/.

Subscribe to /. feed /.
News for nerds, stuff that matters
Updated: 1 hour 39 min ago

OnePlus Customers Report Credit Card Fraud After Buying From the Company's Website

15 January 2018 - 6:20pm
If you purchased a OnePlus smartphone recently from the official OnePlus website, you might want to check your transactions to make sure there aren't any you don't recognize. "A poll was posted on the OnePlus forum on Thursday asking users if they had noticed fraudulent charges on their credit cards since purchasing items on the OnePlus site," reports Android Police. "More than 70 respondents confirmed that they had been affected, with the majority saying they had bought from the site within the past 2 months." From the report: A number of FAQs and answers follow, in which OnePlus confirms that only customers who made credit card payments are affected, not those who used PayPal. Apparently, card info isn't stored on the site but is instead sent directly to a "PCI-DSS-compliant payment processing partner" over an encrypted connection. [...] OnePlus goes on to say that intercepting information should be extremely difficult as the site is HTTPS encrypted, but that it is nevertheless carrying out a complete audit. In the meantime, affected customers are advised to contact their credit card companies immediately to get the payments canceled/reversed (called a chargeback). OnePlus will continue to investigate alongside its third-party service providers, and promises to update with its findings as soon as possible. According to infosec firm Fidus, there is actually a brief window in which data could be intercepted. Between entering your card details into the form and hitting 'submit,' the details are apparently hosted on-site, which could give attackers all the time they need to steal those precious digits and head off on a spending spree. Fidus also notes that the company doesn't appear to be PCI-compliant, but that directly contradicts OnePlus' own statement. We'll have to wait until more details emerge before we pass judgment. Here's OnePlus' official statement on the matter: "At OnePlus, we take information privacy extremely seriously. Over the weekend, members of the OnePlus community reported cases of unknown credit card transactions occurring on their credit cards post purchase from oneplus.net. We immediately began to investigate as a matter of urgency, and will keep you updated. This FAQ document will be updated to address questions raised."

Read more of this story at Slashdot.

City-Owned Internet Services Offer Cheaper and More Transparent Pricing, Says Harvard Study

15 January 2018 - 5:43pm
An anonymous reader quotes a report from Ars Technica: Municipal broadband networks generally offer cheaper entry-level prices than private Internet providers, and the city-run networks also make it easier for customers to find out the real price of service, a new study from Harvard University researchers found. Researchers collected advertised prices for entry-level broadband plans -- those meeting the federal standard of at least 25Mbps download and 3Mbps upload speeds -- offered by 40 community-owned ISPs and compared them to advertised prices from private competitors. The report by researchers at the Berkman Klein Center for Internet & Society at Harvard doesn't provide a complete picture of municipal vs. private pricing. But that's largely because data about private ISPs' prices is often more difficult to get than information about municipal network pricing, the report says. In cases where the researchers were able to compare municipal prices to private ISP prices, the city-run networks almost always offered lower prices. This may help explain why the broadband industry has repeatedly fought against the expansion of municipal broadband networks.

Read more of this story at Slashdot.

FDA Approves First Drug Aimed at Women With Inherited Breast Cancer

15 January 2018 - 5:05pm
U.S. regulators have approved the first drug aimed at women with advanced breast cancer caused by an inherited flawed gene. From a report: The Food and Drug Administration on Friday approved AstraZeneca PLC's Lynparza for patients with inherited BRCA gene mutations who have undergone chemotherapy. The drug has been on the market since 2014 for ovarian cancer, and is the first in a new class of medicines called PARP inhibitors to be approved for breast cancer. PARP inhibitors prevent cancer cells from fixing problems in their DNA. Lynparza will cost $13,886 per month without insurance, according to AstraZeneca. The company is offering patients financial assistance.

Read more of this story at Slashdot.

Airbus A380, Once the Future of Aviation, May Cease Production

15 January 2018 - 4:25pm
The days may be numbered for the world's largest passenger aircraft. An anonymous reader shares a report: Airbus, the European aerospace group that makes the A380 superjumbo, said on Monday that it would have to end production of the plane if its only major customer, Emirates, did not order more (Editor's note: the link may be paywalled; alternative source). The admission by John Leahy, the company's chief operating officer, was the latest indication that Airbus miscalculated more than two decades ago when it bet that clogged runways would create demand for larger planes that could deliver more people with fewer landing slots. Instead, airlines bypassed the major hubs and ordered midsize planes that could fly directly between regional airports. [...] When Airbus started delivering the A380 a decade ago, after spending $25 billion to develop it, the company based near Toulouse, France, saw the plane as the solution to airport congestion and to increased demand for air travel. Only so many planes can land at an airport in any given day, so Airbus reasoned that planes carrying more people would allow airports to absorb more passengers. The A380 can carry more than 500 passengers while also offering amenities like showers, first-class suites and a bar.

