FBI Again Calls For Magical Solution To Break Into Encrypted Phones (arstechnica.com) 232

An anonymous reader quotes a report from Ars Technica: FBI Director Christopher Wray again has called for a solution to what the bureau calls the "Going Dark" problem, the idea that the prevalence of default strong encryption on digital devices makes it more difficult for law enforcement to extract data during an investigation. However, in a Wednesday speech at Boston College, Wray again did not outline any specific piece of legislation or technical solution that would provide both strong encryption and allow the government to access encrypted devices when it has a warrant. A key escrow system, with which the FBI or another entity would be able to unlock a device given a certain set of circumstances, is by definition weaker than what cryptographers would traditionally call "strong encryption." There's also the problem of how to compel device and software makers to impose such a system on their customers -- similar efforts were attempted during the Clinton administration, but they failed. A consensus of technical experts has said that what the FBI has asked for is impossible. "I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available," Wray said Wednesday. "But I just don't buy the claim that it's impossible. Let me be clear: the FBI supports information security measures, including strong encryption. Actually, the FBI is on the front line fighting cyber crime and economic espionage. But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe."

Bitcoin Dives After SEC Says Crypto Platforms Must Be Registered (bloomberg.com) 81

Bitcoin slumped after the U.S. Securities and Exchange Commission reiterated that many online trading platforms for digital assets should register with the agency as exchanges. From a report: The largest cryptocurrency dropped as much as 8.6 percent to $9,864 after the SEC statement boosted concern that tightening regulation may limit trading. [...] "If a platform offers trading of digital assets that are securities and operates as an 'exchange,' as defined by the federal securities laws, then the platform must register with the SEC as a national securities exchange or be exempt from registration," the SEC said in the statement Wednesday.

Some of the largest cryptocurrency trading platforms, like Coinbase's GDAX, aren't registered as a national exchange with the SEC, and instead have money transmission licenses with separate states. In the case of Gemini, it's regulated by the New York State Department of Financial Services as a trust company, according to its website.


Mercedes' Futuristic Headlights Shine Warning Symbols On the Road (gizmodo.com) 139

In its new high-end vehicles, Daimler says it will introduce programmable, "million-pixel" headlights that project warning symbols and driving tips on the road. "The technology, which Daimler calls Digital Light, was demoed as a concept ten years ago, but at the Geneva Motor Show it's finally being introduced as a feature that's 'expected' to be available on certain Mercedes-Maybach S-Class vehicles sometime this year," reports Gizmodo. From the report: Sitting alongside the vehicle's standard headlights are a pair of small monochrome projectors that each feature "a resolution of over one million pixels," Daimler claims, resulting in an "HD-quality" image being projected onto the road surface ahead of the vehicle. Using data from the car's onboard sensors, as well as traffic and obstacle data that GPS devices rely on, the headlights project symbols like a snowflake indicating slippery conditions ahead, a construction symbol reminding drivers to slow down for road workers, arrows for where to turn, and even simple white lines representing the size of your vehicle so you can immediately tell if you're able to squeeze into a narrow parking spot. The ability to selectively switch off pixels means the S-Class' headlights could help drivers avoid blinding oncoming vehicles or pedestrians, as onboard sensors detect faces and windshields and automatically dim the brightness in those areas.

Coinbase Announces Cryptocurrency-Focused Index Fund (marketwatch.com) 26

In an interview with CNBC on its "Fast Money" segment, Coinbase's President and COO Asiff Hirji said the digital-currency platform would launch a cryptocurrency-focused index fund. Details are scarce but Hirji said it will be intended to give retail investors broad exposure to virtual currencies, and would be targeted to accredited investors on Day 1. He also said the index fund would be market-cap weighted.

UPDATE: Coinbase has since issued a blog post detailing the announcement. They are also introducing Coinbase Index, which "is a measure of the financial performance of all assets listed on GDAX, weighted by their market capitalization."

