulnerability throughout their product lines as well. It's a vulnerability in virtually every IoT device [...] Every kind of device you can possibly think of." A spokesperson for ONVIF, an electronics industry consortium that includes Axis and has includes some members that use gSOAP, said it has notified its members of the flaw, but it's not "up to each member to handle this in the way they best see fit." Also, gSOAP "is not in any way mandated by the ONVIF specifications, but as SOAP is the base for the ONVIF API, it is possible that ONVIF members would be affected." Hundreds of thousands of devices might be affected, as a search for the term "Axis" on Shodan, an engine that scours the internet for vulnerable devices, returns around 14,000 results. You can view Senrio Labs' video on the exploit (which they refer to as the "Devil's Ivy Exploit") here.

Some industrial software companies in the UK are "likely to have been compromised" by hackers, according to a document reportedly produced by British spy agency GCHQ. A copy of the document from the National Cyber Security Centre (NCSC) -- part of GCHQ -- was obtained by technology website Motherboard. From a report: A follow-up by the BBC indicated that the document was legitimate. There have been reports about similar cyber-attacks around the world lately. Modern, computer-based industrial control systems manage equipment in facilities such as power stations. And attacks attempting to compromise such systems had become more common recently, one security researcher said. The NCSC report specifically discusses the threat to the energy and manufacturing sectors. It also cites connections from multiple UK internet addresses to systems associated with "advanced state-sponsored hostile threat actors" as evidence of hackers targeting energy and manufacturing organisations.

An anonymous reader writes: An unknown hacker allegedly took over the website of an ethereum startup called Coindash, directing investors to send money to his or her own ethereum digital wallet, instead of the one controlled by Coindash. While Coindash noticed the hack almost immediately, the damage was done, and the hacker amassed more than $7 million in stolen cryptocurrency.

If you are one of the almost half a billion people who at some point used to be on Myspace, the hottest social network of the early 2000s, you should know that almost anyone can hack into your account. From a report: Myspace offers a mechanism to recover an account for people who have lost access to their old associated email address. A security researcher has discovered that it's relatively easy to abuse this mechanism to hack into anyone's account. All a wannabe hacker needs is the target's full name, username, and date of birth. Security researcher Leigh-Anne Galloway disclosed the vulnerability on Monday. She says she informed Myspace about the vulnerability almost three months ago and the site hasn't acknowledged or fixed it.

Long-time Slashdot reader Paul Fernhout writes: Archive.org has made available 355 issues of Galaxy Magazine for free access. Galaxy Science Fiction was an American digest-size science fiction magazine, published from 1950 to 1980 with stories from many sci-fi greats [including Harlan Ellison, Ray Bradbury, and Robert Heinlein]. At its peak, Galaxy greatly influenced the science fiction field. See also Open Culture and The Verge for more about the history of a magazine that help shape the imaginations of a generation of techies..
Meanwhile, Archive.org's Jason Scott -- who also founded textfiles.com -- says his own group of preservationists "plans large scale backing up of Soundcloud soon" -- or at least part of it. A placeholder page already informs visitors that "We are currently working on getting all the API data... We also are writing the scripts to get a good grab of everything we can." Scott told Motherboard Saturday "Our main concern is artists and creators suddenly finding their stuff gone, and making it so it's not in oblivion."

An anonymous reader quotes a report from Motherboard: If access to Prime is reduced, or in some cases, cut off, it can leave many remote towns in the lurch. One dozen five-gallon barrels of hydraulic oil. A 2x4x8 of lumber. A pallet's worth of 10-ply, heavy-duty truck tires. These are just a few of the heavy, cumbersome orders one Redditor on the Alaska subreddit claimed to have ordered from Amazon Prime, with free shipping, before users started to notice difficulty finding eligible products. For many remote and rural communities in the U.S. and Canada, the arrival of Amazon Prime, with its low prices and free, expedient shipping was a boon. Hard-to-get or expensive products were now accessible, and reasonably priced to boot. For the cost of a membership (which now runs $99 per year), residents were able to get deals on everything from food to diapers to truck tires. But sometimes when something seems too good to be true, it is. Prime has proven to be a bit of a double-edged sword for many of these communities. Residents become dependent on Prime as local retailers struggle to compete. If access to Prime is reduced, or in some cases, cut off, it can leave many remote towns in the lurch.

