Slashdot

Subscribe to Slashdot feed Slashdot
News for nerds, stuff that matters
Updated: 9 min 28 sec ago

AMD Unveils the World's Most Powerful Desktop CPUs

Sun, 11/10/2019 - 3:34am
ZDNet reports: In the never ending war between the chip giants, AMD has released a salvo by unveiling what are the world's most powerful desktop processors -- the new 24-core AMD Ryzen Threadripper 3960X and 32-core AMD Ryzen Threadripper 3970X... These 3rd-generation Ryzen Threadripper Processors are built using AMD's 7-nanometer "Zen 2" core architecture, and both chips feature 88 PCIe 4.0 lanes with extraordinary power efficiency. On the performanced front, AMD claims that the new 32-core Ryzen Threadripper 3970X offers up to 90 percent faster performance over the competition... This performance doesn't mean the chips are power-hungry either, with AMD claiming they deliver up to 66 percent better power efficiency compared to previous generation processors. The new chips do, however, need a new socket. The new socket is called sTRX4, which offers expansion for serious multi-GPU and NVMe arrays, quad channel DDR4, ECC support, and unlocked overclocking.... [T]hey both will be available starting Tuesday, November 19. Engadget reports: After getting some wins against Intel in the desktop enthusiast processor race, AMD is trying to run up the score with its latest model, the Ryzen 9 3950X. It has 16 cores/32 threads, a 3.5 Ghz base clock with up to 4.7 GHz boost (on two cores) and 105 watt power consumption (TDP), and costs $749, compared to $1,199 for Intel's 12-core i9-9920X. At the same time, AMD claims it outperforms the i9-9920X in gaming and even more so for content creation, where those extra cores can be best exploited. According to the company, it'll do some Adobe Premiere tasks up to 26 percent quicker than an i9-9920X, and 42 percent faster than an 8-core i9-9900K. Better still, the Ryzen 9 3950X delivers 2.34 times more performance per watt than its Intel counterpart, and consumes 173W of absolute wall power compared to 304W for the i9-9920X. The power figures alone could be decisive for creators who run multiple workstations for 3D animation and rendering... If $749 is $700 too much, AMD has another option -- the Athlon 3000G. The dual-core processor runs at 3.5Ghz, but AMD said it's "the only unlocked option in its segment," meaning you can push it to around 3.9Ghz. That'll boost its performance ahead of Intel's $73 Pentium G5400, AMD said. The Athlon 3000G will arrive November 19th for $49.

Read more of this story at Slashdot.

The Dangers of 'Black Box' AI

Sun, 11/10/2019 - 12:34am
PC Magazine recently interviewed Janelle Shane, the optics research scientist and AI experimenter who authored the new book "You Look Like a Thing and I Love You: How Artificial Intelligence Works and Why It's Making the World a Weirder Place." At one point Shane explains why any "black box" AI can be a problem: I think ethics in AI does have to include some recognition that AIs generally don't tell us when they've arrived at their answers via problematic methods. Usually, all we see is the final decision, and some people have been tempted to take the decision as unbiased just because a machine was involved. I think ethical use of AI is going to have to involve examining AI's decisions. If we can't look inside the black box, at least we can run statistics on the AI's decisions and look for systematic problems or weird glitches... There are some researchers already running statistics on some high-profile algorithms, but the people who build these algorithms have the responsibility to do some due diligence on their own work. This is in addition to being more ethical about whether a particular algorithm should be built at all... [T]here are applications where we want weird, non-human behavior. And then there are applications where we would really rather avoid weirdness. Unfortunately, when you use machine-learning algorithms, where you don't tell them exactly how to solve a particular problem, there can be weird quirks buried in the strategies they choose. Describing a kind of worst-case scenario, Shane contributed to the New York Times "Op-Eds From the Future" series, channeling a behavioral ecologist in the year 2031 defending "the feral scooters of Central Park" that humanity had been co-existing with for a decade. But in the interview, she remains skeptical that we'll ever acheive real and fully-autonomous self-driving vehicles: It's much easier to make an AI that follows roads and obeys traffic rules than it is to make an AI that avoids weird glitches. It's exactly that problem -- that there's so much variety in the real world, and so many strange things that happen, that AIs can't have seen it all during training. Humans are relatively good at using their knowledge of the world to adapt to new circumstances, but AIs are much more limited, and tend to be terrible at it. On the other hand, AIs are much better at driving consistently than humans are. Will there be some point at which AI consistency outweighs the weird glitches, and our insurance companies start incentivizing us to use self-driving cars? Or will the thought of the glitches be too scary? I'm not sure. Shane trained a neural network on 162,000 Slashdot headlines back in 2017, coming up with alternate reality-style headlines like "Microsoft To Develop Programming Law" and "More Pong Users for Kernel Project." Reached for comment this week, Shane described what may be the greatest danger from AI today. "For the foreseeable future, we don't have to worry about AI being smart enough to have its own thoughts and goals. "Instead, the danger is that we think that AI is smarter than it is, and put too much trust in its decisions."