The Slow Death of the Internet Cookie (axios.com) 97

Sara Fischer, writing for Axios: Over 60% of marketers believe they will no longer need to rely on tracking cookies, a 20-year-old desktop-based technology, for the majority of their digital marketing within the next two years, according to data from Viant Technology, an advertising cloud. Why it matters: Advertising and web-based services that were cookie-dependent are slowly being phased out of our mobile-first world, where more personalized data targeting is done without using cookies. Marketers are moving away from using cookies to track user data on the web to target ads now that people are moving away from desktop. 90% of marketers say they see improved performance from people-based marketing, compared with cookie-based campaigns.

The Oscar-Winning Special Effects of Blade Runner 2049 (bbc.com) 107

On Sunday, 'Blade Runner 2049' won the Oscar for the movie with the best visual effects. BBC spoke to Richard Hoover, the visual effects supervisor at Framestore which was one of the companies responsible for the movie's special effects.

Further reading: How 'Blade Runner 2049' VFX Supervisor John Nelson Brought Rachael & Pic's Holograms To Life (Deadline); Behind the breathtaking visual effects of 'Blade Runner 2049' (Digital Trends); How Blade Runner 2049's VFX team made K's hologram girlfriend (Wired).

Tencent's WeChat Hits 1 Billion Milestone as Lunar New Year Boosts Monthly Active Users (scmp.com) 25

WeChat hit the milestone of one billion monthly active users during the Lunar New Year in February, a "remarkable number" according to Tencent Holdings chief executive Pony Ma Huateng who disclosed the figure at a Two Sessions media briefing in Beijing on Monday. From a report: The user numbers are up from 980 million in the third quarter of 2017, as reported in Tencent's third quarter results. More than 688 million WeChat users sent or received digital versions of hongbao, the traditional Chinese red packet containing cash and given as a gift during the new year holiday season, pushing the monthly active users of WeChat hongbao to 800 million, Ma revealed on Saturday, as reported by Chinese tech media 36Kr.

GitHub Survived the Biggest DDoS Attack Ever Recorded (wired.com) 144

A 1.35 terabit-per-second DDoS attack hit GitHub all at once last Wednesday. "It was the most powerful distributed denial of service attack recorded to date -- and it used an increasingly popular DDoS method, no botnet required," reports Wired. From the report: GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off. "We modeled our capacity based on fives times the biggest attack that the internet has ever seen," Josh Shaul, vice president of web security at Akamai told WIRED hours after the GitHub attack ended. "So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It's one thing to have the confidence. It's another thing to see it actually play out how you'd hope."

Akamai defended against the attack in a number of ways. In addition to Prolexic's general DDoS defense infrastructure, the firm had also recently implemented specific mitigations for a type of DDoS attack stemming from so-called memcached servers. These database caching systems work to speed networks and websites, but they aren't meant to be exposed on the public internet; anyone can query them, and they'll likewise respond to anyone. About 100,000 memcached servers, mostly owned by businesses and other institutions, currently sit exposed online with no authentication protection, meaning an attacker can access them, and send them a special command packet that the server will respond to with a much larger reply.


23,000 HTTPS Certs Axed After CEO Emails Private Keys (arstechnica.com) 72

An anonymous reader quotes Ars Technica: A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates. The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec...

In communications earlier this month, Trustico notified DigiCert that 50,000 Symantec-issued certificates Trustico had resold should be mass revoked because of security concerns. When Jeremy Rowley, an executive vice president at DigiCert, asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates, according to an account posted to a Mozilla security policy forum. The report produced a collective gasp among many security practitioners who said it demonstrated a shockingly cavalier treatment of the digital certificates that form one of the most basic foundations of website security... In a statement, Trustico officials said the keys were recovered from "cold storage," a term that typically refers to offline storage systems. "Trustico allows customers to generate a Certificate Signing Request and Private Key during the ordering process," the statement read. "These Private Keys are stored in cold storage, for the purpose of revocation."

"There's no indication the email was encrypted," reports Ars Technica, and the next day DigiCert sent emails to Trustico's 23,000+ customers warning that their certificates were being revoked, according to Bleeping Computer.