Read more of this story at Slashdot.

Mozilla Tests Firefox 'Tab Warming'

15 January 2018 - 3:45pm
Catalin Cimpanu, reporting for BleepingComputer: Mozilla is currently testing a new feature called "Tab Warming" that engineers hope will improve the tab switching process. According to a description of the feature, Tab Warming will watch the user's mouse cursor and start "painting" content inside a tab whenever the user hovers his mouse over one. Firefox will do this on the assumption the user wants to click and switch to view that tab and will want to keep a pre-rendered tab on hand if this occurs. "Those precious milliseconds are used to do the rendering and uploading, so that when the click event finally comes, the [tab] is ready and waiting for you," said Mike Conley, one of the Firefox engineers who worked on this feature.

Read more of this story at Slashdot.

Canadian Charged With Running LeakedSource.com, Selling Stolen Info

15 January 2018 - 3:05pm
A Canadian man accused of operating the LeakedSource.com website, a major repository of stolen online credentials, has been arrested and charged with trafficking in billions of stolen personal identity records, the Royal Canadian Mounted Police (RCMP) said on Monday. From a report: The site, which was shut down in early 2017, had collected details from a string of major breaches and made them accessible and searchable for a fee. The man, 27-year-old Jordan Evan Bloom, is due to appear in a Toronto court on Monday to hear charges that as administrator of the site he collected some C$247,000 from the sale of stolen records and associated passwords.

Read more of this story at Slashdot.

Google Brings Map Service Back To China

15 January 2018 - 2:22pm
Google has relaunched its map service in China after an eight-year absence, signaling a new era of cooperation between the American internet giant and local partners in fields such as artificial intelligence, reports Nikkei. From the report: Chinese netizens hailed the revival of Google Maps on Monday as the American company's great return to China, where its trademark search and other services have been unavailable since 2010. While Google began offering a translation app for Chinese smartphones in March 2017, the map service reaches far more users as one of Google's best-known offerings. The company has set up a China-specific version of the Google Maps website and introduced a map app for Chinese iPhones. But when users of the app attempt to use its navigation features, they are automatically transferred to an app from AutoNavi, a mapping company owned by Chinese internet leader Alibaba Group Holding.

Read more of this story at Slashdot.

Researchers Find That One Person Likely Drove Bitcoin From $150 to $1,000

15 January 2018 - 1:49pm
An anonymous reader shares a report: Researchers Neil Gandal, JT Hamrick, Tyler Moore, and Tali Oberman have written a fascinating paper on Bitcoin price manipulation. Entitled "Price Manipulation in the Bitcoin Ecosystem" and appearing in the recent issue of the Journal of Monetary Economics the paper describes to what degree the Bitcoin ecosystem is controlled by bad actors. To many it's been obvious that the Bitcoin markets are, at the very least, being manipulated by one or two big players. "This paper identifies and analyzes the impact of suspicious trading activity on the Mt. Gox Bitcoin currency exchange, in which approximately 600,000 bitcoins (BTC) valued at $188 million were fraudulently acquired," the researchers wrote. "During both periods, the USD-BTC exchange rate rose by an average of four percent on days when suspicious trades took place, compared to a slight decline on days without suspicious activity. Based on rigorous analysis with extensive robustness checks, the paper demonstrates that the suspicious trading activity likely caused the unprecedented spike in the USD-BTC exchange rate in late 2013, when the rate jumped from around $150 to more than $1,000 in two months." The team found that many instances of price manipulation happened simply because the market was very thin for various cryptocurrencies including early Bitcoin.

Read more of this story at Slashdot.