An anonymous reader quotes a report from VICE News: Pornhub, the world's biggest porn site, now requires users in Russia to log in using social media accounts linked to their passports and cell phones. Monday's change is the latest chapter of an ongoing feud between Pornhub and the Russian government. The site was blocked in Russia last September for allegedly spreading information detrimental to the development of children, then reinstated in April after instituting a requirement that users specify their age. At the time, Pornhub asked the Russian state media regulation agency whether officials there would lift the ban if they were given free Pornhub Premium accounts. Pornhub announced the change on its own Vkontakte page page by saying "now you can simply log in through your favorite social network" instead of filling in your date of birth. But the government policy that Pornhub says prompted the change presumably wasn't aimed at making it easier for Russians to watch porn. Instead, it may be a means of surveillance; to open a Vkontakte account, users need to enter their cell phone numbers. And to legally purchase a SIM card in Russia, you need to disclose your passport information. "While this exact method is not a condition [from the Russian government], we found this is the best solution for our users to comply with Russian access laws," Pornhub Vice President Corey Price said. "Also to be clear, Pornhub does not log or store any of your personal information, this is just a check to see if users are over 18. On [Vkontakte's] end, all they will see is see the request from that user, they will not know what that user browsed on Pornhub."

An anonymous reader shares a Motherboard report: Basic decade-old encryption technology is finally coming to Pentagon email servers next year. For years, major online email providers such as Google and Microsoft have used encryption to protect your emails as they travel across the internet. That technology, technically known as STARTTLS, isn't a cutting edge development -- it's been around since 2002. But since that time the Pentagon never implemented it. As a Motherboard investigation revealed in 2015, the lack of encryption potentially left some soldiers' emails open to being intercepted by enemies as they travel across the internet. The US military uses its own internal service, mail.mil, which is hosted on the cloud for 4.5 million users. But now the Defense Information Systems Agency or DISA, the Pentagon's branch that oversees email, says it will finally start using STARTTLS within the year, according to a letter from DISA. DISA's promise comes months after Senator Ron Wyden (D-Oregon) said he was concerned that the agency wasn't taking advantage of "a basic, widely used, easily-enabled cybersecurity technology."

An anonymous reader shares a Motherboard report: Basic decade-old encryption technology is finally coming to Pentagon email servers next year. For years, major online email providers such as Google and Microsoft have used encryption to protect your emails as they travel across the internet. That technology, technically known as STARTTLS, isn't a cutting edge development -- it's been around since 2002. But since that time the Pentagon never implemented it. As a Motherboard investigation revealed in 2015, the lack of encryption potentially left some soldiers' emails open to being intercepted by enemies as they travel across the internet. The US military uses its own internal service, mail.mil, which is hosted on the cloud for 4.5 million users. But now the Defense Information Systems Agency or DISA, the Pentagon's branch that oversees email, says it will finally start using STARTTLS within the year, according to a letter from DISA. DISA's promise comes months after Senator Ron Wyden (D-Oregon) said he was concerned that the agency wasn't taking advantage of "a basic, widely used, easily-enabled cybersecurity technology."

An anonymous reader writes: Last year, Apple launched a long-awaited bug bounty program to reward friendly hackers who report flaws in the iPhone to the company. Despite inviting some of the best hackers in the world to join, it's a bit of a flop so far. The iPhone's security is so tight that it's hard to find any flaws at all, which leads to sky-high prices for bugs on the grey market. Researchers I spoke to are reluctant to report bugs both because they are so valuable and because reporting some bugs may actually prevent them from doing more research. "People can get more cash if they sell their bugs to others," said Nikias Bassen, a security researcher for the company Zimperium, and who joined Apple's program last year. "If you're just doing it for the money, you're not going to give [bugs] to Apple directly." Patrick Wardle, a former NSA hacker who now specializes in MacOS research and was invited to the Apple bug bounty program, agreed. He said that iOS bugs are "too valuable to report to Apple."

