– Slashdot

Syndicated from http://slashdot.org/ – Slashdot.

Latest Slashdot Postings

  1. Lawmakers Slam Apple for 'Censorship' of Apps at China's Behest - U.S. lawmakers from both parties slammed Apple and Chief Executive Officer Tim Cook last week for "censorship of apps" at the "behest of the Chinese government." From a report: Senators Ted Cruz, Ron Wyden, Tom Cotton, Marco Rubio and Representatives Alexandria Ocasio-Cortez, Mike Gallagher and Tom Malinowski expressed concern about the removal of an app that let Hong Kong protesters track police movement in the city. "Apple's decisions last week to accommodate the Chinese government by taking down HKmaps is deeply concerning," they wrote in a letter to Cook, urging Apple to "reverse course, to demonstrate that Apple puts values above market access, and to stand with the brave men and women fighting for basic rights and dignity in Hong Kong." Apple didn't respond to a request for comment on Friday. Apple removed the HKmap.live app from the App Store in China and Hong Hong earlier this month, saying it violated local laws. The company also said it received "credible information" from Hong Kong authorities indicating the software was being used "maliciously" to attack police. The decision, and the reasoning, was questioned widely. Cook, in a recent memo to Apple employees, said that "national and international debates will outlive us all, and, while important, they do not govern the facts."

    Read more of this story at Slashdot.

  2. Popular VPN Service NordVPN Says it Was Hacked - NordVPN, a virtual private network provider that promises to "protect your privacy online," has confirmed it was hacked. From a report: The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private keys exposed, potentially allowing anyone to spin out their own servers imitating NordVPN. For its part, NordVPN has claimed a "zero logs" policy. "We don't track, collect, or share your private data," the company says. But the breach is likely to cause alarm that hackers may have been in a position to access some user data. NordVPN told TechCrunch that one of its datacenters was accessed in March 2018. "One of the datacenters in Finland we are renting our servers from was accessed with no authorization," said NordVPN spokesperson Laura Tyrell. The attacker gained access to the server -- which had been active for about a month -- by exploiting an insecure remote management system left by the datacenter provider, which NordVPN said it was unaware that such a system existed.

    Read more of this story at Slashdot.

  3. Venezuela's Water System is Collapsing - In Venezuela, a crumbling economy and the collapse of even basic state infrastructure means water comes irregularly -- and drinking it is an increasingly risky gamble. Venezuela's current rate of infant mortality from diarrhea, which is closely related to water quality, is six times higher than 15 years ago, according to the World Health Organization. From a report: But the government stopped releasing official public health data years ago. So The New York Times commissioned researchers from the Universidad Central de Venezuela to recreate the water quality study they had conducted regularly for the water utility in Caracas from 1992 until 1999. The scientists found that about a million residents were exposed to contaminated supplies. This puts them at risk of contracting waterborne viruses that could sicken them and threatens the lives of children and the most vulnerable. "This is a potential epidemic," said Jose MarÃa De Viana, who headed Caracas's water utility, Hidrocapital, until 1999. "It's very serious. It's unacceptable." In the latest study, 40 samples were taken from the capital's main water systems and tested for bacteria and for chlorine, which keeps water safe. The study also tested alternative water sources used by city residents during supply outages. One third of the samples did not meet national norms. This should have required Hidrocapital to issue a sanitation alert, according to the utility's own internal regulations. But Venezuela's government has not issued any alerts at least since President Nicolas Maduro's Socialist Party took power 20 years ago. "The biggest health risk that we see there right now is water -- water and sanitation," the head of the International Federation of the Red Cross, Francesco Rocca, told foreign reporters this week, referring to Venezuela.

    Read more of this story at Slashdot.

  4. Researchers Tricked Google Home and Alexa Into Eavesdropping and Password Phishing - What if Google and Amazon employees weren't the only ones who'd listened through your voice assistant? Ars Technica reports: The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps -- four Alexa "skills" and four Google Home "actions" -- that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these "smart spies," as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords... The apps gave the impression they were no longer running when they, in fact, silently waited for the next phase of the attack.... The apps quietly logged all conversations within earshot of the device and sent a copy to a developer-designated server. The phishing apps follow a slightly different path by responding with an error message that claims the skill or action isn't available in that user's country. They then go silent to give the impression the app is no longer running. After about a minute, the apps use a voice that mimics the ones used by Alexa and Google home to falsely claim a device update is available and prompts the user for a password for it to be installed.... In response, both companies removed the apps and said they are changing their approval processes to prevent skills and actions from having similar capabilities in the future.

