Slashdot Mirror

Remember NIST, the non-regulatory agency of the U.S. Department of Commerce? Their mission expanded over the years to protecting businesses from cyberthreats, including a "Cybersecurty Framework" first published in 2014. "The original goal was to develop a voluntary framework to help organizations manage cybersecurity risk in the nation's critical infrastructure, such as bridges and the electric power grid," NIST wrote in January, "but the framework has been widely adopted by many types of organizations across the country and around the world." Now SC Media reports: The second draft of the update to the National Institute of Standards and Technology's cybersecurity framework, NIST 1.1, is meant "to clarify, refine, and enhance the Cybersecurity Framework, amplifying its value and making it easier to use," according to NIST. Specifically, it brings clarity to cybersecurity measurement language and tackles improving security of the supply chain. Calling the initial NIST CSF "a landmark effort" that delivered "important benefits, such as providing common language for different models" of standards and best practices already in use, Larry Clinton, president and CEO of the Internet Security Alliance, said "it fell short of some of the most critical demands of Presidential Executive Order 13636, which generated its development...

"To begin with, the new draft makes it clear that our goal is not some undefined metric for use of the Framework, but for effective use of the Framework. Moreover, this use-metric needs to be tied not to some generic standard, but to be calibrated to the unique threat picture, risk appetite and business objective of a particular organization"... Clinton praised the process used by NIST as "a model 'use case' for how government needs to engage with its industry partners to address the cybersecurity issue." The internet's inherent interconnectedness makes it impossible for sustainable security to be achieved through anything other than true partnership, he contended.
Slashdot reader Presto Vivace reminds you that public comments on the draft Framework and Roadmap are due to NIST by 11:59 p.m. EST on January 19, 2018. "If you have an opinion about this, NOW is the time to express it."

In response to the drop in demand for fossil fuel energy, General Electric -- the world's largest maker of gas turbines -- announced plans to cut 12,000 jobs. Quartz reports: Those cuts will mostly come from GE's power division, which makes energy-generation technologies. The reduction will account for 18% of the division's workforce and affect both professional and production employees, the company said in a statement. The majority of job losses will occur outside the U.S., Bloomberg reports. In a statement, Russell Stokes, the division's president and CEO, said disruptions to the power market were "driving significantly lower volumes in products and services." Demand for GE's power-generation equipment has stalled in part because of renewable energy growth, says Robert McCarthy, an analyst at Stifel Financial.

The move is part of a larger restructuring effort under GE's new chief executive John Flannery, who has faced immense pressure to regain the company's footing since taking the helm in June of this year. GE's stock price plunged 44% this year, the worst performer on the Dow, according to Bloomberg. The company aims to cut $3.5 billion of expenses across its divisions by the end of 2018, including a $1 billion cut from the power division.

An anonymous reader shares an article: Bitcoin wasn't intended to be an investment instrument. Its creators envisioned it as a replacement for money itself -- a decentralized, secure, anonymous method for transferring value between people. But what they might not have accounted for is how much of an energy suck the computer network behind bitcoin could one day become. Simply put, bitcoin is slowing the effort to achieve a rapid transition away from fossil fuels. What's more, this is just the beginning. Given its rapidly growing climate footprint, bitcoin is a malignant development, and it's getting worse. Digital financial transactions come with a real-world price: The tremendous growth of cryptocurrencies has created an exponential demand for computing power. As bitcoin grows, the math problems computers must solve to make more bitcoin (a process called "mining") get more and more difficult -- a wrinkle designed to control the currency's supply. Today, each bitcoin transaction requires the same amount of energy used to power nine homes in the U.S. for one day. And miners are constantly installing more and faster computers. Already, the aggregate computing power of the bitcoin network is nearly 100,000 times larger than the world's 500 fastest supercomputers combined. The total energy use of this web of hardware is huge -- an estimated 31 terawatt-hours per year. More than 150 individual countries in the world consume less energy annually. And that power-hungry network is currently increasing its energy use every day by about 450 gigawatt-hours, roughly the same amount of electricity the entire country of Haiti uses in a year.