An anonymous reader quotes a report from The Verge: The group responsible for last week's globe-spanning ransomware attack has made their first public statement. Motherboard first spotted the post, which was left on the Tor-only announcement service DeepPaste. In the message, the Petya authors offer the private encryption key used in the attack in exchange for 100 bitcoin, the equivalent of over $250,000 at current rates. Crucially, the message includes a file signed with Petya's private key, which is strong evidence that the message came from the group responsible for Petya. More specifically, it proves that whoever left the message has the necessary private key to decrypt individual files infected by the virus. Because the virus deleted certain boot-level files, it's impossible to entirely recover infected systems, but individual files can still be recovered. The message also included a link to a chat room where the malware authors discussed the offer, although the room has since been deactivated.

From a Motherboard article: Jailbreaking is the art of hacking into Apple's ultra-secure iOS operating system and unlocking it -- and thus allowing users to customize the phone, and write or install any software unimpeded by Apple's restrictions. At the time I met with Todesco (a person who offered jailbreaking service), in December 2016, there was no known jailbreak (for the iPhone 7) -- no public knowledge of this hack -- for the latest iOS version that was installed on my iPhone (iOS 10.2). The world's first jailbreaking step-by-step procedure, discovered in 2007, was posted online for all to see. Subsequent jailbreaks were used by millions of people. At one point, there was even a website -- called jailbreakme.com -- that was free for all to use and jailbroke your phone simply by visiting it. [...] Ten years after the iPhone hit the sleek tables of Apple Stores worldwide, and the first-ever jailbreak, that Wild West is gone. There's now a professionalized, multi-million dollar industry of iPhone security research. It's a world where jailbreaking itself -- at least jailbreaking as we've come to know it -- might be over.

Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files. [...] The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key." This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately -- and blocked the account straight away.

A massive cyber attack has disrupted businesses and services in Ukraine on Tuesday, bringing down the government's website and sparking officials to warn that airline flights to and from the country's capital city Kiev could face delays. Motherboard reports that the ransomware is quickly spreading across the world. From a report: A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack on Tuesday that disrupted some operations (a non-paywalled source), the Ukrainian central bank said. The latest disruptions follow a spate of hacking attempts on state websites in late-2016 and repeated attacks on Ukraine's power grid that prompted security chiefs to call for improved cyber defences. The central bank said an "unknown virus" was to blame for the latest attacks, but did not give further details or say which banks and firms had been affected. "As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations," the central bank said in a statement. BBC reports that Ukraine's aircraft manufacturer Antonov, two postal services, Russian oil producer Rosneft and Danish shipping company Maersk are also facing "disruption, including its offices in the UK and Ireland."

According to local media reports, the "unknown virus" cited above is a ransomware strain known as Petya.A. Here's how Petya encrypts files on a system (video). News outlet Motherboard reports that Petya has hit targets in Spain, France, Ukraine, Russia, and other countries as well. From the report: "We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat. Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin. "If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."

Jason Koebler writes: A group of physicists at the University of Nebraska-Lincoln's Extreme Light Laboratory announced Monday that they have created the brightest light ever produced on Earth using Diocles, one of the most powerful lasers in the United States. When this high intensity laser pulse, which is one billion times brighter than the surface of the sun, strikes the electron, it causes it to behave differently. By firing this laser at individual electrons, the researchers found that past a certain threshold, the brightness of light will actually change an object's appearance rather than simply making it brighter. The x-rays that are produced in this fashion have an extremely high amount of energy, and Umstadter and his colleagues think this could end up being applied in a number of ways. For starters, it could allow doctors to produce x-ray medical images on the nanoscale, which would allow them to detect tumors and other anomalies that regular x-rays might have missed. Moreover, it could also be used for more sophisticated x-ray scanning at airports and other security checkpoints.