In a related development, Thursday Trustico's web site went offline, "shortly after a website security expert disclosed a critical vulnerability on Twitter that appeared to make it possible for outsiders to run malicious code on Trustico servers."

AI Will Create New Jobs But Skills Must Shift, Say Tech Giants (techcrunch.com) 73

AI will create more jobs than it destroys was the not-so-subtle rebuttal from tech giants to growing concern over the impact of automation technologies on employment. Execs from Google, IBM and Salesforce were questioned about the wider societal implications of their technologies during a panel session here at Mobile World Congress. From a report: Behshad Behzadi, who leads the engineering teams working on Google's eponymously named AI voice assistant, claimed many jobs will be "complemented" by AI, with AI technologies making it "easier" for humans to carry out tasks. "For sure there is some shift in the jobs. There's lots of jobs which will [be created which don't exist today]. Think about flight attendant jobs before there was planes and commercial flights. No one could really predict that this job will appear. So there are jobs which will be appearing of that type that are related to the AI," he said. "I think the topic is a super important topic. How jobs and AI is related -- I don't think it's one company or one country which can solve it alone. It's all together we could think about this topic," he added. "But it's really an opportunity, it's not a threat." "From IBM's perspective we firmly believe that every profession will be impacted by AI. There's no question. We also believe that there will be more jobs created," chimed in Bob Lord, IBM's chief digital officer. "We also believe that there'll be more jobs created.

US Response 'Hasn't Changed The Calculus' Of Russian Interference, NSA Chief Says (npr.org) 126

An anonymous reader shares an NPR report: The admiral in charge of both the nation's top electronic spying agency and the Pentagon's cybersecurity operations would seem a logical point man for countering Russia's digital intrusions in U.S. election campaigns. But National Security Agency and U.S. Cyber Command chief Adm. Michael Rogers told the Senate Armed Services Committee on Tuesday there is only so much he can do. That is because, according to Rogers, President Trump has not ordered him to go after the Russian attacks at their origin. Sen. Jack Reed of Rhode Island, the committee's ranking Democrat, asked Rogers, "Have you been directed to do so, given this strategic threat that faces the United States and the significant consequences you recognize already?" "No, I have not," Rogers replied. But the spy chief pushed back on suggestions that he should seek a presidential signoff. "I am not going to tell the president what he should or should not do," Rogers said when Connecticut Democrat Richard Blumenthal pressed him on whether Trump should approve that authority.

"I'm an operational commander, not a policymaker," he added. "That's the challenge for me as a military commander." Rogers agreed with Blumenthal's estimation that Russian cyber operatives continue to attack the U.S. with impunity and that Washington's response has fallen short. "It hasn't changed the calculus, is my sense," the spy chief told Blumenthal. "It certainly hasn't generated the change in behavior that I think we all know we need."


IBM's Watson Is Going To Space (thenextweb.com) 59

Yesterday, IBM announced it would be providing the AI brain for a robot being built by Airbus to accompany astronauts aboard the International Space Station (ISS). "The robot, which looks like a flying volleyball with a low-resolution face, is being deployed with Germany astronaut Alexander Gerst in June for a six month mission," reports The Next Web. "It's called CIMON, an acronym for Crew Interactive Mobile Companion, and it's headed to space to do science stuff." From the report: It'll help crew members conduct medical experiments, study crystals, and play with a Rubix cube. Best of all, just like "Wilson," the other volleyball with a face and Tom Hanks' costar in the movie Castaway, CIMON can be the astronauts' friend. According to an IBM blog post: "CIMON's digital face, voice and use of artificial intelligence make it a 'colleague' to the crew members. This collegial 'working relationship' facilitates how astronauts work through their prescribed checklists of experiments, now entering into a genuine dialogue with their interactive assistant."

