Slashdot Mirror

Romanian hacker "Guccifer" who targeted high-profile US politicians has been sentenced for 52 months in prison. Guccifer, whose real name is Marcel Lazar, pleaded guilty in May on charges of aggravated identity theft and unauthorized access of a computer. Lazar targeted former Secretary of State Colin Powell and the Bush family and was arrested on hacking charges in Romania in 2014 and was sentenced four years. He was extradited to the U.S. to face charges in March 2016. Reuters adds: Lazar has said in interviews he breached Clinton's private server at her home in Chappaqua, New York, but law enforcement and national security officials say that claim is meritless. Lazar is believed to have hacked into email accounts of about 100 victims between 2012 and 2014. They include prominent political figures such as former Secretary of State Colin Powell, a relative of former President George W. Bush and Sidney Blumenthal, a former Clinton White House aide and an unofficial adviser to Clinton. Clinton is now the Democratic nominee for president. Lazar leaked online memos Blumenthal sent Clinton that were addressed to her private email account, which was used during her time as secretary of state to conduct both personal and work business in lieu of a government account.

Earlier this week, Apple was ordered to pay a record sum of 13 billion euros plus interest after the EU said Ireland illegally slashed the iPhone make's tax bill. At the time, Tim Cook found the accusations "baseless." In a new interview, he had more things to say:A war of words has erupted between Europe's competition chief and Apple CEO Tim Cook after Ireland was ordered to reclaim $14.5 billion in back taxes from the company. Cook, in an interview with the Irish Independent, labelled Brussels' competition chief Margrethe Vestager's decision as "total political crap." He claimed Ireland was being "picked on" and that he hoped to see the Irish government launch an appeal against the ruling. Vestager refuted that claim when quizzed by reporters on Thursday. "This is a decision based on the facts of the case. The figures that we used in our decision are the figures that we got from Apple themselves," she said. "There are very, very few figures in the public domain. More transparency would be a good thing, for example, a country by country reporting. If it was up to me, the non-confidential version of the decision would have been published yesterday, because that is another way of enabling everyone to see what we have decided and on what basis we have made this decision. Right now the ball is in the hands of Apple and Ireland."

Fortune reports that the "yawning gap in tech skills" has resulted in a surprising shift in supply and demand in the software industry. And in many companies now, a growing trend of developer jobs being given to non-developers can be seen. From the article: That's because a relatively new technology, known as low-code or no-code platforms, is now doing a big chunk of the work that high-priced human talent used to do. Low-code platforms are designed so that people with little or no coding or software engineering background -- known in the business as "citizen developers" -- can create apps, both for use in-house and for clients. Not surprisingly, the low-code platform industry, made up of about 40 small companies (so far), is growing like crazy. A recent Forrester Research report put its total revenues at about $1.7 billion in 2015, a figure that's projected to balloon to $15 billion in the next four years. Low-code-platform providers, notes Forrester, are typically seeing sales increases in excess of 50% a year.The report cites QuickBase, a company whose low-code platforms are used by half of the Fortune 500 companies, as an example. Its CEO Allison Mnookin says that almost any employee can now do most or all of the same work that developers used to do. Mnookin adds that there's a big advantage in this. "Opening an app's development to the non-techies who need the app removes misunderstandings between the IT department and other employees about what the end user needs."

An anonymous reader quotes a report from Reuters: The European Commission will rule against Ireland's tax dealings with Apple on Tuesday, two source familiar with the decision told Reuters, one of whom said Dublin would be told to recoup over 1 billion euros in back taxes. The European Commission accused Ireland in 2014 of dodging international tax rules by letting Apple shelter profits worth tens of billions of dollars from tax collectors in return for maintaining jobs. Apple and Ireland rejected the accusation; both have said they will appeal any adverse ruling. The source said the Commission will recommend a figure in back taxes that it expects to be collected, but it will be up to Irish authorities to calculate exactly what is owed. A bill in excess of 1 billion euros ($1.12 billion) would be far more than the 30 million euros each the European Commission previously ordered Dutch authorities to recover from U.S. coffee chain Starbucks and Luxembourg from Fiat Chrysler for their tax deals. When it opened the Apple investigation in 2014, the Commission told the Irish government that tax rulings it agreed in 1991 and 2007 with the iPhone maker amounted to state aid and might have broken EU laws. The Commission said the rulings were "reverse engineered" to ensure that Apple had a minimal Irish bill and that minutes of meetings between Apple representatives and Irish tax officials showed the company's tax treatment had been "motivated by employment considerations."