Read more of this story at Slashdot.

Do You Remember MIDI Music Files?

Sat, 11/09/2019 - 9:34pm
A new article at Motherboard remembers when the MIDI file format became the main way music was shared on the internet "for an incredibly short but memorable period of time..." [I]n the hunt for additional features, the two primary developers of web browsers during the era -- Microsoft and Netscape -- added functionality that made audio files accessible when loading websites, whether as background music or as embedded files with a dedicated player. Either way, it was one of the earliest examples of a plug-in that much of the public ran into -- even before Flash. In particular, Microsoft's Internet Explorer supported it as far back as version 1.0, while Netscape Navigator supported it with the use of a plug-in and added native support starting in version 3.0. There was a period, during the peak of the Geocities era, where loading a website with a MIDI file was a common occurrence. When Geocities was shut down in 2019, the MIDI files found on various websites during that time were collected by The Archive Team. The Internet Archive includes more than 51,000 files in The Geocities MIDI Collection. The list of songs, which can be seen here, is very much a time capsule to a specific era. Have a favorite song from 1998? Search for it in here, sans spaces, and you'll probably find it...! They sound like a musical time capsule, and evoke memories of a specific time for many web surfers of the era. "Even in an age of high-quality MP3s, the chintzy sounds of MIDI files resonate on the Web," writer Douglas Wolk wrote for Spin in 2000, immediately adding the reason: "They play on just about anything smarter than a Tupperware bowl, and they're also very small...." The thing that often gets lost with these compositions of popular songs done in MIDI format is that they're often done by people, either for purposes of running a sound bank (which might come in handy, for example, with karaoke), or by amateurs trying to recreate the songs they enjoy or heard on the radio.... [I]ts moment in the sun reflected its utility during a period of time when the demand for multimedia content from the internet was growing -- but the ability for computers to offer it up in a full-fat format was limited. (Stupid modems....) MIDI is very much not dead -- far from it. Its great strength is the fact that a MIDI-supporting iPad can communicate with some of the earliest MIDI-supporting devices, such as the Commodore 64. Using a browser plugin called Jazz-Plugin, their writer even re-discovered John Roache's Ragtime MIDI Library. "[I]t occurred to me that I should spend more time writing about one of the things that makes the Web so special -- labors of love. Unlike any medium before it, the Web gives people with unusual talents and interests a chance to share their passions with fellow enthusiasts -- and with folks like me who just happen to drop by."

Read more of this story at Slashdot.

