US Military Apologizes For Joking about Bombing 'Millennials' Who Might Storm Area 51
technology - Posted On:2019-09-22 16:44:59 Source: slashdot
"The US military has been forced to apologise for tweeting that it would use stealth-bombers on 'millenials' who try to storm Area 51," reports Yahoo News UK: More than two million people signed up to a Facebook event recently which encouraged atendees to visit the top secret base in Nevada. But only a few thousand UFO enthusiasts turned up on Friday to the facility, which is rumoured to contain secrets about aliens. As hordes of enthusiasts turned up the PR arm of the US military, called the Defence Visual Information Distribution Service (DVIDS), tweeted: "The last thing #Millennials will see if they attempt the #area51raid today" with a picture of military officers in front of a stealth bomber. Shortly afterwards the tweet was deleted and the unit apologised saying it "in no way" reflects their stance... "It was inappropriate and we apologize for this mistake." Around 1,000 people visited the facility's gates on Friday and at least six were arrested by police. The Storm Area 51 invitation spawned festivals in the tiny nearby towns of Rachel and Hiko, more than two hours' drive from Las Vegas. Lincoln County Sheriff Kerry Lee estimated late on Thursday that about 1,500 people had gathered at the festival sites, and more than 150 made the trip several additional miles on bone-rattling dirt roads to get within selfie distance of the gates.... "It's public land," the sheriff said. "They're allowed to go to the gate as long as they don't cross the boundary." Most of the arrests were for "misdemeanor trespassing on base property," which carries a $1,000 fine, according to the article. "In the end, no one actually 'stormed' Area 51, although deputies in rural Nye County resorted to 'heated warnings' to disperse as many as 200 people," reports the Associated Press. In another article the news service also quotes Lincoln County emergency services chief Eric Holt as saying resources had been mustered to handle up to 30,000 people, and calling the low turnout a "best-case" scenario... Although there were two car crashes involving cows. "The cows died, but motorists weren't hurt." Meanwhile, the "Area 51 Basecamp" festival sold just 500 tickets for their Friday concert, prompting them to cancel their Saturday concert altogether. "It was a gamble financially. We lost," the promoter told the Associated Pess. Read more of this story at Slashdot.
As Criticism Grows After Crashes, Boeing Committee May Recommend Organizational Changes
technology - Posted On:2019-09-22 12:45:00 Source: slashdot
McGruber summarizes an article in the New York Times: A small committee of Boeing's board is expected to call for several meaningful changes to the way the company is structured. The commitee may recommend that Boeing change aspects of its organizational structure, call for the creation of new groups focused on safety and encourage the company to consider making changes to the cockpits of future airplanes to accommodate a new generation of pilots, some of whom may have less training. Currently, Boeing's top engineers report primarily to the business leaders for each airplane model, and secondarily to the company's chief engineer. "Under this model, engineers who identify problems that might slow a jet's development could face resistance from executives whose jobs revolve around meeting production deadlines," reports the New York Times. "The committee recommends flipping the reporting lines, so that top engineers report primarily to Boeing's chief engineer, and secondarily to business unit leaders. "Another key recommendation calls for establishing a new safety group that will work across the company..." "Though the committee did not investigate the two crashes of Boeing's 737 MAX jet, their findings represent the company's most direct effort yet to reform its internal processes after the accidents, which killed 346 people." Meanwhile, a scathing article in the New Republic outlines the need for change, criticizing "pilot errorists" who have attempted to shift focus and blame from Boeing's own missteps in creating "a self-hijacking plane": In the now infamous debacle of the Boeing 737 MAX, the company produced a plane outfitted with a half-assed bit of software programmed to override all pilot input and nosedive when a little vane on the side of the fuselage told it the nose was pitching up. The vane was also not terribly reliable, possibly due to assembly line lapses reported by a whistle-blower, and when the plane processed the bad data it received, it promptly dove into the sea. It is understood, now more than ever, that capitalism does half-assed things like that, especially in concert with computer software and oblivious regulators... [T]here was something unsettlingly familiar when the world first learned of MCAS in November, about two weeks after the system's unthinkable stupidity drove the two-month-old plane and all 189 people on it to a horrific death. It smacked of the sort of screwup a 23-year-old intern might have made -- and indeed, much of the software on the MAX had been engineered by recent grads of Indian software-coding academies making as little as $9 an hour, part of Boeing management's endless war on the unions that once represented more than half its employees. Down in South Carolina, a nonunion Boeing assembly line that opened in 2011 had for years churned out scores of whistle-blower complaints and wrongful termination lawsuits packed with scenes wherein quality-control documents were regularly forged, employees who enforced standards were sabotaged, and planes were routinely delivered to airlines with loose screws, scratched windows, and random debris everywhere. The MCAS crash was just the latest installment in a broader pattern... Read more of this story at Slashdot.