An anonymous reader quotes MarketWatch: A group of global activists stormed and occupied several Apple Stores in France on Saturday in a move aimed at pressuring the company to pay up on a €13 billion ($15.5 billion) tax bill to the European Union. In a press release, the France unit of the Association for the Taxation of Financial Transactions and Citizen's Action organization (Attac), said 100 of its members occupied the Opera Apple Store in Paris, demanding the company pay its taxes... Attac said dozens of protests were organized at other Apple store locations throughout France on Saturday. In the Paris store, activists were seen via videos circulating on Twitter, pushing past security and hanging a banner that said "We will stop when Apple pays." Security in Paris reportedly evacuated Apple workers from the building as those protests began.
After three hours they left the store -- leaving behind protest messages on the iPads on display. The group claims that Apple has stashed $230 billion in tax havens around the world, but also hopes to raise awareness about other issues.

"Attac said the action was part of the #PhoneRevolt movement aimed at highlighting unfair practices by Apple, that are not just about taxes, but also pollution via extraction of metals for its phones, worker exploitation and driving a global consumption binge."

On November 29th, the U.S. Supreme Court will hear oral arguments in Carpenter v. US, a case essentially asking whether or not authorities need a warrant based on probable cause and signed by a judge to see your cellphone location data. For now, they do not. Given the fact that about 95% of Americans have cellphones, this case has major implications. Quartz reports: Mobile-service providers collect "cell site location information" (CSLI) for all phones, ostensibly to use for things like improving their networks. The U.S. government considers these data "routinely collected business records" rather than private information. That means it can demand the records without proving probable cause. That's what happened in the criminal case of Timothy Carpenter, accused of a series of Detroit, Michigan robberies. At Carpenter's trial, prosecutors presented evidence collected by private companies, obtained by the law without probable cause. They used 127 days-worth of cellphone-location data, amounting to almost 13,000 data points, to tell a circumstantial story of Carpenter comings and goings.

In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy" when it comes to these records, government attorneys wrote. Carpenter argues that the location evidence was obtained illegally. The Sixth Circuit Court of Appeals denied that claim last year, basing their decision on Supreme Court cases from the 1970s: Smith v. Maryland and US v. Miller . The appeals court concluded that, under what's called the "third-party doctrine," Americans don't have a reasonable expectation of privacy in things like check deposit slips, similar banking records, and dialed telephone numbers.

An anonymous reader quotes BuzzFeed: In a federal bankruptcy court filing on Wednesday, lawyers for venture capitalist Peter Thiel objected to the ongoing sale process of Gawker.com, arguing that the billionaire has been unfairly excluded from bidding for the assets of the defunct news website... Whoever ends up buying the site will also buy its archives, which are still up, and will have the right to do with them what they want, including delete them. In the filing, Thiel's lawyers allege that he was prevented from receiving information in regard to a potential bid for Gawker.com by plan administrator William Holden and his counsel, Gregg Galardi, following a Wall Street Journal story in October that said Holden and Galardi had started to market the website to potential buyers...

The Wall Street Journal reported that Holden has been exploring the sale of Gawker.com since July, and that he recently marketed the site's potential legal claims against Thiel as part of its appeal. The marketing of those claims is at the center of Thiel's complaint, in which his lawyers argue that Holden should not be able to conduct a sale of those claims and ask that the court drop a motion that allows for discovery to move forward. Thiel's representatives also said that they contacted those administrating the sale of Gawker.com last month "to express Mr. Thiel's interest in participating in the sale process," but that they had been rebuffed and then ignored.
Thiel's complaint calls him the "most able and logical purchaser."

An anonymous reader quotes a report from Yahoo News: Mindgeek may be the most powerful company that you've never heard of, or at least, a company you'll claim never to have heard about in polite company. It's the conglomerate that owns some of the world's most visited porn sites, including Pornhub, RedTube and YouPorn. Far from simply being a popular and free way for people to consume adult content, it may soon have a powerful political role in the UK that will ensure its dominance for decades to come. That's because, within the next year, Mindgeek may become the principal gatekeeper between the country's internet users and their porn. In April, the UK passed the Digital Economy Act 2017, legislation that mandated that any website showing adult content must verify the ages of its visitors. It was pushed through in response to concerns that children were being corrupted by easy access to and exposure to adult content at an early age. Section 15(1) of the bill requires that "pornographic material" not be published online, on a "commercial basis," unless it is "not normally accessible by those under 18." The bill has several flaws, not least the number of vague proposals it contains, and the ad hoc definition of what pornography actually is. Section 17 of the same act outlined the creation of an "age-verification regulator," the digital equivalent of a bouncer standing between you and your porn. This gatekeeper will have the right, and duty, to demand you show proof of age, or else refuse you access. In addition, the body will be able to impose fines and enforcement notices on those who either neglect or circumvent the policy. [...] The Open Rights Group believes that the BBFC will then hand over the actual mechanisms of the age verification platform to a third party in the private sector. Mindgeek has had several conversations with officials and is currently pushing its own age verification platform, AgeID. If selected, this platform could become the principal wall between Britons and their pornography -- giving Mindgeek enormous power in the market.