6 In 10 Websites May Be Impacted by jQuery XSS Vulnerabilities

Sat, 11/09/2019 - 7:34pm
"Although the JavaScript library jQuery is no longer as popular as it was, it is still widely used. As a result at least six in ten websites are impacted by jQuery XSS vulnerabilities," reports I Programmer: Even more security issues are introduced by the jQuery libraries used to extend jQuery's capabilities. These findings come from open source security platform, Snyk and are included in "The state of JavaScript frameworks security report 2019". While this report is mainly devoted to a security review of the two leading JavaScript frameworks, Angular and React, it takes a "sneak peek" into the security vulnerabilities in three other frontend JavaScript ecosystem projects - Vue.js, Bootstrap and jQuery. jQuery was downloaded more than 120 million times in the last 12 months, which is equivalent to the number of downloads for Vue.js (40 million) and Bootstrap (79 million) combined. Snyk reports that four vulnerabilities had been found for Vue.js, all of which have been fixed. Bootstrap contained seven cross-site scripting (XSS) vulnerabilities. Three of these were disclosed in 2019 and there are no security fixes or upgrade paths to avoid them. In the case of jQuery, Snyk tracked six security vulnerabilities affecting jQuery across all of its releases to date. Four are medium severity Cross-Site Scripting vulnerabilities, one is a medium severity Prototype Pollution vulnerability, and the final one is a low severity Denial of Service vulnerability. The report concludes that unless you are using jQuery 3.4.0 and above then you are using vulnerable jQuery versions.

Read more of this story at Slashdot.

Ask Slashdot: Are There Storage Devices With Hardware Compression Built In?

Sat, 11/09/2019 - 6:34pm
Slashdot reader dryriver writes: Using a compressed disk drive or hard drive has been possible for decades now. But when you do this in software or the operating system, the CPU does the compressing and decompressing. Are there any hard drives or SSDs that can work compressed using their own built in hardware for this? I'm not talking about realtime video compression using a hardware CODEC chip -- this does exist and is used -- but rather a storage medium that compresses every possible type of file using its own compression and decompression realtime hardware without a significant speed hit. Leave your best thoughts and suggestions in the comments. Are there storage devices with hardware compressiong built in?

Read more of this story at Slashdot.

NPM Adds Command-Line Option To Help Fund Open-Source Coders

Sat, 11/09/2019 - 5:49pm
"Despite its own solvency concerns, NPM Inc on Tuesday deployed code changes that add a 'funding' command to the latest version of the npm command-line tool, namely v6.13.0," reports the Register: Henceforth, developers creating packages for the JavaScript runtime environment Node.js can declare metadata that describes where would-be donors can go to offer financial support. Doing so involves adding a funding field to package.json, a file that lists various module settings and dependencies. The funding field should be a URL that points to an online funding service, like Patreon, or payment-accepting website.... In a phone interview with The Register, NPM Inc co-founder and co-CTO Isaac Schlueter said: "The problem we're solving is open source projects need funding and there are very few ways people can get that information in front of people using their code...." Schlueter allowed that NPM Inc's funding mechanism may reward good marketers more than it rewards good developers. But he believes it will work against that. "One thing nice about this approach is that it does take some of the marketing skill out of the equation," he said. "Because all you really have to do is set up a payment URL and then put that in your packages. You don't have to craft the message expertly, you'll show up on that list at the end of the install." "At the end of August, we made a promise to the community to invest time & effort to better support package maintainers," explains an announcement on the NPM blog. "This work is just the first, small step toward creating a means/mechanism for a more sustainable open source development ecosystem."

Read more of this story at Slashdot.

Boeing's Poor Information Security Threatens Passenger Safety, National Security, Says Researcher

Sat, 11/09/2019 - 4:34pm
itwbennett writes: Security researcher Chris Kubecka has identified (and reported to Boeing and the Department of Homeland Security back in August) a number of security vulnerabilities in Boeing's networks, email system, and website. "[T]he company's failure to remedy the security failures she reported demonstrate either an unwillingness or inability to take responsibility for their information security," writes JM Porup for CSO online. The vulnerabilities include a publicly exposed test developer network, a lack of encryption on the boeing.com website, failure to use DMARC for email security, and, perhaps most notably, an email server infected with malware. For its part, Boeing says that the vulnerabilities Kubecka reported are "common IT vulnerabilities — the type of cyber-hygiene issues thousands of companies confront every day" and that the company has "no indication of a compromise in any aviation system or product that Boeing produces." What Porup's reporting and Kubecka's research clearly shows, however, is how poor information security practices can become aviation security risks.

Read more of this story at Slashdot.