VPN Apps With 500M+ Installs Caught Serving Disruptive Ads To Android Users
technology - Posted On:2019-09-20 18:59:59 Source: slashdot
New submitter screwdriver1 shares a report from The Next Web: In a yet another instance of Android adware, New Zealand-based independent security researcher Andy Michael found four apps with cumulative downloads of over 500 million that not only serve ads while running the background, but are also placed outside the apps, including the home screen. The apps in question are Hotspot VPN, Free VPN Master, Secure VPN, and Security Master by Cheetah Mobile. It's notable that all these apps originate from Hong Kong and China, where citizens have typically relied on VPNs to get around the Great Firewall. The apps are live on the Play Store to this date. But in an interesting twist, the apps containing the adware were all VPN or antivirus apps, suggesting that developers are increasingly banking on users' trust in security-related apps to commit "outside ad fraud." Google has a strict policy with regards to adware and disruptive ads in general. "We don't allow apps that contain deceptive or disruptive ads. Ads must only be displayed within the app serving them. We consider ads served in your app as part of your app. The ads shown in your app must be compliant with all our policies." The company, when reached for a response, said it would take action on the apps if they're indeed found in violation of its policies. Some VPN apps lie to us and Google shouldn't allow it. Read more of this story at Slashdot.
Facebook Suspends Tens of Thousands of Apps Following Data Investigation
technology - Posted On:2019-09-20 14:15:00 Source: slashdot
Facebook revealed Friday that it had suspended "tens of thousands" of apps that may have mishandled users' personal data, [Editor's note: the link may be paywalled; alternative source] part of an investigation sparked by the social giant's entanglement with Cambridge Analytica. From a report: The suspensions -- far more than the hundreds against which Facebook has taken action against in the past -- occurred for a "variety of reasons," the company said in a blog post, without elaborating. They were associated with about 400 developers. Facebook said it had investigated millions of apps and targeted those that Facebook said had access to "large amounts of information" or had the "potential to abuse" its policies. Facebook said some of the apps were banned for inappropriately sharing users' data, the same violation of company policy that led to the Cambridge Analytica scandal. It added that its investigation, now 18 months long, isn't yet complete. Read more of this story at Slashdot.
47% of Organizations Have Cyber Insurance, Up From 34% in 2017: Study
technology - Posted On:2019-09-20 10:44:56 Source: slashdot
Cyberattacks are now considered by most execs to be the top business concern, far outranking economic uncertainty, brand damage, and regulation, according to a survey by insurance consultancy Marsh and tech giant Microsoft. From a report: The global survey of over 1,500 business leaders illustrates the rapid change in business leaders' perceived risks to their organizations and shows that having a cyber insurance policy is now more common than two years ago. In 2017, Marsh and Microsoft found that 62% of respondents saw cyberattacks as a top-five risk, whereas this year 79% do. The share of respondents who see cyber attacks as the number one risk has also risen from 6% to 22% over two years. This year, the second most widely considered top-five risk is economic uncertainty, followed by brand damage, regulation, and loss of key personnel. [...] According to Marsh and Microsoft's survey, 47% of organizations have cyber insurance [PDF], up from 34% in 2017. Additionally, 57% of large firms with annual revenues of over $1bn report having cyber insurance compared with 36% of organizations with revenues below $100m. Nearly all respondents, totaling 89%, are confident their cyber insurance policy would cover the cost of a cyber event. Read more of this story at Slashdot.