Jordan Crook, writing for TechCrunch: During yesterday's announcement of the upcoming vote, the FCC neglected to mention the historic 22 million comments on the issue, the majority of which were opposed to its rollback. In response, protests are being held on December 7 at Verizon retail stores across the country. The protests were organized by Demand Progress, Fight For The Future, and FreePress Action Fund. Here's what the protest organizers have to say on their event page: "Ajit Pai is clearly still working for Verizon, not the public. But he still has to answer to Congress. So we're calling on our lawmakers to do their job overseeing the FCC and speak out against Ajit Pai's plan to gut Title II net neutrality protections and give Verizon and other giant ISPs everything on their holiday wishlist.

Tatyana Shumsky, reporting for WSJ: Adobe's finance chief Mark Garrett says his team struggles keeping track of which jobs have been filled at the software company. The process can take days and requires finance staff to pull data from disparate systems that house financial and human-resources information into Microsoft's Excel spreadsheets. From there they can see which groups are hiring and how salary spending affects the budget. "I don't want financial planning people spending their time importing and exporting and manipulating data, I want them to focus on what is the data telling us," Mr. Garrett said. He is working on cutting Excel out of this process, he said. CFOs at companies including P.F. Chang's China Bistro, ABM Industries and Wintrust Financial are on a similar drive to reduce how much their finance teams use Excel for financial planning, analysis and reporting (Editor's note: the link could be paywalled; an alternative source wasn't immediately available). Finance chiefs say the ubiquitous spreadsheet software that revolutionized accounting in the 1980s hasn't kept up with the demands of contemporary corporate finance units. Errors can bloom because data in Excel is separated from other systems and isn't automatically updated.

Zorro shares a report from CBS Local: Sacramento Regional Transit is the one being taken for a ride on this night, by a computer hacker. That hacker forced RT to halt its operating systems that take credit card payments, and assigns buses and trains to their routes. The local transit agency alerted federal agents following an attack on their computers that riders may not have noticed Monday. "We actually had the hackers get into our system, and systematically start erasing programs and data," Deputy General Manager Mark Lonergan. Inside RT's headquarters, computer systems were taken down after the hacker deleted 30 million files. The hacker also demanded a ransom in bitcoin, and left a message on the RT website reading "I'm sorry to modify the home page, I'm good hacker, I just want to help you fix these vulnerability."

Anonymous readers share a report: The Department of Justice on Tuesday charged an Iranian national with allegedly hacking into HBO, dumping a selection stolen files, and attempting to extort the company by ransoming a treasure trove of the company's content. This summer, hackers released a bevy of internal HBO files, included scripts for Game of Thrones and full, unaired episodes of other shows. Behzad Mesri, aka "Skote Vahshat," at one point worked for the Iranian military to break into military and nuclear systems, as well as Israeli infrastructure, according to the newly released complaint. Under his Vahshat pseudonym, Mesri also defaced hundreds of websites in the U.S. and around the world, the complaint adds. Mesri started his hacking campaign in around May 2017, according to the complaint, probing HBO's systems and employees for weaknesses. Mesri managed to compromise multiple HBO employee accounts as well as other authorized users; from here, he allegedly stole confidential and proprietary information. These included unaired episodes of Ballers, Barry, Room 104, Curb Your Enthusiasm, and The Deuce, as well as scripts for Game of Thrones. Indeed, the hacker behind the HBO breach publicly dumped much of this material online this summer.

Apple's main supplier in Asia has been employing high-school students working illegal overtime to assemble the iPhone X in an effort to catch up with demand after facing production delays, the Financial Times reported on Tuesday, citing several teenagers involved. From a report: A group of 3,000 students from the Zhengzhou Urban Rail Transit School were sent to work at the local facility run by Taiwan-based Hon Hai Precision Industry, known as Foxconn, as part of a three-month stint that was billed as "work experience," and required to graduate, the Financial Times reported. Six of the students told the FT they routinely worked 11-hour days assembling Apple's flagship smartphone, which constitutes illegal overtime for student interns under Chinese law. Apple said an audit did find instances of student interns working overtime, adding that they were employed voluntarily, were compensated and provided benefits, but that they shouldn't have been allowed to work overtime.