Python Finally Overtakes Java on GitHub

Sat, 11/09/2019 - 3:34pm
"The hit programming language Python has climbed over once-dominant Java to become the second most popular language on Microsoft-owned open-source code-sharing site GitHub," reports ZDNet: Python now outranks Java based on the number of repository contributors, and by that metric Python is now second only to JavaScript, which has been in top spot since 2014, according to GitHub's 'State of the Octoverse' report for 2019... Another interesting aspect of GitHub's report is its ranking of fastest-growing languages. Google's Dart programming language and Flutter, for building UIs for iOS and Android apps, are getting major traction with developers on GitHub. Dart was the fastest-growing language between 2018 and 2019, with usage up a massive 532%. It was followed by the Mozilla-developed Rust, which grew a respectable 235%. Microsoft is experimenting with Rust in its Windows code base because it was designed to address memory-related security bugs -- the dominant flaw-type in Microsoft software over the past decade. Last year Kotlin, the Google-endorsed programming language for Android app development, was the fastest-growing language on GitHub. It's not a top-10 language yet, but it still grew 182% over the year. Microsoft-backed TypeScript, its superset of JavaScript, is also growing fast, up 161% over the past year as more developers use it to grapple with large-scale JavaScript apps. Other languages making up the top 10 fastest-growing category are HCL, PowerShell, Apex, Python, Assembly, and Go.

Read more of this story at Slashdot.

AI Cracks Centuries-Old 'Three Body Problem' In Under a Second

Sat, 11/09/2019 - 2:34pm
Long-time Slashdot reader taiwanjohn shared this article from Live Science: The mind-bending calculations required to predict how three heavenly bodies orbit each other have baffled physicists since the time of Sir Isaac Newton. Now artificial intelligence (A.I.) has shown that it can solve the problem in a fraction of the time required by previous approaches. Newton was the first to formulate the problem in the 17th century, but finding a simple way to solve it has proved incredibly difficult. The gravitational interactions between three celestial objects like planets, stars and moons result in a chaotic system -- one that is complex and highly sensitive to the starting positions of each body. Current approaches to solving these problems involve using software that can take weeks or even months to complete calculations. So researchers decided to see if a neural network -- a type of pattern recognizing A.I. that loosely mimics how the brain works -- could do better. The algorithm they built provided accurate solutions up to 100 million times faster than the most advanced software program, known as Brutus. That could prove invaluable to astronomers trying to understand things like the behavior of star clusters and the broader evolution of the universe, said Chris Foley, a biostatistician at the University of Cambridge and co-author of a paper to the arXiv database, which has yet to be peer-reviewed.

Read more of this story at Slashdot.

Acetaminophen In Pregnancy May Be Linked To Higher Risk of ADHD, Autism

Sat, 11/09/2019 - 1:34pm
schwit1 tipped us off to an interesting new study. Newsweek reports: Babies of women who took acetaminophen -- a common painkiller marketed in the U.S. under the brand name Tylenol -- near the end of pregnancy had a higher likelihood of being diagnosed with autism spectrum disorders or with attention deficit hyperactivity disorder (ADHD), according to a study published in JAMA Psychiatry. The study, conducted by researchers from the Johns Hopkins University Bloomberg School of Public Health, cross referenced blood samples taken from the mother after the baby's birth and samples taken from the babies' umbilical cords, which were used to assess how much acetaminophen the mother had ingested. A mother-to-be who takes Tylenol during their pregnancy is liable to have some of the medication reach a developing fetus, as the drug has been demonstrated to cross the placenta, according to United Press International (UPI). The children involved in the study were reexamined when they were around 10 years old. Researchers found that those children whose umbilical cords had contained higher levels of acetaminophen were significantly more likely to have an autism spectrum disorder or ADHD than the children who did not appear to have been exposed to acetaminophen in utero. According to UPI's analysis of the findings, "the odds of these developmental disorders were more than twice as high in children exposed to acetaminophen near the time of birth. The association was strongest between exposure to acetaminophen and ADHD in the child."

