Slashdot Mirror

Today the CEO of Kaspersky Lab said he's willing to show the company's source code to the U.S. government, testify before Congress, and even move part of his research work to the U.S. to dispel suspicious about his company. The Associated Press reports: Kaspersky, a mathematical engineer who attended a KGB-sponsored school and once worked for Russia's Ministry of Defense, has long been eyed suspiciously by his competitors, particularly as his anti-virus products became popular in the U.S. market. Some speculate that Kaspersky, an engaging speaker and a fixture of the conference circuit, kept his Soviet-era intelligence connections. Others say it's unlikely that his company could operate independently in Russia, where the economy is dominated by state-owned companies and the power of spy agencies has expanded dramatically under President Vladimir Putin. No firm evidence has ever been produced to back up the claims...

Like many cybersecurity outfits in the U.S. and elsewhere, some Kaspersky employees are former spies. Kaspersky acknowledged having ex-Russian intelligence workers on his staff, mainly "in our sales department for their relationship with the government sector." But he added that his company's internal network was too segregated for a single rogue employee to abuse it. "It's almost not possible," he said. "Because to do that, you have to have not just one person in the company, but a group of people that have access to different parts of our technological processes. It's too complicated." And he insisted his company would never knowingly cooperate with any country's offensive cyber operations.
A key Democrat on the Senate Armed Services Committee has told ABC that "a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure." Meanwhile, Slashdot reader Kiralan shares this article from Gizmodo noting Kaspersky Lab "has worked with both Moscow and the FBI in the past, often serving as a go-between to help the two governments cooperate." But setting the precedent of gaining trust through source code access is dangerous, as is capitulating to those demands. Russia has been making the same requests of private companies recently. Major technology companies like Cisco, IBM, Hewlett Packard Enterprise, McAfee, and SAP have agreed to give the Russian government access to "code for security products such as firewalls, anti-virus applications and software containing encryption," according to Reuters. Security firm Symantec pointedly refused to cooperate with Russian demands last week. "It poses a risk to the integrity of our products that we are not willing to accept," a Symantec spokesperson said in a statement.

schwit1 shares an article from ZDNet: A new analysis of documents leaked by whistleblower Edward Snowden details a highly classified technique that allows the National Security Agency to "deliberately divert" U.S. internet traffic, normally safeguarded by constitutional protections, overseas in order to conduct unrestrained data collection on Americans. According to the new analysis, the NSA has clandestine means of "diverting portions of the river of internet traffic that travels on global communications cables," which allows it to bypass protections put into place by Congress to prevent domestic surveillance on Americans.

The new findings follow a 2014 paper by researchers Axel Arnbak and Sharon Goldberg, published on sister-site CBS News, which theorized that the NSA, whose job it is to produce intelligence from overseas targets, was using a "traffic shaping" technique to route US internet data overseas so that it could be incidentally collected under the authority of a largely unknown executive order... The research cites several ways the NSA is actively exploiting methods to shape and reroute internet traffic -- many of which are well-known in security and networking circles -- such as hacking into routers or using the simpler, less legally demanding option of forcing major network providers or telecoms firms into cooperating and diverting traffic to a convenient location.

Should you ever travel to one of the many uninhibited islands that dot the most remote reaches of Earth's oceans, chances are you'll find plastic bottles littering the shore. The Guardian reports: A million plastic bottles are bought around the world every minute and the number will jump another 20 percent by 2021, creating an environmental crisis some campaigners predict will be as serious as climate change. New figures obtained by the Guardian reveal the surge in usage of plastic bottles, more than half a trillion of which will be sold annually by the end of the decade. The demand, equivalent to about 20,000 bottles being bought every second, is driven by an apparently insatiable desire for bottled water and the spread of a western, urbanised "on the go" culture to China and the Asia Pacific region. More than 480bn plastic drinking bottles were sold in 2016 across the world, up from about 300bn a decade ago. If placed end to end, they would extend more than halfway to the sun. By 2021 this will increase to 583.3bn, according to the most up-to-date estimates from Euromonitor International's global packaging trends report. Most plastic bottles used for soft drinks and water are made from polyethylene terephthalate (Pet), which is highly recyclable. But as their use soars across the globe, efforts to collect and recycle the bottles to keep them from polluting the oceans, are failing to keep up.

