Oggi e' 21.10.2017
Sei qui: Home arrow Slashdot
Slashdot
Slashdot
News for nerds, stuff that matters

Slashdot
  • 2 Million IoT Devices Enslaved By Fast-Growing BotNet
    An anonymous reader writes: Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper, researchers estimate its current size at nearly two million infected devices. According to researchers, the botnet is mainly made up of IP-based security cameras, routers, network-attached storage (NAS) devices, network video recorders (NVRs), and digital video recorders (DVRs), primarily from vendors such as Netgear, D-Link, Linksys, GoAhead, JAWS, Vacron, AVTECH, MicroTik, TP-Link, and Synology. The botnet reuses some Mirai source code, but it's unique in its own right. Unlike Mirai, which relied on scanning for devices with weak or default passwords, this botnet was put together using exploits for unpatched vulnerabilities. The botnet's author is still struggling to control his botnet, as researchers spotted over two million infected devices sitting in the botnet's C&C servers' queue, waiting to be processed. As of now, the botnet has not been used in live DDoS attacks, but the capability is in there. Today is the one-year anniversary of the Dyn DDoS attack, the article points out, adding that "This week both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online."

    Read more of this story at Slashdot.



  • Data Science Meets Sports Gambling: How Researchers Beat the Bookies
    "A trio of data scientists developed a betting strategy to beat bookmakers at football games," writes austro. [The game Americans call soccer.] New Scientist reports: The team studied 10 years' worth of data on nearly half a million football matches and the associated odds offered by 32 bookmakers between January 2005 and June 2015. When they applied their strategy in a simulation, they made a return of 3.5 per cent. Making bets randomly resulted in a loss of 3.32 per cent. Then the team decided to try betting for real. They developed an online tool that would apply their odds-averaging formula to upcoming football matches. When a favorable opportunity arose, a member of the team would email Kaunitz and his wife, one of whom then placed a bet. They kept this up for five months, placing $50 bets around 30 times a week. And they were winning. After five months the team had made a profit of $957.50 -- a return of 8.5 per cent. But their streak was cut short. Following a series of several small wins, the trio were surprised to find that their accounts had been limited, restricting how much they could bet to as little as $1.25. The gambling industry has long restricted players who appear to show an edge over the house, says Mark Griffiths at Nottingham Trent University, UK. The paper "illustrates how the sports gambling industry compensates market inefficiencies with discriminatory practices against successful clients," adds austro, noting that the researchers posted a paper explaining their methodology on arxiv last week. "They also made the dataset and source code available on github. And best of all, they made an online publicly available dashboard that shows a live list of bet recommendations on football matches based on their strategy here or here for anyone to try."

    Read more of this story at Slashdot.



  • Google Offers $1,000 Bounties For Hacking Dropbox, Tinder, Snapchat, and Others
    An anonymous reader quotes Mashable: Google, in collaboration with bug bounty platform HackerOne, has launched the Google Play Security Reward Program, which promises $1,000 to anyone who can identify security vulnerabilities in participating Google Play apps. Thirteen apps are currently participating, including Tinder, Duolingo, Dropbox, Snapchat, and Headspace... If you find a security vulnerability in one of the participating apps, you can report that vulnerability to the developer, and work with them to fix it. When the problem has been resolved, the Android Security team will pay you $1,000 as a reward, on top of any reward you get from the app developer. Google will be collecting data on the vulnerabilities and sharing it (anonymized) with other developers who may be exposed to the same problems. For HackerOne, it's about attracting more and better participants in bounty programs.

    Read more of this story at Slashdot.



  • Why Are We Still Using Passwords?
    Here's some surprising news from the Akamia Edge conference. chicksdaddy writes: [E]xecutives at some of the U.S.'s leading corporations agreed that the much maligned password won't be abandoned any time soon, even as data breaches and follow-on attacks make passwords more susceptible than ever to abuse, the Security Ledger reports. "We reached the end of needing passwords maybe seven years ago, but we still use them," said Steve Winterfeld, Director of Cybersecurity, at clothing retailer Nordstrom. "They're still the primary layer of defense." "It's hard to kill them," noted Shalini Mayor, who is a Senior Director at Visa Inc. "The question is what to replace them with." This, even though the cost of using passwords is high and getting higher, as sophisticated attacks attempt to compromise legitimate accounts using so-called "credential stuffing" techniques, which use automated password guessing attacks against web-based applications... Stronger and more reliable alternatives to passwords already exist, but the obstacles to using them are often prohibitive. Shalani Mayor said Visa is "looking at" biometric technologies like Apple's TouchID as a tool for making payments securely. Such technologies -- from fingerprint scans to facial and retinal scans -- promise more secure and reliable factors than alphanumeric passwords, the executives agreed. But customers often resist the technologies or find them error prone or too difficult to use.