Ford is Throwing $11 Billion at Its Electric Car Problem

15 January 2018 - 1:05pm
Ford said on Monday it will boost its investment in electric vehicles to $11 billion in the next five years, more than doubling a previous commitment. Company's chairman Bill Ford said the car maker would have 40 hybrid and fully electric vehicles in its range by the same period. It comes as countries around the world put more pressure on car makers to rein in carbon emissions. From a report: It was a dramatic escalation in Ford's crosstown rivalry with General Motors, which has seen its stock prices rise thanks to its commitments to both electrification and autonomy. GM has said it plans to roll out at least 20 new electric cars by 2023, a goal that puts it in a position to bring battery-powered driving to the mainstream. Last week, it unveiled a concept autonomous car without steering wheel or pedals. Meanwhile, the Blue Oval has had a challenging 2017. It remains strongly profitable, but its sale are stagnant, its costs have increased faster than expected, and its margins have failed to meet targets.

Read more of this story at Slashdot.

Lenovo Discovers and Removes Backdoor In Networking Switches

15 January 2018 - 12:29pm
An anonymous reader writes: Lenovo engineers have discovered a backdoor in the firmware of RackSwitch and BladeCenter networking switches. The company released firmware updates last week. The Chinese company said it found the backdoor after an internal security audit of firmware for products added to its portfolio following the acquisitions of other companies. Lenovo says the backdoor affects only RackSwitch and BladeCenter switches running ENOS (Enterprise Network Operating System). The backdoor was added to ENOS in 2004 when ENOS was maintained by Nortel's Blade Server Switch Business Unit (BSSBU). Lenovo claims Nortel appears to have authorized the addition of the backdoor "at the request of a BSSBU OEM customer." In a security advisory regarding this issue, Lenovo refers to the backdoor under the name of "HP backdoor." The backdoor code appears to have remained in the firmware even after Nortel spun BSSBU off in 2006 as BLADE Network Technologies (BNT). The backdoor also remained in the code even after IBM acquired BNT in 2010. Lenovo bought IBM's BNT portfolio in 2014.

Read more of this story at Slashdot.

Cryptocurrency Traders in South Korea Face Fines For Virtual Accounts

15 January 2018 - 11:47am
An anonymous reader shares a report: Cryptocurrency investors in South Korea will be fined for refusing to convert their virtual accounts into real-name ones, financial authorities said Sunday. The move comes as South Korea is scrambling to rein in the virtual currency frenzy in Asia's fourth-largest economy, including preparations for a bill to ban cryptocurrency exchanges at home. According to the authorities, cryptocurrency traders will be allowed to convert their virtual accounts into real-name ones within this month, but those who refuse to accede to real-name identification will face fines.

Read more of this story at Slashdot.

India To Add Facial Authentication For Its Aadhaar Card Security

15 January 2018 - 11:12am
India will build facial recognition into its national identity card in addition to fingerprints after a series of breaches in the world's biggest biometric identification programme, the government said on Monday. From a report: A local newspaper reported this month that access to the "Aadhaar" database which has identity details of more than 1 billion citizens was being sold for just $8 on social media. The Unique Identification Authority of India (UIDAI), which issues the identity cards, said it would add face recognition software as an additional layer of security from July. Card holders will be required to match their photographs with that stored in the data base for authentication in addition to fingerprints and iris scans, the agency said in a statement.

Read more of this story at Slashdot.

Why Uber Can Find You but 911 Can't

15 January 2018 - 10:32am
Accurate location data is on smartphones, so why don't more wireless carriers use it to locate emergency callers? From a report, shared by a reader: Software on Apple's iPhones and Google's Android smartphones help mobile apps like Uber and Facebook to pinpoint a user's location, making it possible to order a car, check in at a local restaurant or receive targeted advertising. But 911, with a far more pressing purpose, is stuck in the past. U.S. regulators estimate as many as 10,000 lives could be saved each year if the 911 emergency dispatching system were able to get to callers one minute faster. Better technology would be especially helpful, regulators say, when a caller can't speak or identify his or her location. After years of pressure, wireless carriers and Silicon Valley companies are finally starting to work together to solve the problem. But progress has been slow. Roughly 80% of the 240 million calls to 911 each year are made using cellphones, according to a trade group that represents first responders. For landlines, the system shows a telephone's exact address. But it can register only an estimated location, sometimes hundreds of yards wide, from a cellphone call. That frustration is now a frequent source of tension during 911 calls, said Colleen Eyman, who oversees 911 services in Arvada, Colo., just outside Denver.

Read more of this story at Slashdot.