Sony said this week it will begin pressing vinyl records again, ending an almost three-decade hiatus. A dramatic increase in demand for vinyl music in recent years prompted the move, the company said. From a report: After a 28-year hiatus, Sony announced this week that it plans to open a new facility in Japan dedicated to pressing vinyl records. It's a back-to-the-future announcement at a time when the true digital music revolution -- downloaded and streaming via always-on Internet connectivity -- has quickly grown to dominate listening habits. According to Japan's recording industry association, the country produced nearly 200 million records per year in the mid-1970s. That's unlikely to return. But while many of us have been content to wirelessly download our music, a surprising number of people are going to the store -- or Amazon.com, let's be honest -- and purchasing a vinyl record, sleeve and all.

The blog "McMansion Hell" is back up and running days after Zillow threatened the site's creator, Kate Wagner, into taking it down. Zillow's decision to withdraw their complaint came soon after the Electronic Frontier Foundation announced it would defend Wagner pro bono. GeekWire reports: "We have decided not to pursue any legal action against Kate Wagner and McMansion Hell," a statement from the company said Thursday. "We've had a lot of conversations about this, including with attorneys from the EFF, whose advocacy and work we respect. EFF has stated that McMansion Hell won't use photos from Zillow moving forward. It was never our intent for McMansion Hell to shut down, or for this to appear as an attack on Kate's freedom of expression. We acted out of an abundance of caution to protect our partners -- the agents and brokers who entrust us to display photos of their clients' homes."

The Zillow response came in the wake of the week's events and a strongly worded letter to Zillow general counsel Brad Owens on Thursday (PDF here). EFF staff attorney Daniel Nazer said, "Our client has no obligation to, and thus will not, comply with Zillow's demands. Zillow's legal threats are not supported and plainly seek to interfere with protected speech." EFF said McMansion Hell was relaunching and no posts would be deleted, but that "in the interests of compromise, and because Wagner no longer wishes to use Zillow's website, she will no longer source photographs from Zillow for her blog."

Tony Haile, writing for Recode: Facebook has a problem. What has driven its growth for the last five years won't drive its growth for the next five. However, the options in front of the company involve the kind of user experience compromises that have maimed platforms that preceded it. Facebook makes its money from the West. Some 30 percent of its users and 73 percent of its revenue is from North America and Europe. The monthly average revenue per user for Western users is $3.33 versus 53 cents for the rest of the world. Facebook is a global company, but a Western business. Facebook's user growth in the West is a little over 1 percent a quarter. In North America, Facebook's monthly active users represent 80 percent of the population above the age of 14. If Facebook wishes to grow its Western revenue at the rate its shareholders demand, a 1 percent user growth rate will not do it. Absent rapid user growth, the other lever for increasing advertising revenue is increasing the number or value of ads that are shown to existing users. However, the News Feed is close to saturation. Facebook believes that it cannot stick any more ads in the News Feed without adversely affecting user retention. This combination of slowing user growth and News Feed saturation has led Facebook to warn of a rapid deceleration in revenue growth over the next six months. For the first time in years, Facebook needs a new lever to pull.

An anonymous reader shares a report: Those shameless scammers that cold-call people pretending to be from Microsoft and demanding money after walking users through supposed problems with their computers? They're going down, it seems, with four people arrested in the UK for enabling the rip-off. City of London Police and Microsoft, the real Microsoft, have been working together for two years to trace the operators of the scheme, with the four people -- two from Woking and two from South Shields -- arrested on suspicion of fraud. Although the calls were found to originate from India, the investigators found that the scam was allegedly being run out of the UK, with the poor overseas callers working from scripts and, presumably, not really aware they're doing anything hugely wrong.