World's Most Destructive Botnet Returns With Stolen Passwords and Email In Tow
it - Posted On:2019-09-19 23:44:58 Source: slashdot
An anonymous reader quotes a report from Ars Technica: If you've noticed an uptick of spam that addresses you by name or quotes real emails you've sent or received in the past, you can probably blame Emotet. It's one of the world's most costly and destructive botnets -- and it just returned from a four-month hiatus. A post published on Tuesday by researchers from Cisco's Talos security team helps explain how Emotet continues to threaten so many of its targets. Spam sent by Emotet often appears to come from a person the target has corresponded with in the past and quotes the bodies of previous email threads the two have participated in. Emotet gets this information by raiding the contact lists and email inboxes of infected computers. The botnet then sends a follow-up email to one or more of the same participants and quotes the body of the previous email. It then adds a malicious attachment. The result: malicious messages that are hard for both humans and spam filters to detect. The use of previously sent emails isn't new, since Emotet did the same thing before it went silent in early June. But with its return this week, the botnet is relying on the trick much more. About 25% of spam messages Emotet sent this week include previously sent emails, compared with about 8% of spam messages sent in April. "To make sending the spam easier, Emotet also steals the usernames and passwords for outgoing email servers," the report adds. "Those passwords are then turned over to infected machines that Emotet control servers have designated as spam emitters. The Talos researchers found almost 203,000 unique pairs that were collected over a 10-month period." Malwarebytes says Emotet has brought back another tactic where it refers to targets by name in subject lines. "Once opened, the documents attached to the emails claim that, effective September 20, 2019, users can only read the contents after they have agreed to a licensing agreement for Microsoft Word," reports Ars Technica. "And to do that, according to a post from security firm Cofense, users must click on an Enable Content button that turns on macros in Word." "After Office macros are enabled, Emotet executables are downloaded from one of five different payload locations," Cofense researchers Alan Rainer and Max Gannon wrote. "When run, these executables launch a service that looks for other computers on the network. Emotet then downloads an updated binary and proceeds to fetch TrickBot if a (currently undetermined) criteria of geographical location and organization are met." Read more of this story at Slashdot.
Bill Gates: Don't Break Up Tech Giants, It Won't Stop Anticompetitive Behavior
technology - Posted On:2019-09-19 22:14:59 Source: slashdot
dryriver shares a report from ZDNet: Speaking with Bloomberg, Microsoft co-founder Gates said it is better to regulate big tech companies. Breaking them up will simply result in two companies indulging in bad behavior. "I don't know the last time a company was broken up but you have to really think, 'Is that the best thing if there's a way that a company's behaving that you want to get rid of?' Then you should just say, 'Hey, OK, that's a banned behavior,'" said Gates. "Splitting a company in two and having two people doing the bad thing, you know that doesn't seem like a solution," he added. Gates said it was a "pretty narrow set of things" where a break-up would be a suitable solution. "I was naive about this but that was a long time ago and I didn't realize that as Microsoft gets successful we'd come under scrutiny and we went through our thing back in the 1990s and that's made us more thoughtful about this kind of activity," he said. Gates also told the Financial Times that fossil fuel divestment has had zero impact on emissions. Read more of this story at Slashdot.
Two Years Later, Hackers Are Still Breaching Local Government Payment Portals
technology - Posted On:2019-09-19 20:59:59 Source: slashdot
Two years after hackers first started targeting local government payment portals, attacks are still going on, with eight cities having had their Click2Gov payment portals compromised in the last month alone, security researchers from Gemini Advisory have revealed in a report shared with ZDNet today. From the news report: These new hacks have allowed hackers to get their hands on over 20,000 payment card details belonging to US citizens, which are now being traded on the dark web, the cyber-security firm said. Click2Gov is a web-based portal sold by Central Square, formerly known as Superion, to US and Canadian municipalities, small and large alike. It comes as a cloud-based offering and in a self-hosted version. Once up and running, Click2Gov provides a self-service portal where US citizens can pay taxes and bills. Such portals are widespread across the US and are not only used by locals, but also by Americans living across the country to pay bills and taxes for property they own in other cities or states. In 2017, a hacker group began targeting self-hosted Click2Gov portals that had been lagging behind with software patches. Read more of this story at Slashdot.