AI Beats Humans at Reading Comprehension

15 January 2018 - 9:55am
In what is being called a landmark moment for natural language processing, Alibaba and Microsoft have developed AIs that can outperform humans on a reading and comprehension test. From a report: Alibaba Group put its deep neural network model through its paces last week, asking the AI to provide exact answers to more than 100,000 questions comprising a quiz that's considered one of the world's most authoritative machine-reading gauges. The model developed by Alibaba's Institute of Data Science of Technologies scored 82.44, edging past the 82.304 that rival humans achieved. Alibaba said it's the first time a machine has out-done a real person in such a contest. Microsoft achieved a similar feat, scoring 82.650 on the same test, but those results were finalized a day after Alibaba's, the company said.

Read more of this story at Slashdot.

The Tech Failings of Hawaii's Missile Alert

15 January 2018 - 9:10am
Over the weekend, Hawaii incorrectly warned citizens of a missile attack via their phones. According to The Washington Post, the error was a result of a staffer picking the wrong option -- missile alert instead of test missile alert -- from a drop down software menu. Hawaiian officials say they have already changed protocols to avoid a repeat of the scenario. The report goes on to add: Part of what worsened the situation Saturday was that there was no system in place at the state emergency agency for correcting the error, HEMA (Hawaii Emergency Management Agency) spokesman Richard Rapoza said. The state agency had standing permission through FEMA to use civil warning systems to send out the missile alert -- but not to send out a subsequent false alarm alert, he said. Though the Hawaii Emergency Management Agency posted a follow-up tweet at 8:20 a.m. saying there was "NO missile threat," it wouldn't be until 8:45 a.m. that a subsequent cellphone alert was sent telling people to stand down. Motherboard notes that new regulations require telecom companies to offer a testing system for local and state alert originators, but because of lobbying by Verizon and CTIA, this specific regulation does not go into effect until March 2019. In a piece, The Atlantic argues that the 90-character messages sent by the system aren't suited to the way we use our devices.

Read more of this story at Slashdot.

Which JavaScript Framework is the Most Popular?

15 January 2018 - 7:34am
An anonymous reader quotes InfoWorld's report on which JavaScript frameworks are the most widely-used: In a study of 28-day download cycles for front-end JavaScript frameworks, NPM, which oversees the popular JavaScript package registry, found that React has been on a steady upward trajectory; it now accounts for about 0.05 percent of the registry's 13 billion downloads per month as of the fourth quarter of 2017. Web developers as well as desktop and mobile developers are adopting the library and it has spawned an ecosystem of related packages. Preact, a lightweight alternative to React, also has seen growth and could become a force in the future. On the down side, Backbone, which accounted for almost 0.1 percent of all downloads in 2013, now comprises only about 0.005 percent of downloads (about 750,000 per month). Backbone has declined steeply but is kept afloat by the long shelf life of projects using it, NPM reasoned. The jQuery JavaScript library also remains popular but has experienced decreasing interest. Angular, the Google-developed JavaScript framework, was the second-most-popular framework behind React, when combining the original Angular 1.x with the rewritten Angular 2.x. Version 1.x was at about 0.0125 percent of downloads last month while version 2.x was at about 0.02 percent. Still, Angular as a whole is showing just modest growth. They also report that the four JavaScript frameworks with the fastest growth rates for 2017 were Preact, Vue, React, and Ember. But for back end services written in JavaScript, npm reports that Express "is the overwhelmingly dominant solution... The next four biggest frameworks are so small relative to Express that it's hard to even see them."

Read more of this story at Slashdot.

'Don't Fear the Robopocalypse': the Case for Autonomous Weapons

15 January 2018 - 4:39am
Lasrick shares "Don't fear the robopocalypse," an interview from the Bulletin of the Atomic Scientists with the former Army Ranger who led the team that established the U.S. Defense Department policy on autonomous weapons (and has written the upcoming book Army of None: Autonomous Weapons and the Future of War). Paul Scharre makes the case for uninhabited vehicles, robot teammates, and maybe even an outer perimeter of robotic sentries (and, for mobile troops, "a cloud of air and ground robotic systems"). But he also argues that "In general, we should strive to keep humans involved in the lethal force decision-making process as much as is feasible. What exactly that looks like in practice, I honestly don't know." So does that mean he thinks we'll eventually see the deployment of fully autonomous weapons in combat? I think it's very hard to imagine a world where you physically take the capacity out of the hands of rogue regimes... The technology is so ubiquitous that a reasonably competent programmer could build a crude autonomous weapon in their garage. The idea of putting some kind of nonproliferation regime in place that actually keeps the underlying technology out of the hands of people -- it just seems really naive and not very realistic. I think in that kind of world, you have to anticipate that there are, at a minimum, going to be uses by terrorists and rogue regimes. I think it's more of an open question whether we cross the threshold into a world where nation-states are using them on a large scale. And if so, I think it's worth asking, what do we mean by"them"? What degree of autonomy? There are automated defensive systems that I would characterize as human-supervised autonomous weapons -- where a human is on the loop and supervising its operation -- in use by at least 30 countries today. They've been in use for decades and really seem to have not brought about the robopocalypse or anything. I'm not sure that those [systems] are particularly problematic. In fact, one could see them as being even more beneficial and valuable in an age when things like robot swarming and cooperative autonomy become more possible.