An anonymous reader writes from a report via Gizmodo: "Two Harvard undergraduates have created a service called Legalist that uses what they call 'data-backed litigation financing,' analyzing civil lawsuits with an algorithm to predict case outcomes and determine which civil lawsuits are worth investing in," reports Gizmodo. The process is very similar to what billionaire Peter Thiel did when he secretly funded a lawsuit from Hulk Hogan against Gawker Media. "Legalist says it uses an algorithm of 58 different variables including, as [Legalist cofounder] Eva Shang told the Silicon Valley Business Journal, who the presiding judge is and the number of cases the judge is currently working on. The algorithm has been fed cases dating back to 1989 and helps people figure out how long a case will last and the risks associated with it. In a presentation at Y Combinator's Demo Day on Tuesday [Legalist was developed as part of Y Combinator's Summer 2016 class], the founders claimed that the startup funded one lawsuit for $75,000 and expects a return of more than $1 million. Shang says the $1.40 is earned for every $1 spent in litigation financing, which can prove to be a profitable enterprise when you're spending hundreds of thousands of dollars." Shang told Business Insider in reference to the Gawker lawsuit, "That's the kind of thing we're staying away from here." The company will supposedly be focusing on commercial and small-business lawsuits, and will not be backing lawsuits by individuals.

blottsie quotes a report from the Daily Dot: Over a four-year period, the FBI authorized informants to break the law more than 22,800 times, according to newly reviewed documents. Official records obtained by the Daily Dot under the Freedom of Information Act show the Federal Bureau of Investigation gave informants permission at least 5,649 times in 2013 to engage in activity that would otherwise be considered a crime. In 2014, authorization was given 5,577 times, the records show. USA Today previously revealed confidential informants engaged in "otherwise illegal activity," as the bureau calls it, 5,658 times in 2011. The figure was at 5,939 the year before, according to documents acquired by the Huffington Post. In total, records obtained by reporters confirm the FBI authorized at least 22,823 crimes between 2011 and 2014. Unfortunately, many of those crimes can have serious and unintended consequences. One of the examples mentioned in the Daily Dot's report was of an FBI informant who "was responsible for facilitating the 2011 breach of Stratfor in one of the most high-profile cyberattacks of the last decade. While a handful of informants ultimately brought down the principal hacker responsible, the sting also caused Stratfor, an American intelligence firm, millions of dollars in damages and left and estimated 700,000 credit card holders vulnerable to fraud."

The Anniversary Update which Microsoft rolled out to Windows 10 users earlier this month has broken millions of webcams, the company said on Friday. The problem is that after installing the update, the company added, Windows no longer allows USB webcams to use MJPEG or H264 encoding processes, and only supports YUY2 encoding. Microsoft says it introduced the changes to prevent an issue that was resulting in duplication of encoding the stream (poor performance). If you're facing the issue, there's a workaround (via Thurrott.com): Rafael has figured out a workaround that should hopefully stop the freezing issue; if you are comfortable tweaking the registry, make this change. HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows Media Foundation\Platform, add DWORD "EnableFrameServerMode" and set to 0

Bloomberg reported on Thursday about Uber's plan to bring its first fleet of self-driving cars to Pittsburgh as soon as this month, a move that has since been confirmed by the cab-hailing company. Amid the announcement, Uber drivers are disappointed at Uber, wondering what the future of the company lies for them. The Guardian reports:"Wo-o-o-o-w," 60-year old Uber driver Cynthia Ingram said. "We all knew it was coming. I just didn't expect it this soon." For Ingram, autonomous Ubers are an unwelcome threat to her livelihood. "I kind of figured it would be a couple more years down the line before it was really implemented and I'll be retired by then," she said. A paralegal with 30 years experience, Ingram began driving for Uber and Lyft in June 2015 when she lost her job. She said that she loves driving for Uber, though she has struggled to make ends meet. Rob Judge, 41, was also concerned with the announcement. "It feels like we're just rentals. We're kind of like placeholders until the technology comes out." A longtime customer service representative, Judge began driving for Uber three months ago to make money while he looks for other work. "For me personally, this isn't a long term stop," he added. "But for a lot of other people that I've connected with, this is their only means."