Josh Aas, the executive director of Internet Security Research Group (ISRG) writing for Let's Encrypt: Let's Encrypt, a free, automated, and open certificate authority has reached a milestone: we've now issued more than 100,000,000 certificates. This number reflects at least a few things: First, it illustrates the strong demand for our services. We'd like to thank all of the sysadmins, web developers, and everyone else managing servers for prioritizing protecting your visitors with HTTPS. Second, it illustrates our ability to scale. I'm incredibly proud of the work our engineering teams have done to make this volume of issuance possible. I'm also very grateful to our operational partners, including IdenTrust, Akamai, and Sumo Logic. Third, it illustrates the power of automated certificate management. If getting and managing certificates from Let's Encrypt always required manual steps there is simply no way we'd be able to serve as many sites as we do. The total number of certificates we've issued is an interesting number, but it doesn't reflect much about tangible progress towards our primary goal: a 100% HTTPS Web.

Toshiba has raised the stakes in an embittered legal row with its joint venture partner, suing Western Digital for a $1bn in damages and hoping Japanese courts will quash the US firm's interference in the sale of its memory chip business. From a report: The litigation, filed Wednesday in Tokyo District Court, seeks to stop Western Digital from making ownership claims over the enterprise that Toshiba is trying to sell. The Japanese company said in a statement that Western Digital's employees improperly obtained proprietary information. The relationship between Toshiba and Western Digital has gotten more acrimonious, as Toshiba moves toward a sale of the flash-memory division. Last month, Western Digital invoked an arbitration clause in their business agreement, seeking to block Toshiba's transfer of ownership of the unit to a separate legal entity in preparation for a sale. Toshiba, which has since reversed that transfer, then had its lawyers send a letter demanding that the U.S. company stop its "harassment" as Toshiba tries to sell the business.

Digital currency mining is in high demand, causing GPU prices to skyrocket. Nvidia is planning to capitalize on this trend by releasing graphics cards specifically designed for cryptocurrency. From a product listing on ASUS' website: "ASUS Mining P106 is designed for coin mining with high-efficiency components -- delivering maximum hash-rate production at minimum cost. ASUS Mining P106 enhances the megahash rate by up to 36% compared cards in the same segment that are not tailored for mining. The new card is also engineered to be seriously durable, enabling 24/7 operation for uninterrupted coin production." The ASUS Mining P106 uses an Nvidia chip, according to the specifications page on the website. CNBC reports: Nvidia, AMD and ASUS have not officially announced the digital currency mining cards, according to their website press pages. It is not certain when the cards will be available for sale. Nvidia is likely making the cards designed for this use so that the surging digital currency demand doesn't affect its ability to serve the lucrative PC gaming market.

Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files. [...] The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key." This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately -- and blocked the account straight away.

A massive cyber attack has disrupted businesses and services in Ukraine on Tuesday, bringing down the government's website and sparking officials to warn that airline flights to and from the country's capital city Kiev could face delays. Motherboard reports that the ransomware is quickly spreading across the world. From a report: A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack on Tuesday that disrupted some operations (a non-paywalled source), the Ukrainian central bank said. The latest disruptions follow a spate of hacking attempts on state websites in late-2016 and repeated attacks on Ukraine's power grid that prompted security chiefs to call for improved cyber defences. The central bank said an "unknown virus" was to blame for the latest attacks, but did not give further details or say which banks and firms had been affected. "As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations," the central bank said in a statement. BBC reports that Ukraine's aircraft manufacturer Antonov, two postal services, Russian oil producer Rosneft and Danish shipping company Maersk are also facing "disruption, including its offices in the UK and Ireland."

According to local media reports, the "unknown virus" cited above is a ransomware strain known as Petya.A. Here's how Petya encrypts files on a system (video). News outlet Motherboard reports that Petya has hit targets in Spain, France, Ukraine, Russia, and other countries as well. From the report: "We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat. Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin. "If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."