Instagram's Opioid Recovery Hashtags Are Full of Drug Dealers
technology - Posted On:2019-09-19 20:14:58 Source: slashdot
An anonymous reader quotes a report from BuzzFeed News: Dozens of top posts under the #opioidcrisis and #opioidaddiction hashtags contained comments touting Oxycontin, Percocet, Codeine, and other prescription opioids -- along with phone numbers and usernames for encrypted messaging accounts. A typical entry, under a video describing tens of thousands of deaths by drug overdose, offered "fast deals" on "Oxys, Roxy, Xans, Addy, codeine, perc...Available 24.7 for delivery." Social media's role in boosting the American opioid crisis, and the way dealers have used Instagram to connect with buyers, have long been known. Last year, the Washington Post described the service as "a sizable open marketplace for advertising illegal drugs." Instagram responded by cracking down on the drug-specific hashtags where many of these offers once lived. Now, though, as Facebook strives to highlight the way its services can connect addicts with recovery communities, these hubs are also valuable real estate for dealers. It's a significant oversight for the company, which is trying to show it can deal with the problem of drugs on its platforms to discourage legislation that would increase its liability for hosting such content. Eileen Carey, an activist and former tech industry executive who for years has kept a record of drug sales on social platforms, told BuzzFeed News that she approached [Facebook's head of global policy management Monika Bickert after a Senate hearing on Wednesday] and showed her the comments. "She thanked me for flagging," Carey said. A day later, however, the hashtag-located opioid markets remained open for business. "We do not allow the sale of illegal drugs on Instagram," a Facebook spokesperson wrote in a comment to BuzzFeed News. "It is against our policies to buy, sell or trade non-medical or pharmaceutical drugs on our platform -- including in comments. Inappropriate comments can and should be reported, and will be reviewed like posts or stories." Read more of this story at Slashdot.
Alphabet Partners With FedEx, Walgreens To Bring Drone Delivery To the US
technology - Posted On:2019-09-19 18:14:59 Source: slashdot
Google's Wing drone-delivery company announced today that it would be partnering with FedEx and Walgreens to bring autonomous drone deliveries to the U.S. in October. "The pilot program will be launched in Christiansburg, Virginia, one of the two areas in the state that Wing has been testing its drone technology for years," reports Quartz. From the report: People expecting packages from FedEx will be able to choose to get their deliveries made via drone, assuming that they live in certain areas that Wing has designated it can safely deliver parcels in. Similarly, Walgreens customers will be able to order products, such as non-prescription medicine, and have them delivered by drone. Walgreens said in a release that 78% of the U.S. population lives within 5 miles of one of its stores. Wing said that its drones can currently make a round-trip flight of about 6 miles (9.7 km), traveling about 60 miles per hour (97 km per hour), and can carry around 3 lbs (1.4 kg) of payload. The company also said that it would be offering deliveries from a local Virginia retailer, Sugar Magnolia. Wing won't be charging for the delivery service itself during the trial. Wing said on a call with journalists that it will soon be reaching out to members of the Christiansburg community to let them know if they will be able to accept deliveries. Wing's drones don't actually land on the ground when they make deliveries; instead, they hover about 23 ft (7 m) off the ground, lowering their packages down through a winch cable system. If anything happens to snag the cable as it's delivering a package, the drone can sense the tension in the cord and release it, hopefully flying away without incident. It still requires what it calls safe delivery zones, like a backyard or a front pathway outside a house, to be able to make a delivery. Read more of this story at Slashdot.
Google Makes the Largest Ever Corporate Purchase of Renewable Energy
technology - Posted On:2019-09-19 17:29:59 Source: slashdot
Two years ago, Google became the first company of its size to buy as much renewable electricity as the electricity it used. But as the company grows, so does its demand for power. To stay ahead of that demand, Google just made the largest corporate renewable energy purchase in history, with 18 new energy deals around the world that will help build infrastructure worth more than $2 billion. From a report: The projects include massive new solar farms in places like Texas and North Carolina where the company has data centers. "Bringing incremental renewable energy to the grids where we consume energy is a critical component of pursuing 24x7 carbon-free energy for all of our operations," Google CEO Sundar Pichai wrote in a blog post today. While most of the renewable energy the company has purchased in the past has come from wind farms, the dropping cost of solar power means that several of the new deals are solar plants. In Chile, a new project combines both wind and solar power, making it possible to generate clean energy for longer each day. Read more of this story at Slashdot.