A new study using satellite images and machine learning plans to map poverty from space in an effort to "fix the world's problems." Satellite imagery can be less dangerous, slow and expensive than gathering the data on the ground. BBC reports: "A team from Stanford University were able to train a computer system to identify impoverished areas from satellite and survey data in five African countries. The latest study looked at daylight images that capture features such as paved roads and metal roofs -- markers that can help distinguish different levels of economic wellbeing in developing countries. They then used a sophisticated computer model to categorize the various indicators in daytime satellite images of Nigeria, Tanzania, Uganda, Rwanda and Malawi. 'If you give a computer enough data it can figure out what to look for. We trained a computer model to find things in imagery that are predictive of poverty,' said Dr Burke. 'It finds things like roads, like urban areas, like farmland, it finds waterways -- those are things we recognize. It also finds things we don't recognize. It finds patterns in imagery that to you or I don't really look like anything... but it's something the computer has figured out is predictive of where poor people are.' The researchers used imagery from countries for which survey data were available to validate the computer model's findings." The results of the study are published in the journal Science.

An anonymous reader writes from a report via The Daily Dot: Onion's Omega2 computer may give the Raspberry Pi a run for its money if the success of the Kickstarter campaign is any indication. The Daily Dot reports: "With an initial goal of just $15,000, over 11,560 backers have pledged the company $446,792 in hopes of getting their hands on this little wonder board. So why are thousands of people losing their minds? Simple; the Omega2 packs a ton of power into a $5 package. Billed as the world's smallest Linux server, complete with built-in Wi-Fi, the Omega2 is perfect for building simple computers or the web connected project of your dreams. The tiny machine is roughly the size of a cherry, before expansions, and runs a full Linux operating system. For $5 you get a 580MHz CPU, 64MB memory, 16MB storage, built-in Wi-Fi and a USB 2.0 port. A $9 model is also available with 128MB of memory, 32MB of storage, and a MircoSD slot. The similarly priced Raspberry Pi Zero comes with a 1GHz Arm processor, 512MB of memory, a MicroSD slot, no onboard storage, and no built-in Wi-Fi. Omega2 supports the Ruby, C++, Python, PHP, Perl, JavaScript (Node.js), and Bash programming languages, so no matter your background in coding you should be able to figure something out." You can also add Bluetooth, GPS, and 2G/3G support via add-ons or expansions. It looks promising, though it is a Kickstarter campaign and the product may not come into fruition.

msm1267 writes from a report via Threatpost: A Windows UAC bypass has been publicly disclosed that not only bypasses the security feature meant to prevent unauthorized installs, but can be used to run code on compromised machines without leaving a trace on the hard disk. The bypass relies on Event Viewer (eventvwr.exe), a native Windows feature used to view event logs locally or remotely. Researcher Matt Nelson said he figured out a way to use eventvwr to hijack a registry process, start Powershell and execute commands on Windows machines; he collaborated with fellow researcher Matt Graeber on a proof-of-concept exploit, which was tested against Windows 7 and 10. A report published today by Nelson said it would work against any version of the OS that implements UAC. An attacker would already need to be on the machine to use this technique, Nelson said. The attack allows an admin user to execute code in a high-integrity context without requiring the user to approve the administrative action via the UAC pop-up. Microsoft, the researcher said, does not consider UAC bypasses a security boundary worthy of a bulletin and patch. It's unclear how Microsoft will address this issue.

Long-time Slashdot reader Lauren Weinstein writes: I'm told that Social Security Administration has now removed the mandatory cell phone access requirement that was strongly criticized... I appreciate that SSA has done the right thing in this case. Perhaps in the future they'll think these things through better ahead of time!
The web site now describes the "extra security" of two-factor cellphone authentication as entirely optional -- but security researcher Brian Krebs had also warned that the bigger risk was how easy it was to impersonate somebody else when creating an account online. He wrote Thursday that now "the SSA is mailing letters if you sign up online, but they don't take that opportunity to deliver a special code to securely complete the sign up. Go figure."