    Read more of this story at Slashdot.

  5. Teenagers Are Easily Bypassing Apple's Parental Controls - "Kids are outsmarting an army of engineers from Cupertino, California," reports the Washington Post: And Apple, which introduced "Screen Time" a year ago in response to pressure to address phone overuse by kids, has been slow to make fixes to its software that would close these loopholes. It's causing some parents to raise questions about Apple's commitment to safeguarding children from harmful content and smartphone addiction. When Screen Time blocks an app from working, it becomes grayed out, and clicking on it does nothing unless parents approve a request for more time. Or, at least, it's supposed to work that way. On Reddit and YouTube, kids are sharing tips and tricks that allow them to circumvent Screen Time. They download special software that can exploit Apple security flaws, disabling Screen Time or cracking their parents' passwords. They search for bugs that make it easy to keep using their phones, unbeknown to parents, such as changing the time to trick the system or using iMessage to watch YouTube videos. "These are not rocket science, backdoor, dark Web sort of hacks," said Chris McKenna, founder of the Internet safety group Protect Young Eyes. "It blows me away that Apple hasn't thought through the fact that a persistent middle school boy or girl can bang around and find them."

    Read more of this story at Slashdot.

  6. 40% Of America's Schools Have Now Dropped Their SAT/ACT Testing Requirement - "A record number" of U.S. schools are now accepting nearly all of their students without requiring an SAT or ACT test score, reports the Washington Post: Robert A. Schaeffer, public education director of FairTest, which opposes the misuse of standardized tests, said the past year has seen the "fastest growth spurt ever" of schools ending the SAT/ACT test score as an admission requirement. Over the summer, more than one school a week announced the change. Nearly 50 accredited colleges and universities that award bachelor's degrees announced from September 2018 to September 2019 that they were dropping the admissions requirement for an SAT or ACT score, FairTest said. That brings the number of accredited schools to have done so to 1,050 -- about 40 percent of the total, the nonprofit said. While the test-optional list has some schools with specific missions -- there are religious colleges, music and art conservatories, nursing schools -- it also includes more than half of the top 100 liberal arts colleges on the U.S. News & World Report list, FairTest said. Also on the list are the majority of colleges and universities in Maryland, Pennsylvania, Virginia, the District of Columbia and the six New England states... Research has consistently shown that ACT and SAT scores are strongly linked to family income, mother's education level and race... The University of Chicago, which abandoned the requirement last year, reported in July that its decision, along with an increase in financial aid and outreach, led to a 20 percent increase in first-generation, low-income and rural students and veterans to commit to the school.

    Read more of this story at Slashdot.

  7. Is AT&T Hiding A Widespread Voicemail Outage? - Though people can still leave voicemail messages, "Some AT&T customers say they have not had access to their voicemail since the beginning of October," one local news site reported this week: An AT&T spokesperson sent the following statement to ABC11 about the issue: "We're aware that some customers may be having difficulty retrieving their voicemail due to a vendor server problem. We're in contact with the vendor as they work to fix it and apologize for any inconvenience this may cause." ABC11 received several messages from frustrated AT&T customers. "I have been told multiple times that it would be fixed the same day. Today I was told there is no estimated repair date. I don't know what to do. I am a psychologist and people who have mental health issues call me," one said. "They get my message and leave me a voicemail. There is no indication that I won't be able to access it." "Voicemail is a crucial function on most people's devices. Having it down for weeks is unacceptable," another said. "If they don't fix this issue they will be losing lot of customers. I am been calling daily, but no result." Slashdot reader amxcoder writes today that AT&T eventually cited their vendor's server issue back on October 9th in their help forum, and that in the 11 days since, "the problem appear to be spreading." After contacting Tech Support on October 20th, it appears that Level One tech support is not aware of the problem, and Level Two reports the problem is affecting Alabama, Louisiana, Arkansas, Maryland, Florida, Mississippi, Georgia, Kentucky, North Carolina and Tennessee. However California and possibly other states seem to be affected as well. Because AT&T is being tight-lipped about this outage, even to it's own customers that it is affecting, it's difficult to know how many customers this is impacting. No official statement is being sent to customers, nor are customers being updated on progress or given an ETA on resolving the problem. Some online chatter is wondering if AT&T is trying to keep this "under the radar" as long as they can because of something more nefarious, such as a data breach, hacked servers, or even ransomware. Anyone's guess is a good as another without official public statement from AT&T.

    Read more of this story at Slashdot.