An anonymous reader quotes a report from Motherboard: In one of the biggest wins for the right to repair movement yet, the U.S. Copyright Office suggested Thursday that the U.S. government should take actions to make it legal to repair anything you own, forever -- even if it requires hacking into the product's software. Manufacturers -- including John Deere, Ford, various printer companies, and a host of consumer electronics companies -- have argued that it should be illegal to bypass the software locks that they put into their products, claiming that such circumvention violated copyright law. Thursday, the U.S. Copyright Office said it's tired of having to deal with the same issues every three years; it should be legal to repair the things you buy -- everything you buy -- forever. "The growing demand for relief under section 1201 has coincided with a general understanding that bona fide repair and maintenance activities are typically non infringing," the report stated. "Repair activities are often protected from infringement claims by multiple copyright law provisions." "The Office recommends against limiting an exemption to specific technologies or devices, such as motor vehicles, as any statutory language would likely be soon outpaced by technology," it continued.

An anonymous reader shares a Motherboard article: If you were youngish in the early 2000s, you probably remember this phenomenon -- calling a friend's cell phone, and instead of hearing the the standard ring, you heard a pop song. Called ringback tones, this digital music fad allowed cell phone owners to subject callers to their own musical preference. Ringback tones were incredibly trendy in the early and mid-2000's, but have since tapered off nearly to oblivion. Though almost nobody is buying ringbacks anymore, plenty of people still have them from back in the day. [...] In the process of writing this story, I heard from several people that they or someone they knew still had a ringback tone, in large part because they have had it for years, and don't know how to get rid of it.

Facial recognition systems will be coming to U.S. airports in the very near future. "Customs and Border Protection first started testing facial recognition systems at Dulles Airport in 2015, then expanded the tests to New York's JFK Airport last year," reports The Verge. "Now, a new project is poised to bring those same systems to every international airport in America." From the report: Called Biometric Exit, the project would use facial matching systems to identify every visa holder as they leave the country. Passengers would have their photos taken immediately before boarding, to be matched with the passport-style photos provided with the visa application. If there's no match in the system, it could be evidence that the visitor entered the country illegally. The system is currently being tested on a single flight from Atlanta to Tokyo, but after being expedited by the Trump administration, it's expected to expand to more airports this summer, eventually rolling out to every international flight and border crossing in the U.S. U.S. Customs and Border Protection's Larry Panetta, who took over the airport portion of the project in February, explained the advantages of facial recognition at the Border Security Expo last week. "Facial recognition is the path forward we're working on," Panetta said at the conference. "We currently have everyone's photo, so we don't need to do any sort of enrollment. We have access to the Department of State records so we have photos of U.S. Citizens, we have visa photos, we have photos of people when they cross into the U.S. and their biometrics are captured into [DHS biometric database] IDENT."

An anonymous reader quotes a report from Gizmodo: In a unanimous decision today, the Supreme Court struck down a North Carolina law that prevents sex offenders from posting on social media where children might be present, saying it "impermissibly restricts lawful speech." In doing so, the Supreme Court asserted what we all know to be true: Posting is essential to the survival of the republic. The court ruled that to "foreclose access to social media altogether is to prevent the user from engaging in the legitimate exercise of First Amendment rights." The court correctly noted that "one of the most important places to exchange views is cyberspace." The North Carolina law was ruled to be overly broad, barring "access to what for many are the principal sources for knowing current events, checking ads for employment, speaking and listening in the modern public square, and otherwise exploring the vast realms of human thought and knowledge."

The executive director of Repair.org says Apple has "decided to be nicer to consumers in order to stop them from demanding their right to repair," according to Motherboard. Slashdot reader Jason Koebler shared this article: It's increasingly looking like Apple can no longer ignore the repair insurgency that's been brewing: The right to repair movement is winning, and Apple's behavior is changing. In the last few months, Apple has made political, design, and customer service decisions that suggest the right to repair movement is having a real impact on the company's operations...