Read more of this story at Slashdot.

'Is Eating Red Meat OK, After All? Probably Not'

Sat, 11/09/2019 - 12:34pm
Remember last month when "an international collaboration of researchers" suggested there was no reason to reduce consumption of red meat? Here's a response from Frank Hu, chairman of the Nutrition Department at the Harvard T.H. Chan School of Public Health: The recent guidelines published in the Annals of Internal Medicine should not change existing recommendations on healthy and balanced eating patterns for the prevention of chronic diseases. Guidance to reduce red and processed meats is based on a large body of evidence indicating that higher consumption of red meat -- especially processed red meat -- is associated with higher risk of Type 2 diabetes, cardiovascular disease, certain types of cancers, and premature death. While this guidance is supported by both national and international organizations, including the American Heart Association, American Cancer Society, and the World Health Organization, consumers should know that the new guidelines were released by a self-selected panel of 14 members. Furthermore, when my colleagues and I closely reviewed the studies informing the panel's decision, we saw that their findings contradicted their guidance. In short, the three meta-analyses of observational studies actually confirmed existing evidence on the potential for health benefits when cutting back on red and processed meats. However, because they based their analysis on a measure of three servings of red meat per week, the effects of an individual reducing consumption appeared small. But if you consider that about a third of U.S. adults eat one serving or more of red meat each day, the potential health benefits of reducing consumption become much greater... [N]utrition research is complex, and rarely do [its findings] reverse so abruptly. That's why it's so important to look beyond the headlines at the quality of the evidence behind the claims. Still, the publication of these new guidelines in such a prominent medical journal is unfortunate as it risks further harm to the credibility of nutrition science, eroding public trust in research as well as the recommendations they ultimately inform.

Read more of this story at Slashdot.

Scammers Are Actively Exploiting A Firefox Bug

Sat, 11/09/2019 - 11:34am
Long-time Slashdot reader slack_justyb shares this story from Ars Technica: Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked... The message then advises the person to call a toll-free number in the next five minutes or face having the computer disabled... Jérôme Segura, head of threat intelligence at security provider Malwarebytes, said the Firefox bug is being exploited by several sites... On Monday, Segura reported the bug to the Bugzilla forum. He said he has since received word Mozilla is actively working on a fix. In a statement sent seven hours after this post went live, a Mozilla representative wrote: "We are working on a fix to the authentication prompt bug that we expect to land in the next couple of releases (either in Firefox 71 or 72)."

Read more of this story at Slashdot.

What Shape Is the Universe? A New Study Suggests We've Got It All Wrong

Sat, 11/09/2019 - 10:34am
An anonymous reader quotes Quanta magazine: A provocative paper published in the journal Nature Astronomy argues that the universe may curve around and close in on itself like a sphere, rather than lying flat like a sheet of paper as the standard theory of cosmology predicts. The authors reanalyzed a major cosmological data set and concluded that the data favors a closed universe with 99% certainty — even as other evidence suggests the universe is flat.

Read more of this story at Slashdot.

Singapore Wants To Become an Asian Hub For Virtual Banks

Sat, 11/09/2019 - 8:00am
An anonymous reader quotes a report from Bloomberg: Singapore's welcome mat to virtual banks is going beyond its own shores. The island nation wants to become a regional hub for technology firms with advanced data expertise, said Ravi Menon, managing director of the Monetary Authority of Singapore. Doing so would improve banking services at home and in other parts of Southeast Asia, he said. "Singapore wants to be a base for these players as they grow in the region," Menon, who has led the financial regulator since 2011, said in a recent interview. "And that means anchoring them here at the early stage of their development, and allowing them access to the domestic banking market. Singapore's traditional incumbents likeDBS Group Holdings Ltd., Oversea-Chinese Banking Corp. and United Overseas Bank Ltd. already provide digital services through mobile phones and other channels. Still, more can be done by technology firms, according to Menon. "Some of these other players use a range of other data to make very quick assessments and are able to disburse these loans in a very short space of time," Menon said. "Those kinds of things are not met adequately or as easily, or it would require tremendous additional cost or effort on the part of traditional banks." Menon said he expects non-financial firms to work with traditional banks through joint ventures and other combinations. "As with all competition, you will see some consolidation taking place, some creative destruction taking place," Menon said. "What's most important for us as policy makers is to make sure that the consumer benefits." .