  8. CNBC: Amazon Is Shipping Expired Food - Counterfeits aren't the only problem when shopping on Amazon, reports CNBC. The grocery section is "littered" with expired foods. From baby formula and coffee creamer to beef jerky and granola bars, items are arriving spoiled and well past their sell-by date, Amazon customers say. Interviews with brands, consumers, third-party sellers and consultants all point to loopholes in Amazon's technology and logistics system that allow for expired items to proliferate with little to no accountability. Consumer safety advocates worry that as the marketplace grows, the problem will only get worse... CNBC scanned the site's Grocery & Gourmet category, finding customer complaints about expired hot sauce, beef jerky, granola bars, baby formula and baby food, as well as six-month-old Goldfish crackers and a 360-pack of coffee creamer that arrived with a "rancid smell." A data analytics firm that specializes in the Amazon Marketplace recently analyzed the site's 100 best-selling food products for CNBC and found that at least 40% of sellers had more than five customer complaints about expired goods.... Amazon's spokesperson said the company uses a combination of humans and artificial intelligence to monitor the 22 million-plus pieces of customer feedback received weekly for product quality and safety concerns... Sarah Sorscher of the Center for Science in the Public Interest says Amazon's technology is clearly coming up short. "Expiration dates are a red flag for what else is harder to see," she said. "If you can't do something as basic as check an expiration date, then what else are you missing...? They've chosen to set up a business model where they don't take responsibility for the food that they sell," said Sorscher. "Traditional grocery stores have a lot of products, but they don't put it on the shelf if it's not safe."

    Read more of this story at Slashdot.

  9. Project Trident Ditches BSD For Linux - Project Trident is moving from FreeBSD to Void Linux, reports Its FOSS: According to a later post, the move was motivated by long-standing issues with FreeBSD. These issues include "hardware compatibility, communications standards, or package availability continue to limit Project Trident users". According to a conversation on Telegram, FreeBSD has just updated its build of the Telegram client and it was nine releases behind everyone else. The lead dev of Project Trident, Ken Moore, is also the main developer of the Lumina Desktop. The Lumina Desktop has been on hold for a while because the Project Trident team had to do so much work just to keep their packages updated. (Once they complete the transition to Void Linux, Ken will start working on Lumina again.) After much searching and testing, the Project Trident team decided to use Void Linux as their new base. More from the Project Trident site: It's important to reiterate that Project Trident is a distribution of an existing operating system. Project Trident has never been a stand-alone operating system. The goal of Project Trident is enhancing the usability of an operating system as a graphical workstation through all sorts of means: custom installers, automatic setup routines, graphical utilities, and more... The more we've tested Void Linux, the more impressed we have been. We look forward to working with an operating system that helps Project Trident continue to provide a stable, high-quality graphical desktop experience.

    Read more of this story at Slashdot.

  10. Privacy-Respecting Smart Home System Can Work Offline and Sends Fake Data - A publicly-funded group of designers, artists and privacy experts from Amsterdam have designed a smart home system prototype to "prove it's technically possible to build a privacy respecting smart home while maintaining convenience." Its controller uses an Arduino Nano to disconnect the system from the internet during times when it's not in use. They're building everything on Mozilla's open smart home gateway software. The system's microphone is a separate USB device that can be easily unplugged. For extra security, the devices don't even use wifi to communicate. "The Candle devices offer the advantages of a smart home system -- such as voice control, handy automations and useful insights -- without the downsides of sending your data to the cloud and feeling watched in your own home," explains their blurb for Dutch Design Week, where they're launching their prototypes of trust-worthy smart locks, thermostats, and other Internet of Things devices: Most smart devices promises us an easier life, but they increasingly disappoint; they eavesdrop, share our data with countless third parties, and offer attractive targets to hackers. Candle is different. Your data never leaves your home, all devices work fine without an internet connection, and everything is open source and transparent. One of the group's members is long-time Slashdot reader mrwireless, who shares an interesting observation: Smart homes track everything that happens inside them. For developing teenagers, this makes it more difficult to sneak in a date or break the rules in other subtle ways, which is a normal, healthy part of growing up. Candle is a prototype smart home that tries to mitigate these issue. It has given its sensors the ability to generate fake data for a while. In the future, children could get a monthly fake data allowance. Some of the devices have "skirts", simple fabric covers that can be draped over the devices to hide their screen. If you own a dust sensor, this can be useful if your mother in law comes over and you haven't vacuumed in a while.

    Read more of this story at Slashdot.

  1. No comments yet.
(will not be published)