ESRB Introducing 'In-Game Purchases' Label in Response To Loot Box Controversy (polygon.com) 97

The Entertainment Software Rating Board will begin labeling video games that contain in-game purchases, a response to lawmakers who have noticed the outcry over so-called loot crate systems and have signaled a willingness to legislate them. From a report: The labeling will "be applied to games with in-game offers to purchase digital goods or premiums with real world currency," the ESRB said in a news release this morning, "including but not limited to bonus levels, skins, surprise items (such as item packs, loot boxes, mystery awards), music, virtual coins and other forms of in-game currency, subscriptions, season passes and upgrades (e.g., to disable ads)." The label will appear separate from the familiar ESRB rating label (T-for-Teen, M-for-Mature, etc.) and not inside it. Additionally, the ESRB has begun an awareness campaign meant to highlight the controls available to parents whose households have a video game console.

China To Crack Down on Cryptocurrency Trading Loophole (bloomberg.com) 41

China is opening a new front in its battle against cryptocurrencies, targeting platforms that allow the nation's investors to trade digital assets on overseas exchanges, Bloomberg reported Tuesday citing people familiar with the matter said. From a report: Regulators are planning to scrutinize the Chinese bank and online-payment accounts of businesses and individuals suspected of facilitating trades on offshore cryptocurrency venues, the people said, asking not to be identified because the information is private. The accounts' owners could have their assets frozen or be blocked from the domestic financial system, the people said. The measures are designed to cut off one of the few remaining avenues for Chinese citizens to buy digital assets. While the country was once home to the world's most active cryptocurrency exchanges, authorities banned the venues last year and have since moved to block access to platforms that offer exchange-like services.
United States

The American Midwest Is Quickly Becoming a Blue-Collar Version of Silicon Valley (qz.com) 171

An anonymous reader quotes a report from Quartz: The economic engine of Silicon Valley seems to have driven right by the midwest. America's urban coastal cities have enjoyed an explosion in their technology sectors. New York's Silicon Alley and Boston's biotech corridor are world-class incubators of talent and startups. Austin (Texas), Seattle (Washington), Washington, D.C, and even Miami Beach claim a piece of the digital economy (and Silicon-something monikers). But what about Columbus and Indianapolis and Kansas City? After years in the doldrums, their fortunes are rising. Venture capital firms are setting up shop. Startups are clustering in old industrial strongholds. But the region's tech sectors look different than their coastal cousins. The midwest is seeing the rise of "mid-tech."

Alongside the traditional high-flying software jobs that are plentiful in Silicon Valley, mid-tech jobs, loosely defined as tech jobs requiring less than a college degree, are growing fast in the Midwest. While not an official designation, mid-tech jobs can be defined as skilled tech work that doesn't require a college degree: just intense, focused training on the job or in vocational programs like those of blue-collar trades of the industrial past. [...] Mid-tech jobs composed more than a quarter of all tech employment in major midwestern metropolitan areas, including Columbus, Ohio; Cincinnati, Ohio; St. Louis, Missouri; Detroit, Michigan; Nashville, Tennessee; and Minneapolis-St. Paul, Minnesota-Wisconsin. More than 100,000 people were employed in such jobs in these cities alone. That proportion never cracked 20% in Bay Area metropolises, the heart of Silicon Valley. While the analyses did not include all cities, it reveals the tech sector's evolution in the Midwest along different lines than Silicon Valley.
The findings come from the Brookings Institute, a nonprofit public policy research group, which crunched data from the Bureau of Labor Statistics. High and mid-tech jobs in midwestern cities also grew at an annual compounded rate of about 5%. What do these jobs look like? "In Kentucky, the technical skills once applied to things like calculating blast trajectories in mines are going into Javascript," reports Quartz. "The software firm Interapt has set up a training program in Eastern Kentucky to turn former coal miners and others with technical aptitude into software developers."