"The world's next energy revolution is probably no more than five or ten years away," reports The Telegraph. "Cutting-edge research into cheap and clean forms of electricity storage is moving so fast that we may never again need to build 20th Century power plants in this country..." Slashdot reader mdsolar quotes their article: The US Energy Department is funding 75 projects developing electricity storage, mobilizing teams of scientists at Harvard, MIT, Stanford, and the elite Lawrence Livermore and Oak Ridge labs in a bid for what it calls the "Holy Grail" of energy policy. You can track what they are doing at the Advanced Research Projects Agency-Energy (ARPA-E). There are plans for hydrogen bromide, or zinc-air batteries, or storage in molten glass, or next-generation flywheels, many claiming "drastic improvements" that can slash storage costs by 80pc to 90pc and reach the magical figure of $100 per kilowatt hour in relatively short order.

"Storage is a huge deal," says Ernest Moniz, the U,S. Energy Secretary and himself a nuclear physicist. He is now confident that the U.S. grid and power system will be completely "decarbonized" by the middle of the century.
One energy consultant predicts the energy storage market will be worth $90 billion in 2025 -- 100 times larger than it is today.

schwit1 quotes a report from Space.com: A powerful solar storm nearly heated the Cold War up catastrophically a half century ago, a new study suggests. The U.S. Air Force began preparing for war on May 23, 1967, thinking that the Soviet Union had jammed a set of American surveillance radars. But military space-weather forecasters intervened in time, telling top officials that a powerful sun eruption was to blame, according to the study. "Had it not been for the fact that we had invested very early on in solar and geomagnetic storm observations and forecasting, the impact [of the storm] likely would have been much greater," Delores Knipp, a space physicist at the University of Colorado Boulder and the study's lead author, said in a statement. "This was a lesson learned in how important it is to be prepared." Initially, it was assumed that the Soviet Union was to blame. Since radar jamming is considered an act of war, "commanders quickly began preparing nuclear-weapon-equipped aircraft for launch." Spoiler: Solar forecasters at the North American Aerospace Defense Command (NORAD) figured out it was a flare that caused the outages, not the Soviets. You can read the abstract of the paper for free here.

In a world where thermostats, and smart locks can be hacked, and companies covertly record information, why should sex toys remain unaffected. Fusion is reporting that the We-Vibe 4 Plus, a popular vibrator sends a range of intimate data to its manufacturer. The sex toy uses a smartphone app, which lets a use control the vibration among other things. From the report: When the device is in use, the We-Vibe 4 Plus uses its internet connectivity to regularly send information back to its manufacturer, Standard Innovations Corporation. It sends the device's temperature every minute, and lets the manufacturer know each time a user changes the device's vibration level. The company could easily figure out some seriously intimate personal information like when you get off, how long it takes, and with what combinations of vibes. This was revealed on Friday at hacker conference Defcon in Las Vegas by two security researchers, who wish to be called only by their handles @gOldfisk and @rancidbacon. The two examined the app's code and the information being sent by the device over Bluetooth. In a statement sent by email, Standard Innovation Corporation's president Frank Ferrari confirmed that the company collects this information. [...]

An anonymous reader writes: London's Met Police has missed its deadline for abandoning the out-of-date operating system Windows XP, as findings reveal 27,000 computers still run on the software two years after official support ended. Microsoft stopped issuing updates and patches for Windows XP in Spring 2014, meaning that any new bugs and flaws in the operating system are left open to attack. A particularly risky status for the UK capital's police force – itself running operations against hacking and other cybercrime activity. The figures were disclosed by Conservative politician Andrew Boff. The Greater London Assembly member said: 'The Met should have stopped using Windows XP in 2014 when extended support ended, and to hear that 27,000 computers are still using it is worrying.' As in similar cases across civil departments, the core problem is bespoke system development, and the costs and time associated with integrating a new OS with customized systems.