Apple's iOS 13 Just Launched But iOS 13.1, iPadOS Arrive Next Week
technology - Posted On:2019-09-19 15:44:59 Source: slashdot
Apple's latest iPhone software, iOS 13, is now available -- but on Tuesday, you'll already be able to download the first update, iOS 13.1. And you'll be able to revitalize your iPad with Apple's software created for its tablets. From a report: Apple may be best known for its hardware, but it's really the seamless integration of its devices with its software that's set it apart from rivals. The company's ability to control every aspect of its products -- something that began when Steve Jobs and Steve Wozniak founded Apple in 1976 -- has been key in making Apple the most powerful company in tech. The company's mobile software, iOS, gets revamped every year and launches when its latest phones hit the market. Starting Tuesday, you'll also be able to download the first update to the software, as well as the new iPadOS software tailored for Apple's tablets. iOS 13 brings a dedicated dark mode, a new swipe keyboard and a revamped Photos app (complete with video editing tools). iOS 13.1 will bring bug fixes and will let you share your ETA with friends and family members through Apple Maps. Siri shortcuts can be added to automations, and you can set up triggers to run any shortcut automatically. Read more of this story at Slashdot.
How the Internet Archive is Waging War on Misinformation
technology - Posted On:2019-09-19 15:15:00 Source: slashdot
San Francisco-based non-profit is archiving billions of web pages in a bid to preserve web history. From a report: Since the 2016 US election, as fears about the power of fake news have intensified, the archive has stepped up its efforts to combat misinformation. At a time when false and ultra-partisan content is rapidly created and spread, and social media pages are constantly updated, the importance of having an unalterable record of who said what, when has been magnified. "We're trying to put in a layer of accountability," said founder Brewster Kahle. Mr Kahle founded the archive, which now employs more than 100 staff and costs $18m a year to run, because he feared that what was appearing on the internet was not being saved and catalogued in the same way as newspapers and books. The organisation is funded through donations, grants and the fees it charges third parties that request specific digitisation services. So far, the archive has catalogued 330bn web pages, 20m books and texts, 8.5m audio and video recordings, 3m images and 200,000 software programs. The most popular, public websites are prioritised, as are those that are commonly linked to. Some information is free to access, some is loaned out (if copyright laws apply) and some is only available to researchers. Curled up in a chair in his office after lunch, Mr Kahle lamented the combined impact of misinformation and how difficult it can be for ordinary people to access reliable sources of facts. "We're bringing up a generation that turns to their screens, without a library of information accessible via screens," said Mr Kahle. Some have taken advantage of this "new information system", he argued -- and the result is "Trump and Brexit." Having a free online library is crucial, said Mr Kahle, since "[the public is] just learning from whateverâ...âis easily available." Read more of this story at Slashdot.
India Tells Tech Firms To Protect User Privacy, Prevent Abuse
technology - Posted On:2019-09-19 12:15:00 Source: slashdot
Technology firms must protect user privacy and prevent abuse of their platforms, India's IT minister said on Thursday, speaking as the government draws up a data privacy law and seeks to push companies to store more data locally. From a report: Federal Information and Technology Minister Ravi Shankar Prasad said he wanted Indians to have access to more technology platforms but said this should not undermine user privacy. "I have only one caveat -- it must be safe and secure, it must safeguard the privacy rights of the individual and you must make extra efforts that people don't abuse the system," Prasad told industry executives at a gathering organized by Alphabet's Google in New Delhi. India's 1.3 billion people and their massive consumption of mobile data has turned it into a key growth market for U.S. technology giants such as Google, Facebook and Amazon. India has already forced foreign payment firms such as Mastercard and Visa to store data locally. Read more of this story at Slashdot.