The U.S. Department of Justice is suing AT&T to block its $85.4 billion acquisition of Time Warner. "The legal challenge was expected after AT&T rejected a demand by the Justice Department earlier this month to divest its DirecTV unit or Time Warner's Turner Broadcasting -- which contains news network CNN -- in order to win antitrust approval," reports Reuters. From the report: AT&T's chief executive said then that he would defend the deal in court to win approval, and the company criticized the Justice Department's case on Monday. The lawsuit is "a radical and inexplicable departure from decades of antitrust precedent," said AT&T lawyer David McAtee, arguing that so-called vertical mergers, between companies that are not direct competitors, are routinely approved. "We see no legitimate reason for our merger to be treated differently," he said, adding that AT&T is confident a judge will reject the Justice Department's case.

An anonymous reader writes: An investigation by Sophos has uncovered a new, lazy but effective ransomware attack where hackers brute force passwords on computers with [Microsoft's] Remote Desktop Protocol enabled, use off-the-shelf privilege escalation exploits to make themselves admins, turn off security software and then manually run fusty old versions of ransomware.
They even delete the recovery files created by Windows Live backup -- and make sure they can also scramble the database. "Because they've used their sysadmin powers to rig the system to be as insecure as they can, they can often use older versions of ransomware, perhaps even variants that other crooks have given up on and that are now floating around the internet 'for free'."

Most of the attacks hit small-to-medium companies with 30 or fewer employees, since "with small scale comes a dependence on external IT suppliers or 'jack-of-all-trades' IT generalists trying to manage cybersecurity along with many other responsibilities. In one case a victim was attacked repeatedly, because of a weak password used by a third-party application that demanded 24-hour administrator access for its support staff."

An anonymous reader writes: One of the more surprising stories of the past year was Microsoft's announcement that it was going to use the Git version control system for Windows development. Microsoft had to modify Git to handle the demands of Windows development but said that it wanted to get these modifications accepted upstream and integrated into the standard Git client. That plan appears to be going well. Yesterday, the company announced that GitHub was adopting its modifications and that the two would be working together to bring suitable clients to macOS and Linux. Microsoft says that, so far, about half of its modifications have been accepted upstream, with upstream Git developers broadly approving of the approach the company has taken to improve the software's scaling. Redmond also says that it has been willing to make changes to its approach to satisfy the demands of upstream Git. The biggest complexity is that Git has a very conservative approach to compatibility, requiring that repositories remain compatible across versions.

Microsoft and GitHub are also working to bring similar capabilities to other platforms, with macOS coming first, and later Linux. The obvious way to do this on both systems is to use FUSE, an infrastructure for building file systems that run in user mode rather than kernel mode (desirable because user-mode development is easier and safer than kernel mode). However, the companies have discovered that FUSE isn't fast enough for this -- a lesson Dropbox also learned when developing a similar capability, Project Infinite. Currently, the companies believe that tapping into a macOS extensibility mechanism called Kauth (or KAuth) will be the best way forward.

schwit1 quotes a report from South China Morning Post: China is building the world's fastest wind tunnel to simulate hypersonic flight at speeds of up to 12 kilometers per second (~27,000 miles per hour). Zhao Wei, a senior scientist working on the project, said researchers aimed to have the facility up and running by around 2020 to meet the pressing demand of China's hypersonic weapon development program. "It will boost the engineering application of hypersonic technology, mostly in military sectors, by duplicating the environment of extreme hypersonic flights, so problems can be discovered and solved on the ground," said Zhao. The world's most powerful wind tunnel at present is America's LENX-X facility in Buffalo, New York state, which operates at speeds of up to 10 kilometers per second -- 30 times the speed of sound. Hypersonic aircraft are defined as vehicles that travel at speeds of Mach 5, five times the speed of sound, or above.