Kate Wagner is facing potential legal charges by real estate Zillow for allegedly violating the site's terms of service by reproducing images from their site on her blog. Wagner's blog is called McMansion Hell -- a Tumblr blog that "highlights the absurdity of giant real estate properties and the ridiculous staging and photography that are omnipresent in their sales listings," writes Natt Garun via The Verge. From the report: A typical McMansion Hell blog post will have a professional photo of a home and / or its interior, along with captions scattered throughout by Wagner. She also adds information about the history and characteristics of various architecture styles, and uses photos from the likes of Zillow and Redfin to illustrate how so many real estate listings inaccurately use the terms. Under each post, Wagner adds a disclaimer that credits the original source of the images and cites Fair Use for the parody, which allows for use of copyrighted material for "criticism, comment, news reporting, teaching, scholarship, and research." In a cease and desist letter to Wagner, Zillow claims Wagner's reproduction of these images do not apply under the Copyright Act. Additionally, the company claims McMansion Hell may "[interfere] with Zillow's business expectations and interests." As a result of the potential lawsuit, Wagner has temporarily taken McMansionHell.com down. In a statement to The Verge, Zillow said: "Zillow has a legal obligation to honor the agreements we make with our listing providers about how photos can be used. We are asking this blogger to take down the photos that are protected by copyright rules, but we did not demand she shut down her blog and hope she can find a way to continue her work."

Infarm, a 40-plus person startup based in Berlin, imagines a future where every grocery store has its own farm packed with herbs, vegetables and fruit. "The plants themselves are being monitored by multiple sensors and fed by an internet-controlled irrigation and nutrition system," reports TechCrunch. "Growing out from the center, the basil is at ascending stages of its life, with the most outer positioned ready for you, the customer, to harvest." From the report: The concept might not be entirely new -- Japan has been an early pioneer in vertical farming, where the lack of space for farming and very high demand from a large population has encouraged innovation -- but what potentially sets Infarm apart, including from other startups, is the modular approach and go-to-market strategy it is taking. This means that the company can do vertical farming on a small but infinitely expandable scale, and is seeing Infarm place farms not in offsite warehouses but in customer-facing city locations, such as grocery stores, restaurants, shopping malls, and schools, enabling the end-customer to actually pick the produce themselves. In contrast, the Infarm system is chemical pesticide-free and can prioritize food grown for taste, color and nutritional value rather than shelf life or its ability to sustain mass production. Its indoor nature means it isn't restricted to seasonality either and by completely eliminating the distance between farmer and consumer, food doesn't get much fresher. When a new type of herb or plant is introduced, Infarm's plant experts and engineers create a recipe or algorithm for the produce type, factoring in nutrition, humidity, temperature, light intensity and spectrum, which is different from system to system depending on what is grown. The resulting combination of IoT, Big Data and cloud analytics is akin to "Farming-as-a-Service," whilst , space permitting, Infarm's modular approach affords the ability to keep adding more farming capacity in a not entirely dissimilar way to how cloud computing can be ramped up at the push of a button.

From an article on The Outline, submitted by two readers: If you're one of the approximately 80 percent of Americans who have suffered from back pain, you may have been referred to a chiropractor for medical help. In the modern-day internet landscape, you'll find chiropractic celebrities like Dr. Josh Axe (1.7 million Facebook followers), Dr. Billy DeMoss (20,000 Facebook followers), and Dr. Eric Berg (472,000 YouTube subscribers) giving advice that goes beyond managing spinal issues. Both in their offices and on social media, chiropractors have adapted to a marketplace that's demanding more than just pain management: they extol the virtues of an "alkaline diet," tell you how to manage stress with detoxing, and wax scientific about the adrenal gland. [...] Chiropractic care, I'm sorry to say, is little more than the buffoonery of a 19th-century lunatic who derived most of his medical theory from seances. It has not evolved much since its creation. Chiropractic beliefs are dangerously far removed from mainstream medicine, and the vocation's practices have been linked to strokes, herniated discs, and even death. Chiropractors can't replace your doctor, and I'm amazed that they're still even allowed to practice. [...] Though some chiropractors are now making an effort to introduce evidence-based practices into their treatment, chiropractic as a whole hasn't evolved like other areas of medicine -- with hypotheses, experimentation, and peer review. Instead, it was birthed by a strange combination of hocus pocus, guesswork, and strongly held religious beliefs.