    Read more of this story at Slashdot.



  • Code School Fined $375K Over Employment Claims and Licensing Issues
    An anonymous reader quotes Ars Technica: [O]ne of the most prominent institutions, New York's Flatiron School, will be shelling out $375,000 to settle charges brought by New York Attorney General Eric Schneiderman's office. The AG said the school operated for a period without the proper educational license, and it improperly marketed both its job placement rates and the salaries of its graduates. New York regulators didn't find any inaccuracies in Flatiron's "outcomes report," a document the company is proud of. However, the Attorney General's office found that certain statements made on Flatiron's website didn't constitute "clear and conspicuous" disclosure. For instance, Flatiron claimed that 98.5 percent of graduates were employed within 180 days of graduation. However, only by carefully reading the outcomes report would one find that the rate included not just full-time employees, but apprentices, contract workers, and freelancers. Some of the freelancers worked for less than 12 weeks. The school also reported an average salary of $74,447 but didn't mention on its website that the average salary claim only applied to graduates who achieved full-time employment. That group comprised only 58 percent of classroom graduates and 39 percent of those who took online courses. The school's courses last 12 to 16 weeks, and cost between $12,000 and $15,000, according to a statement from the attorney general's office [PDF]. (Or $1,500 a month for an onine coding class). Eligible graduate can claim their share of the $375,000 by filing a complaint within the next thee months.

    Read more of this story at Slashdot.



  • Friendlier GPL-Enforcement Permission Proposed By Linux Kernel Developers
    The former Executive Director of the Free Software Foundation -- and Slashdot user #41121 -- contacted Slashdot with this announcement. bkuhn -- now president of the Software Freedom Conservancy -- writes: Software Freedom Conservancy, home of the GPL Compliance Project for Linux Developers, publicly applauded today the proposal of the Linux Kernel Enforcement Statement, which adds a per-copyright-holder-opt-in additional permission to the termination provisions of Linux's GPLv2-only license. It apparently addresses a developer who "made claims based on ambiguities in the GPL-2.0 that no one in our community has ever considered part of compliance," according to a statement from some of the kernel developers who drafted the statement. While the kernel community has always supported enforcement efforts to bring companies into compliance, we have never even considered enforcement for the purpose of extracting monetary gain... [W]e are aware of activity that has resulted in payments of at least a few million Euros. We are also aware that these actions, which have continued for at least four years, have threatened the confidence in our ecosystem. Because of this, and to help clarify what the majority of Linux kernel community members feel is the correct way to enforce our license, the Technical Advisory Board of the Linux Foundation has worked together with lawyers in our community, individual developers, and many companies that participate in the development of, and rely on Linux, to draft a Kernel Enforcement Statement to help address both this specific issue we are facing today, and to help prevent any future issues like this from happening again. It adopts the same termination provisions we are all familiar with from GPL-3.0 as an Additional Permission giving companies confidence that they will have time to come into compliance if a failure is identified.

    Read more of this story at Slashdot.



  • Tech Companies To Lobby For Immigrant 'Dreamers' To Remain In US
    An anonymous reader quotes a report from Reuters: Nearly two dozen major companies in technology and other industries are planning to launch a coalition to demand legislation that would allow young, illegal immigrants a path to permanent residency, according to documents seen by Reuters. The Coalition for the American Dream intends to ask Congress to pass bipartisan legislation this year that would allow these immigrants, often referred to as "Dreamers," to continue working in the United States, the documents said. Alphabet Inc's Google, Microsoft Corp, Amazon.com Inc, Facebook Inc, Intel Corp, Uber Technologies Inc, IBM Corp, Marriott International Inc and other top U.S. companies are listed as members, one of the documents shows. The push for this legislation comes after President Donald Trump's September decision to allow the Deferred Action for Childhood Arrivals (DACA) program to expire in March. That program, established by former President Barack Obama in 2012, allows approximately 900,000 illegal immigrants to obtain work permits. Some 800 companies signed a letter to Congressional leaders after Trump's decision, calling for legislation protecting Dreamers. That effort was spearheaded by a pro-immigration reform group Facebook Chief Executive Mark Zuckerberg co-founded in 2013 called FWD.us.

    Read more of this story at Slashdot.