Huawei's Flagship Mate 30 Pro Has Impressive Specs But No Google
technology - Posted On:2019-09-19 11:45:00 Source: slashdot
The Mate 30 series of smartphones from Huawei is now official, starting with the Mate 30 Pro and the Mate 30. From a report: The announcement of Mate 30 series comes at a difficult time for Huawei, whose presence on the USA's entity list prevents US companies from doing business with the Chinese firm. Google said last month that these phones won't ship with Google's apps and services, nor will they come with the Play Store pre-installed, which is how most Android users outside of China download their apps. Huawei's response to the problem has been to nurture its own ecosystem of apps that are available through the Huawei App Gallery. The company announced that rather than shipping with Google's services pre-installed, the Mate 30 Series would instead ship with the Huawei Mobile Services (HMS) Core, which it claims is already integrated with over 45,000 apps. The company announced that it was investing $1 billion into its software ecosystem with an investment that would be split across a development fund, a user growth fund, and a marketing fund. Here's what happens when you attempt to sideload an app developed by Google. Read more of this story at Slashdot.
Google is Bringing Its AI Assistant Service To People Without Internet Access
technology - Posted On:2019-09-19 10:14:57 Source: slashdot
An anonymous reader shares a report: Google Assistant, the digital assistant from the global search giant, is available to users through their smartphones, laptops, and smart speakers. Earlier this year, the company partnered with KaiOS to bring Assistant to some feature phones with internet access. Now Google is going a step further: Bringing its virtual assistant to people who have the most basic cellphone with no internet access. It's starting this program in India. At an event in New Delhi on Thursday, the company announced a 24x7 telephone line that anyone in India on Vodafone and Idea telecom networks (or Vodafone-Idea telecom network; as Vodafone owns Idea) could dial to have their questions answered. The company said it tested the phone line service with thousands of users across Lucknow and Kanpur before making it generally available. Users will be able to dial 000-800-9191-000 and they won't be charged for the call or the service. Manuel Bronstein, a VP at Google, said through this program the company is hoping to reach hundreds of millions of users in India who currently don't have access to smartphones or internet. Read more of this story at Slashdot.
Workers Accuse Kickstarter of Union-Busting In Federal Complaint
technology - Posted On:2019-09-18 21:29:58 Source: slashdot
On Monday night, unionizing employees at Kickstarter filed a complaint with the National Labor Review Board (NLRB) for allegedly wrongfully terminating two employees. Both of the employees were on the Kickstarter United organizing campaign. Motherboard reports: Kickstarter told Motherboard that the workers, Clarissa Redwine and Taylor Moore, were fired over performance issues within the past two weeks. But employees at Kickstarter are accusing the company of "discharging employees" because "they joined or supported a labor organization and in order to discourage union activities," according to the NLRB complaint, which was first reported and obtained by Slate's April Glaser. A third employee and member of the Kickstarter United organizing committee, Travis Brace, was informed on Thursday that he would no longer be needed in his role. In a September 12 email obtained by Motherboard, Aziz Hasan, the CEO of Kickstarter, wrote to employees, "There have been allegations that we are retaliating against union organizing. Those allegations are not true. No Kickstarter employee has been or ever will be fired for union organizing." Redwine says the company complained to her in recent months that she was not satisfactorily working with her managers. She claims that she was not given specific guidance on how she could improve. "Suddenly, after becoming a public union organizer, I started to get very strong negative feedback," Redwine told Motherboard. "After my best quarter at the company, I was told I was being put on a Performance Improvement Plan for slippery reasons like not building trust with my managers. I asked how progress would be tracked over and over and only received answers akin to 'just trust us.' I assume they never crafted the Performance Improvement Plan because they couldn't come up with anything concrete for me to improve." Redwine and Moore are asking for back pay and to be reinstated to their positions. In response to the complaint, Kickstarter said: "We'll be providing the NLRB with information about these firings and supporting documentation." Kickstarter told Motherboard that it "recently terminated two employees for performance reasons. A third was working on a service we shut down, so his role was eliminated, and there were no other positions here that would be a strong fit. That staff member will be transitioning out of the company. All three of these employees were members of the organizing committee, but this has nothing to do with their departures. (We have fired three other people who were not organizers since March.)" "We expect all employees -- including union organizers -- to be able to perform in their role and set up their teams and colleagues for success. We use a range of approaches -- twice-a-year performance reviews, peer feedback, manager feedback, one-on-one coaching and, in some cases, mediation -- to ensure that employees have the support they need to meet those expectations. When someone has been through this process and we have sufficient evidence that they are not meeting expectations, we must unfortunately part ways with them," the company continued. Read more of this story at Slashdot.