'Memtransistor' Brings World Closer To Brain-Like Computing 94

the gmr writes: According to a recent article published in the journal Nature, researchers at Northwestern University's McCormick School of Engineering have developed a "memtransistor," a device that both stores information in memory and processes information. The combined transistor and memory resistor work more like a neuron and purports to make computing more brain-like. The new "memtransistor" would use less energy than digital computers and eliminate the need to run memory and processing as separate functions while also being more brain-like. Lead researcher Mark C. Hersam clarified the brain-like efficacy of the memtransistor: "...in the brain, we don't usually have one neuron connected to only one other neuron. Instead, one neuron is connected to multiple other neurons to form a network. Our device structure allows multiple contacts, which is similar to the multiple synapses in neurons... [but] making dozens of devices, as we have done in our paper, is different than making a billion, which is done with conventional transistor technology today." Hersam reported no barriers to scaling up to billions of devices. This new technology would make smart devices more capable and possibly more seemingly-human. The devices may also promote advances in neural networks and brain-computer interfaces, new technologies also recently reported at Futurism.

Bitcoin Exchange Accidentally Allowed Customers To Buy Coins For $0 (cnbc.com) 51

AmiMoJo writes: "A system glitch at cryptocurrency exchange site Zaif enabled users to obtain digital money for free, with one apparently "purchasing" Bitcoin valued at $20,000,000,000,000 and then attempting to cash in on it..." according to the Japanese newspaper Asahi Shimbun. "The glitch, which lasted for 18 minutes from 5:40 p.m. to 5:58 p.m. on Feb. 16, affected Zaif's price calculation system, enabling customers to buy cryptocurrencies for nothing."

CoinDesk adds that "At least one customer attempted to resell their bitcoin, but the large amount of the cryptocurrency offered soon drew attention even outside the exchange. The firm later cancelled the transactions and corrected the users' balances. However, a source suggests that the correction is still being agreed with one of the seven users who attempted to transfer the free bitcoin away from the Zaif platform."


'Computer History Museum' Honorees Include Python Creator Guido van Rossum (computerhistory.org) 73

On Wednesday the Computer History Museum, "the world's leading institution exploring the history of computing and its transformational impact on society," proudly announced the three Fellow Award honorees for 2018:
  • Dov Frohman-Bentchkowsky -- "For the invention of the first commercial erasable programmable read-only memory (EPROM), which enabled rapid development of microprocessor-based systems."
  • Dame Stephanie Shirley CH -- "For a lifetime of entrepreneurship promoting the growth of the UK software industry and the advancement of women in computing."
  • Guido van Rossum -- "For the creation and evolution of the Python programming language, and for leadership of its community."

"We are delighted to induct these outstanding new Fellows with diverse contributions in hardware, in services, and in software," said Len Shustek, the Museum's board chairman. "They are true heroes of the Digital Age."


Ask Slashdot: Software To Visualize, Manage Homeowner's Association Projects? 115

New submitter jishak writes: I am a long time Slashdot reader who has been serving on an homeowner association (HOA) board for 7 years. Much of the job requires managing projects that happen around the community. For example, landscaping, plumbing, building maintenance, etc. Pretty much all the vendors work with paper or a management company scans the paper, giving us a digital version. I am looking for suggestions on tools to visualize and manage projects using maps/geolocation software to see where jobs are happening and track work, if that makes sense. I did a rudimentary search but didn't really find anything other than a couple of companies who make map software which is good for placing static items like a building on a map but not for ongoing work. There are tools like Visio or Autodesk, which are expensive and good for a single building, but they don't seem so practical for an entire community of 80 units with very little funds (I am a volunteer board member). The other software packages I have seen are more like general project management or CRM tools but they are of no use to track where trees are planted, which units have had termite inspections, etc.

I am looking for tools where I could see a map and add custom layers for different projects that can be enabled/disabled or show historical changes. If it is web based and can be shared for use among other board members, property managers, and vendors, or viewable on a phone or tablet, that would be a plus. I am not sure how to proceed and a quick search on Slashdot didn't really turn anything up. I can't be the first person to encounter this type of problem. Readers of Slashdot what do you recommend? If I go down the road of having to roll my own solution, can you offer ideas on how to implement it? I am open to suggestions.

Slashdot Top Deals