Apple has repeatedly made small concessions to its customers on the issues that Repair.org and the larger repair community have decided to highlight. The question is whether these concessions are going to be enough to satiate customers who want their devices to be easily repairable and upgradable, and whether the right to repair movement can convince those people to continue demanding fair treatment.
The article notes that at least 12 U.S. states are still considering "fair repair" laws, which would force Apple to sell replacement parts to both independent repair shops and the general public.

The executive director of Repair.org says Apple has "decided to be nicer to consumers in order to stop them from demanding their right to repair," according to Motherboard. Slashdot reader Jason Koebler shared this article: It's increasingly looking like Apple can no longer ignore the repair insurgency that's been brewing: The right to repair movement is winning, and Apple's behavior is changing. In the last few months, Apple has made political, design, and customer service decisions that suggest the right to repair movement is having a real impact on the company's operations...

Apple has repeatedly made small concessions to its customers on the issues that Repair.org and the larger repair community have decided to highlight. The question is whether these concessions are going to be enough to satiate customers who want their devices to be easily repairable and upgradable, and whether the right to repair movement can convince those people to continue demanding fair treatment.
The article notes that at least 12 U.S. states are still considering "fair repair" laws, which would force Apple to sell replacement parts to both independent repair shops and the general public.

An anonymous reader quotes a report from Motherboard: Microsoft's latest Surface Laptop may have earned glowing reviews from certain sections of the tech press, but don't tell that to iFixit. The company, which provides repair tools and manuals for popular gadgets like the iPhone and PlayStation, has handed the Surface Laptop a score of 0 out of 10 in terms of user repairability, stating definitively that the laptop "is not meant to be opened or repaired; you can't get inside without inflicting a lot of damage." iFixit's detailed teardown illustrates just how difficult it is to open the Surface. For starters, there are no screws, proprietary or otherwise, on the outside of the laptop. Instead, the laptop is literally welded together using a type of "plastic soldering" that is rare to see in consumer electronics. Anyone hoping to get inside the "beautifully designed and crafted" computer will have to pry it open with a knife or dedicated pick in order to defeat Microsoft's plastic welding. Whether or not it's actually worth going through the trouble of defeating said welding is another matter, given that the "glue-filled monstrosity," as iFixit dubs the laptop, has none of the user-upgradeable parts you'd want to see in a PC, like memory or storage.

"It literally can't be opened without destroying it," the repair company concludes. "If we could give it a -1 out of 10, we would," iFixit said in an emailed statement on Friday. "It's a Russian nesting doll from hell with everything hidden under adhesive and plastic spot welds. It is physically impossible to nondestructively open this device."

After a few months of wishy-washy statements on net neutrality indicating that the company had largely given up on it, Netflix is changing course. From a report: On July 12, the video streaming company will join Amazon, Reddit, Pornhub, Imgur, and more to incorporate slowed-down or disrupted service to raise awareness for the importance of strong net neutrality guidelines, giving visitors to its site a taste of what a future without a free and open internet could look like. The protest, organized by Fight for the Future, freepress, and Demand Progress, takes place five days before the first deadline for comments on the FCC's proposal to roll back net neutrality protections. The change in heart comes days after Netflix CEO Reed Hastings said, "[Net neutrality is] not narrowly important to us because we're big enough to get the deals we want."

An anonymous reader writes: Samsung cellphones used to have a stock app called S Suggest. The company apparently discontinued the app recently, and then forgot to renew a domain that was used to control it. This snafu left millions of smartphone users vulnerable to hackers who could've registered the domain and installed malicious apps on the phones.