Exposed RDP Servers See 150K Brute-Force Attempts Per Week
it - Posted On:2019-09-18 19:29:59 Source: slashdot
Slashdot reader Cameyo shares a report from TechRepublic: Remote Desktop Protocol (RDP) is -- to the frustration of security professionals -- both remarkably insecure and indispensable in enterprise computing. The September 2019 Patch Tuesday round closed two remote code execution bugs in RDP, while the high-profile BlueKeep and DejaBlue vulnerabilities from earlier this year have sent IT professionals in a patching frenzy. With botnets brute-forcing over 1.5 million RDP servers worldwide, a dedicated RDP security tool is needed to protect enterprise networks against security breaches. Cameyo released on Wednesday an open-source RDP monitoring tool -- appropriately titled RDPmon -- for enterprises to identify and secure against RDP attacks in its environment. The tool provides a visualization of the total number of attempted RDP connections to servers, as well as a view of the currently running applications, the number of RDP users, and what programs those users are running, likewise providing insight to the existence of unapproved software. RDPmon operates entirely on-premise, the program data is not accessible to Cameyo. Customers of Cameyo's paid platform can also utilize the RDP Port Shield feature, also released Wednesday, which opens RDP ports for authenticated users by setting IP address whitelists in Windows Firewall when users need to connect. RDP was designed with the intent to be run inside private networks, not accessible over the internet. Despite that, enterprise use of RDP over the internet is sufficiently widespread that RDP servers are a high-profile, attractive target for hackers. The report says Cameyo found that Windows public cloud machines on default settings -- that is, with port 3389 open -- experience more than 150,000 login attempts per week. Read more of this story at Slashdot.
IBM's New 53-qubit Quantum Computer is Its Biggest Yet
technology - Posted On:2019-09-18 13:30:00 Source: slashdot
IBM's 14th quantum computer is its most powerful so far, a model with 53 of the qubits that form the fundamental data-processing element at the heart of the system. From a report: The system, available online to quantum computing customers in October, is a big step up from the last IBM Q machine with 20 qubits and should help advance the marriage of classical computers with the crazy realm of quantum physics. Quantum computing remains a highly experimental field, limited by the difficult physics of the ultra-small and by the need to keep the machines refrigerated to within a hair's breadth of absolute zero to keep outside disturbances from ruining any calculations. But if engineers and scientists can continue the progress, quantum computers could help solve computing problems that are, in practice, impossible on today's classical computers. That includes things like simulating the complexities of real-world molecules used in medical drugs and materials science, optimizing financial investment performance, and delivering packages with a minimum of time and fuel. Read more of this story at Slashdot.
Crypto-mining Malware Saw New Life Over the Summer as Monero Value Tripled
technology - Posted On:2019-09-18 11:30:00 Source: slashdot
Malware that mines cryptocurrency made a comeback over the summer, with an increased number of campaigns being discovered and documented by cyber-security firms. From a report: The primary reason for this sudden resurgence is the general revival of the cryptocurrency market, which saw trading prices recover after a spectacular crash in late 2018. Monero, the cryptocurrency of choice of most crypto-mining malware operations, was one of the many cryptocurrencies that were impacted by this market slump. The currency also referred to as XMR, has gone down from an exchange rate that orbited around $300 - $400 in late 2017 to a meager $40 - $50 at the end of 2018. But as the Monero trading price recovered throughout 2018, tripling its value from $38 at the start of the year, to nearly $115 over the summer, so have malware campaigns. These are criminal operations during which hackers infect systems with malware that's specifically designed to secretly mine Monero behind the computer owner's back. Starting with the end of May, the number of reports detailing crypto-mining campaigns published by cyber-security firms has exploded, with a new report published each week, and sometimes new campaigns being uncovered on a daily basis. Read more of this story at Slashdot.