It turns out, the majority of Bluetooth smart locks you see on the market can easily be hacked and opened by unauthorized users. The news comes from DEF CON hacker conference in Las Vegas, where security researchers revealed the vulnerability, adding that concerned OEMs are doing little to nothing to patch the hole. Tom's Guide reports: Researcher Anthony Rose, an electrical engineer, said that of 16 Bluetooth smart locks he and fellow researcher Ben Ramsey had tested, 12 locks opened when wirelessly attacked. The locks -- including models made by Quicklock, iBlulock, Plantraco, Ceomate, Elecycle, Vians, Okidokey and Mesh Motion -- had security vulnerabilities that ranged from ridiculously easy to moderately difficult to exploit. "We figured we'd find vulnerabilities in Bluetooth Low Energy locks, then contact the vendors. It turned out that the vendors actually don't care," Rose said. "We contacted 12 vendors. Only one responded, and they said, 'We know it's a problem, but we're not gonna fix it.'" The problems didn't lie with the Bluetooth Low Energy protocol itself, Rose said, but in the way the locks implemented Bluetooth communications, or with a lock's companion smartphone app. Four locks, for example, transmitted their user passwords in plaintext to smartphones, making it easy for anyone with a $100 Bluetooth sniffer to pluck the passwords out of thin air.

"This is the year that Twitter's future will be determined," argues Backchannel's editorial director, noting that Twitter's revenue growth is slowing, and "None of the features that cofounder Jack Dorsey has introduced since he returned to the company as CEO last year have succeeded in attracting new users." But Backchannel suggests it's because the trolls "are winning," discouraging new sign-ups and driving existing customers to leave. "We suck at dealing with abuse and trolls on the platform, and we've sucked at it for years," Twitter's CEO wrote in an internal memo in 2015. Backchannel argues bluntly that Twitter "has a hate problem." New submitter mirandakatz writes: It's been exactly three years since Twitter first promised to solve its harassment problem. In those three years, the company has made countless such promises, introducing dozens of new "fixes" and even going so far as to ban notorious troll Milo Yiannopoulos last month. But still, abuse on Twitter continues, and stopping it is now critical to the platform's future success...
"Twitter did an excellent job of inventing a digital platform for realtime idea exchange, but it has yet to create the feature that allows the community itself to ferret out the abusers..." writes Backchannel. "And if it cannot figure out how to eradicate the harassers, Twitter's other challenges will remain intractable."

"A pair of security researchers recently uncovered a Nigerian scammer ring that they say operates a new kind of attack...after a few of its members accidentally infected themselves with their own malware," reports IEEE Spectrum. "Over the past several months, they've watched from a virtual front row seat as members used this technique to steal hundreds of thousands of dollars from small and medium-sized businesses worldwide." Wave723 writes: Nigerian scammers are becoming more sophisticated, moving on from former 'spoofing' attacks in which they impersonated a CEO's email from an external account. Now, they've begun to infiltrate employee email accounts to monitor financial transactions and slip in their own routing and account info...The researchers estimate this particular ring of criminals earns about US $3 million from the scheme.
After they infected their own system, the scammers' malware uploaded screenshots and all of their keystrokes to an open web database, including their training sessions for future scammers and the re-routing of a $400,000 payment. Yet the scammers actually "appear to be 'family men' in their late 20s to 40s who are well-respected, church-going figures in their communities," according to the article. SecureWorks malware researcher Joe Stewart says the scammers are "increasing the economic potential of the region they're living in by doing this, and I think they feel somewhat of a duty to do this."

When it comes to computing capacity for public cloud services, Amazon and Microsoft are dominating the pack. According to research firm Gartner, Google is the third in this cloud race. The conclusion comes as Gartner looks into Magic Quadrant's annual report surveys, which estimates the amount and type of cloud computing services offered for rent by big companies. Fortune reports: Amazon's continued strength will not surprise many considering the resources it has poured into this now-$10-plus billion a year business. AWS "has the largest share of compute capacity in use by paying customers -- many times the aggregate size of all other providers in the market," according to the report. Last year, Gartner's take was that AWS ran more than 10 times the cloud compute capacity as the next 14 cloud players combined. Asked whether that means Amazon's dominance has held steady, grown, or decreased year over year, Gartner managing vice president Rakesh Kumar told Fortune the research firm does not have the exact comparable figure, but that it is "reasonable to assume" that AWS has maintained the same lead this year. The odd man out here appears to be Google, which has been trying hard to win market share from the other two powers and to prove that it is serious about the public cloud market. Google remains the third largest player by Gartner's measures, but it has slipped a bit relative to the top two.