Read more of this story at Slashdot.

WeWork Says It Will Divest All 'Non-Core' Businesses

Sat, 11/09/2019 - 5:00am
WeWork released Friday a "90-day game plan" that details sweeping changes to its businesses, including a divestiture of all "non-core businesses" and a reduction in headcount. CNBC reports: The changes are detailed in a nearly 50-page presentation, which was first put together in October as part of a pitch to investors, but was made public on Friday. WeWork said it plans to divest several of its side ventures, including content marketing platform Conductor, women-focused co-working start-up The Wing, office management platform Managed by Q, Meetup, real estate-focused start-up SpaceIQ, workplace software company Teem and Wave Garden, a maker of wave pools. The company expects job cuts to occur across its ventures, G&A and growth-related functions, but said the community teams, which oversee WeWork's physical locations, will not be impacted as a result of the move. WeWork plans to focus on the core office-sharing desk business, in an effort to turn around the struggling company, as well as "re-energize employees" and "realign performance incentives." Specifically, the company plans to turn its focus toward enterprise customers, rather than the small and mid-sized businesses, such as start-ups, that it offered leases to in the past. The company also said that it would be led by "proven executives in membership-focused, subscription-based businesses" moving forward, instead of being primarily "founder-led."

Read more of this story at Slashdot.

Share of Cryptocurrency Jobs Grew 1,457% In 4 Years

Sat, 11/09/2019 - 2:00am
The share of cryptocurrency jobs per million has risen 1,457% over the past four years, according to a study by job site Indeed.com. VentureBeat reports: Indeed analyzed millions of job postings on Indeed.com to unpack how Bitcoin, cryptocurrency, and blockchain trends have affected the job market. Searches for Bitcoin, blockchain, and cryptocurrency roles are going down -- yet employer demand has skyrocketed. According to Indeed, in the four-year period between September 2015 and September 2019, the share of these jobs per million grew by 1,457%. In that same time period, the share of searches per million increased by 469%. In the past year, the share of cryptocurrency job postings per million on Indeed.com has increased by 26%, while the share of searches per million for jobs has decreased by 53%. Bitcoin's volatility seems to correlate with job seeker interest, and the change in Bitcoin price this year might be why job searches have declined. Employers, however, are doubling down on the technology, which uses decentralized ledgers to produce secure and transparent transactions. The report says that if you want a better chance at getting a job in this field you should be a programmer familiar with basic cryptography, P2P networks, and a language like C++, Java, Python, or JavaScript (along with certain soft crypto skills). To stand out, you should learn new blockchain development languages, like Hyperledger, Bitcoin Script, Ethereum's Solidity, the Ripple protocol, or even languages currently in development -- like Rholang. The top hirers are as follows: Deloitte, IBM, Accenture, Cisco, Collins Aerospace, Ernst & Young, Coinbase, Overstock, Ripple, Verizon, Circle, Kraken, ConsenSys, JP Morgan Chase, and Signature Bank.

Read more of this story at Slashdot.