Read more of this story at Slashdot.

City of Barcelona Dumps Windows For Linux and Open Source Software

15 January 2018 - 12:39am
An anonymous reader quotes Open Source Observatory: The City of Barcelona is migrating its computer systems away from the Windows platform, reports the Spanish newspaper El País. The City's strategy is first to replace all user applications with open-source alternatives, until the underlying Windows operating system is the only proprietary software remaining. In a final step, the operating system will be replaced with Linux... According to Francesca Bria, the Commissioner of Technology and Digital Innovation at the City Council, the transition will be completed before the current administration's mandate ends in spring 2019. For starters, the Outlook mail client and Exchange Server will be replaced with Open-Xchange. In a similar fashion, Internet Explorer and Office will be replaced with Firefox and LibreOffice, respectively. The Linux distribution eventually used will probably be Ubuntu, since the City of Barcelona is already running 1,000 Ubuntu-based desktops as part of a pilot... Barcelona is the first municipality to have joined the European campaign 'Public Money, Public Code'. This campaign is an initiative of the Free Software Foundation Europe (FSFE) and revolves around an open letter advocating that publicly funded software should be free. Currently, this call to public agencies is supported by more than 100 organisations and almost 15,000 individuals. With the new open-source strategy, Barcelona's City Council aims to avoid spending large amounts of money on licence-based software and to reduce its dependence on proprietary suppliers through contracts that in some cases have been closed for decades.

Read more of this story at Slashdot.

California Will Close Its Last Nuclear Power Plant

14 January 2018 - 11:09pm
An anonymous reader quotes the San Francisco Chronicle: California's last nuclear power plant -- Diablo Canyon, whose contentious birth helped shape the modern environmental movement -- will close in 2025, state utility regulators decided Thursday. The unanimous vote by the California Public Utilities Commission will likely bring an end to nuclear energy's long history in the state. State law forbids building more nuclear plants in California until the federal government creates a long-term solution for dealing with their waste, a goal that remains elusive despite decades of effort. The decision comes even as California expands its fight against global warming. Owned by Pacific Gas and Electric Co., Diablo Canyon is the state's largest power plant, supplying 9 percent of California's electricity while producing no greenhouse gases. "With this decision, we chart a new energy future by phasing out nuclear power here in California," said commission President Michael Picker. "We've looked hard at all the arguments, and we agree the time has come."

Read more of this story at Slashdot.

Hackers Hijack DNS For Lumens Cryptocurrency Site 'BlackWallet', Steal $400,000

14 January 2018 - 9:39pm
An anonymous reader quotes BleepingComputer: Unknown hackers (or hacker) have hijacked the DNS server for BlackWallet.co, a web-based wallet application for the Stellar Lumen cryptocurrency (XLM), and have stolen over $400,000 from users' accounts. The attack happened late Saturday afternoon (UTC timezone), January 13, when the attackers hijacked the DNS entry of the BlackWallet.co domain and redirected it to their own server. "The DNS hijack of Blackwallet injected code," said Kevin Beaumont, a security researcher who analyzed the code before the BlackWallet team regained access over their domain and took down the site. "If you had over 20 Lumens it pushes them to a different wallet," Beaumont added... According to Bleeping Computer's calculations, as of writing, the attacker collected 669,920 Lumens, which is about $400,192 at the current XML/USD exchange rate. The BlackWallet team and other XLM owners have tried to warn users via alerts on Reddit, Twitter, GitHub, the Stellar Community and GalacticTalk forums, but to no avail, as users continued to log into the rogue BlackWallet.co domain, enter their credentials, and then see funds mysteriously vanish from their wallets.

Read more of this story at Slashdot.

Pages