A software engineer in North Carolina has created a new plugin that lets website administrators monitor when someone accesses their site from an IP address associated with the federal government. It was created in part to protest a measure signed by President Trump in April that allows internet service providers to sell sensitive information about your online habits without needing your consent. Motherboard reports: A new tool created by Matt Feld, the founder of several nonprofits including Speak Together, could help the public get a sense of what elected officials are up to online. Feld, a software engineer working in North Carolina, created Speak Together to share "technical projects that could be used to reduce the opaqueness between government and people," he told Motherboard over the phone. "It was born out of just me trying to get involved and finding the process to be confusing." The tool lets website administrators track whether members of Congress, the Senate, White House staff, or Federal Communications Commission (FCC) staff are looking at their site. If you use Feld's plug-in, you'll be able to see whether someone inside government is reading your blog. You won't be able to tell if President Trump viewed a web page, but you will be able to see that it was someone using an IP address associated with the White House. The tool works similarly to existing projects like CongressEdits, an automated Twitter account that tweets whenever a Wikipedia page is edited from IP addresses associated with Congress.

An anonymous reader shares a report: The rarest pepe is one found on the iOS App Store, and now we know why: Apple has categorized the meme frog as "objectionable content" and has rejected an app called Pepe Scream, Motherboard confirmed. "Your app contains images and references of Pepe the Frog, which are considered objectionable content," an Apple App Review Board employee named Nicole wrote in a rejection notice to Spirit Realm Games, the developer of Pepe Scream. "It would be appropriate to remove the references and revise the images in your app." MrSnrhms, a developer for Spirit Realm Games, gave Motherboard temporary access to the team's iOS developer account, which showed that Apple did indeed reject the app because it contains Pepe, a cartoon frog that has been increasingly associated with the alt-right. Also read: Pepe the Frog Is Dead.

An anonymous reader writes: It's been very windy across Europe this week. So much so, in fact, that the high wind load on onshore and offshore wind turbines across much of the continent has helped set new wind power records. For starters, renewables generated more than half of Britain's energy demand on Wednesday -- for the first time ever. In fact, with offshore wind supplying 10 percent of the total demand, energy prices were knocked into the negative for the longest period on record. The UK is home to the world's biggest wind farm, and the largest wind turbines, so it's no surprise that this was an important factor in the country's energy mix. "Negative prices aren't frequently observed," Joel Meggelaars, who works at renewable energy trade body WindEurope, told Motherboard over the phone. "It means a high supply and low demand."

An anonymous reader shares an excerpt from a report via Motherboard: Mobile phone forensic extraction devices have been a law enforcement tool for years now, and the number of agencies using them is only rising. As part of an ongoing investigation, we have finally been able to turn up some usage logs of this equipment, from Tulsa Police Department, and Tucson Police Department. While the logs do not list the cause of the crime or any other notes about why the phone was being searched, it does list the make of the phone, the date, and the type of extraction. First, let's go over what extraction devices are being used here. Tucson PD opted for the brand that is arguably the worldwide leader in mobile device forensics, the Israeli company Cellebrite. Tulsa Police Department however opted for a few different models -- they purchased two different password breakers from Teel Technologies in 2015, and in March 2016 gave about $1,500 to Susteen for their SecureView extraction device (SecureView was the product Susteen created when the FBI requested they create a more advanced extraction device for them). It does its work instantly, and has an incredible reach into a phone's data. They renewed this contract in 2017. In August 2016 they also purchased the Detective extraction device from Oxygen Forensics. Oxygen is much less common than Cellebrite, from what we have found. The kicker really is how often these are being used -- it is simply really hard to believe that out of the 783 times Tulsa Police used their extraction devices, all were for crimes in which it was necessary to look at all of the phone's data. Even for the 316 times Tucson PD used theirs in the last year, it is still a real stretch to think that some low-level non-violent offenders weren't on the receiving end. There are some days where the devices were used multiple times -- Tulsa used theirs eight times on February 28th of this year, eight again on April 3rd, and a whopping 14 times on May 10th 2016. That is a whole lot of data that Tulsa was able to tap into, and we aren't even able to understand the why.