The World's First Gattaca Baby Tests Are Finally Here

Fri, 11/08/2019 - 10:30pm
An anonymous reader quotes a report from MIT Technology Review: Anxious couples are approaching fertility doctors in the US with requests for a hotly debated new genetic test being called "23andMe, but on embryos." The baby-picking test is being offered by a New Jersey startup company, Genomic Prediction, whose plans we first reported on two years ago. The company says it can use DNA measurements to predict which embryos from an IVF procedure are least likely to end up with any of 11 different common diseases. In the next few weeks it's set to release case studies on its first clients. Handed report cards on a batch of frozen embryos, parents can use the test results to try to choose the healthiest ones. The grades include risk estimates for diabetes, heart attacks, and five types of cancer. According to flyers distributed by the company, it will also warn clients about any embryo predicted to become a person who is among the shortest 2% of the population, or who is in the lowest 2% in intelligence. The test is straight out of the science fiction film Gattaca, a movie that's one of the inspirations of the startup's CEO, Laurent Tellier. The company's other cofounders are testing expert Nathan Treff and Stephen Hsu, a Michigan State University administrator and media pundit. So far, fertility centers have not leaped at the chance to offer the test, which is new and unproven. Instead, prospective parents are learning about the designer baby reports through word of mouth or news articles and taking the company's flyer to their doctors. "The test (called "LifeView") is carried out on a few cells plucked from a days-old IVF embryo," the report says. "Then Genomic Prediction measures its DNA at several hundred thousand genetic positions, from which it says it can create a statistical estimate, called a 'polygenic score,' of the chance of disease later in life." Criticism of the company from some genetics researchers has been intense. "It is irresponsible to suggest that the science is at the point where we could reliably predict which embryo to select to minimize the risk of disease. The science simply isn't there yet," says Graham Coop, a geneticist at the University of California, Davis, and a frequent critic of the company on Twitter.

Read more of this story at Slashdot.

'Platinum' Hacking Group Strikes Again With Complex Titanium Backdoor To Windows

Fri, 11/08/2019 - 8:25pm
Freshly Exhumed shares a report from Securelist: Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives). Titanium is the final result of a sequence of dropping, downloading and installing stages. The malware hides at every step by mimicking common software (protection related, sound drivers software, DVD video creation tools). The Titanium APT has a very complicated infiltration scheme. It involves numerous steps and requires good coordination between all of them. In addition, none of the files in the file system can be detected as malicious due to the use of encryption and fileless technologies. One other feature that makes detection harder is the mimicking of well-known software. One of the methods Titanium uses to infect its targets and spread is via a local intranet that has already been compromised with malware. Another is via an SFX archive containing a Windows task installation script. A third is shellcode that gets injected into the winlogon.exe process (it's still unknown how this happens).

Read more of this story at Slashdot.

GIF Site Gfycat Announces Mass Deletions, Threatens Archive Team With Lawsuit

Fri, 11/08/2019 - 8:05pm
Gfycat is threatening to sue Archive Team for archiving the site's old, anonymously-posted images that are marked for deletion. Gfycat's CEO, Dan McEleney, says archiving the memes it hosts is a "denial of service attack" and demands compensation. From a report: The fallout is ongoing on Twitter, with users of the site panicking about their old content and the company asking for (and being refused) private negotiations with Internet Archive, which [Archive Team founder Jason Scott] points out is not the same entity as the legally-threatened Archive Team.

Read more of this story at Slashdot.

Six Arrested For Selling Chinese Gear To Military As 'Made In America'

Fri, 11/08/2019 - 7:45pm
An anonymous reader quotes a report from Ars Technica: In August 2018, an Air Force service member noticed something strange about a body camera being used by security personnel at an Air Force base: Chinese characters on the screen. A subsequent investigation found numerous indications that the camera -- and two dozen others in the same shipment -- had been made in China. Investigators found three telling logos in the camera's firmware: an Air Force Logo, the logo of the Chinese company that made the camera, and the logo of China's ministry of public security. Forensic analysis indicated that all three images had been loaded on the camera at the same time by someone in a Chinese time zone. This suggested that not only was the camera made in China, but the Chinese knew that the body camera would be shipped to an Air Force facility. How did a Chinese-made digital camera wind up at a US Air Force base? In a criminal complaint unsealed Thursday, federal prosecutors blamed Aventura, a New York-based company that has been fraudulently re-selling Chinese-made gear for more than a decade. On Thursday, six of the company's founders and senior officials were arrested and charged with fraud and other crimes. [...] [S]ince 2006, the feds say, Aventura has been buying Chinese-made cameras, metal detectors, and other products, slapping "Made in America" logos on them, and re-selling them in the United States -- to customers including U.S. government agencies who are legally prohibited from buying such items.

Read more of this story at Slashdot.

Pages