In the new tunnel there will be a test chamber with room for relatively large aircraft models with a wing span of almost three meters. To generate an airflow at extremely high speeds, the researchers will detonate several tubes containing a mixture of oxygen, hydrogen and nitrogen gases to create a series of explosions that can discharge one gigawatt of power within a split second, according to Zhao. The shock waves, channelled into the test chamber through a metallic tunnel, will envelope the prototype vehicle and increase the temperature over its body to 8,000 Kelvins, or 7,727 degrees Celsius, Zhao said. The new tunnel would also be used to test the scramjet, a new type of jet engine designed specifically for hypersonic flights. Traditional jet engines are not capable of handling air flows at such speeds.

An anonymous reader shares an article: Pictures and text often pair nicely together. You have an article about a thing, and the picture illustrates that thing, which in many cases helps you understand the thing better. But on the web, this logic no longer holds, because at some point it was decided that all texts demand a picture. It may be of a tangentially related celeb. It may be a stock photo of a person making a face. It may be a Sony logo, which is just the word SONY. I have been thinking about this for a long time and I think it is stupid. I understand that images -- clicks is industry gospel, but it seems like many publishers have forgotten their sense of pride. If a picture is worth a thousand words, it's hard for me to imagine there'll be much value in the text of an article illustrated by a generic stock image. As with so many problems, social media seems to deserve much of the blame for this. Until the mid-to-late '00s, a publication's homepage played a dominant role in driving people to individual articles. Homepages mostly mimicked the front pages of newspapers, where major stories -- things that warranted investment in original art -- had images. Other stories just got a headline. Over time, the endless space of the internet lowered the standard for which articles needed art, but still, not everything got an image. [...] Even the unflinching belief that people won't read articles if there aren't pictures doesn't hold up to logic. Sure, interesting pictures can attract readers, but most of these images are not interesting. And even if it were slightly better for business, is that really a compromise worth making?

A reader shares an Economist article: More people will trade in Bitcoin and that means more demand, and thus the price should go up. But what is the appeal of Bitcoin? There are really three strands; the limited nature of supply; fears about the long-term value of fiat currencies in an era of quantitative easing; and the appeal of anonymity. The last factor makes Bitcoin appealing to criminals creating this ingenious valuation method for the currency of around $570. These three factors explain why there is some demand for Bitcoin but not the recent surge. The supply details have if anything deteriorated (rival cryptocurrencies are emerging); the criminal community hasn't suddenly risen in size; and there is no sign of general inflation. A possible explanation is the belief that blockchain, the technology that underlines Bitcoin, will be used across the finance industry. But you can create blockchains without having anything to do with Bitcoin; the success of the two aren't inextricably linked. A much more plausible reason for the demand for Bitcoin is that the price is going up rapidly. People are not buying Bitcoin because they intend to use it in their daily lives (Editor's note: the link could be paywalled; alternative source). People are buying Bitcoin because they expect other people to buy it from them at a higher price; the definition of the greater fool theory.

An anonymous reader quotes a report from The New York Times (Warning: source may be paywalled; alternative source): The Justice Department has called on AT&T and Time Warner to sell Turner Broadcasting, the group of cable channels that includes CNN, as a potential requirement for approving the companies' pending $85.4 billion deal, people briefed on the matter said on Wednesday. The other potential way the merger could win approval would be for AT&T to sell its DirecTV division, two of these people added. As originally envisioned, combining AT&T and Time Warner would yield a giant company offering wireless and broadband internet service, DirecTV, the Warner Brothers movie studio and cable channels like HBO and CNN. If the Justice Department formally makes either demand a requisite for approval, AT&T and Time Warner would almost certainly take the matter to court to challenge the government's legal basis for blocking their deal.

Apple on Thursday reported sales and earnings well ahead of projections, and said holiday sales should be a record and ahead of many analysts' expectations. The company sold 46.6 million iPhones last quarter, which came in about 500,000 units ahead of expectations. Axios reports: Going into the earnings report, there were concerns about both iPhone 8 demand and iPhone X supply. Thursday's report should go a long way toward answering those questions. Sales were up in every region expect Japan, where business was down from the prior year, though up sequentially. Notably, the company finally saw a much-needed turnaround in Greater China, where sales of $9.8 billion were up 22% from the prior quarter and 12% from a year ago. The company's business has been weak in China for some time, though the company had predicted improvement this quarter. Apple reported $52.6 billion in revenue (vs $51.2 billion estimated) and per-share earnings of $2.02 (vs $1.87 estimated). In addition to the 46.6 million iPhones sold (vs 46.1 million estimated), the company sold 10.3 million iPads (vs about 10 million expected) and 5.4 million Macs (vs about 5 million expected).