An anonymous reader shares a Reuters report: Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found. Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems. But those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code -- instructions that control the basic operations of computer equipment -- current and former U.S. officials and security experts said. [...] In addition to IBM, Cisco and Germany's SAP, Hewlett Packard Enterprise Co and McAfee have also allowed Russia to conduct source code reviews of their products, according to people familiar with the companies' interactions with Moscow and Russian regulatory records.

An anonymous reader quotes a report from Motherboard: In one of the biggest wins for the right to repair movement yet, the U.S. Copyright Office suggested Thursday that the U.S. government should take actions to make it legal to repair anything you own, forever -- even if it requires hacking into the product's software. Manufacturers -- including John Deere, Ford, various printer companies, and a host of consumer electronics companies -- have argued that it should be illegal to bypass the software locks that they put into their products, claiming that such circumvention violated copyright law. Thursday, the U.S. Copyright Office said it's tired of having to deal with the same issues every three years; it should be legal to repair the things you buy -- everything you buy -- forever. "The growing demand for relief under section 1201 has coincided with a general understanding that bona fide repair and maintenance activities are typically non infringing," the report stated. "Repair activities are often protected from infringement claims by multiple copyright law provisions." "The Office recommends against limiting an exemption to specific technologies or devices, such as motor vehicles, as any statutory language would likely be soon outpaced by technology," it continued.

In the August 2017 issue of Consumer Reports magazine, the nonprofit organization ranked internet service providers based off customer satisfaction. According to the report, many consumers still don't like their broadband and television provider, and don't believe they receive a decent value for the high price they pay for service. DSLReports summarizes the findings: The report [...] names Chattanooga municipal broadband provider EPB as the most-liked ISP in the nation. EPB was followed by Google Fiber, Armstrong Cable, Consolidated Cable and RCN as the top-ranked ISPs in the nation. Google Fiber "was the clear winner for internet service," notes the report, "with the only high score for value." Google Fiber also received high marks for customer support and service. But large, incumbent ISPs continue to be aggressively disliked due to high prices and poor customer service, according to the report. Despite endless annual promises that customer service is the company's priority, Comcast ranked number 27 out of the 32 providers measured. The company's survey results were weighed down by low consumer marks for value, channel selection, technical support, customer service and free video on demand offerings. The least-liked ISPs in the nation, according to the report, are: Charter (Spectrum), Cable ONE, Atlantic broadband, Frontier Communications, and Mediacom. Not coincidentally, the two largest ISPs in that list just got done with massive mergers or acquisitions that resulted in higher prices and worse service than consumers saw previously. MyRatePlan has a breakdown of ISP providers and plans by ZIP code.

An anonymous reader writes: Nayana, a web hosting provider based in South Korea, announced it is in the process of paying a three-tier ransom demand of nearly $1 million worth of Bitcoin, following a ransomware infection that encrypted data on customer' servers. The ransomware infection appears has taken place on June 10, but Nayana admitted to the incident two days later, in a statement on its website.

Attackers asked for an initial ransom payment of 550 Bitcoin, which was worth nearly $1.62 million at the time of the request. After two days of negotiations, Nayana staff said they managed to reduce the ransom demand to 397.6 Bitcoin, or nearly $1 million. In a subsequent announcement, Nayana officials stated that they negotiated with the attackers to pay the ransom demand in three installments, due to the company's inability to produce such a large amount of cash in a short period of time.

On Saturday, June 17, the company said it already paid two of the three payment tranches. In subsequent announcements, Nayana updated clients on the server decryption process, saying the entire operation would take up to ten days due to the vast amount of encrypted data. The company said 153 Linux servers were affected, servers which stored the information of more than 3,400 customers.

Long-time Slashdot reader rudy_wayne writes: J.C. Penney CEO Marvin Ellison recently said that e-commerce companies' biggest challenge is that they are all expanding their businesses and pushing for faster delivery, but UPS, Fedex and especially the United States Postal Service aren't able to keep up, at least not at same cost that exists today, because they're not increasing their delivery capacity at the same rate e-commerce is growing, He said this will cause a supply and demand issue "that's going to be apparent here pretty soon."