Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

Many Password Strength Meters Are Downright Weak, Researchers Say 94

Posted by timothy
from the it's-like-pressing-the-walk-button dept.
alphadogg writes "Website password strength meters often tell you only what you want to hear rather than what you need to hear. That's the finding from researchers at Concordia University in Montreal, who examined the usefulness of those ubiquitous red-yellow-green password strength testers on websites run by big names such as Google, Yahoo, Twitter and Microsoft/Skype. The researchers used algorithms to send millions of 'not-so-good' passwords through these meters, as well as through the meters of password management services such as LastPass and 1Password, and were largely underwhelmed by what they termed wildly inconsistent results. Inconsistent can go both directions: I've seen password-strength meters that balked at absolutely everything (accepting weak passwords as good, after calling wildly long and random ones poor).
Facebook

Facebook Makes Messenger a Platform 44

Posted by samzenpus
from the stand-on-your-own-two-feet dept.
Steven Levy writes At Facebook's F8 developer conference, the ascension of the Messenger app was the major announcement. Messenger is no longer just a part of Facebook, but a standalone platform to conduct a wide variety of instant communications, not only with friends, but with businesses you may deal with as well. It will compete with other messaging services such as Snapchat, Line and even Facebook's own WhatsApp by offering a dizzying array of features, many of them fueled by the imagination and self-interest of thousands of outside software developers.
Security

Flash-Based Vulnerability Lingers On Many Websites, Three Years Later 41

Posted by Soulskill
from the what's-old-is-new dept.
itwbennett writes: The vulnerability known as CVE-2011-2461 was unusual because fixing it didn't just require the Adobe Flex Software Development Kit (SDK) to be updated, but also patching all the individual Flash applications (SWF files) that had been created with vulnerable versions of the SDK. The company released a tool that allowed developers to easily fix existing SWF files, but many of them didn't. Last year, Web application security engineers Luca Carettoni from LinkedIn and Mauro Gentile from Minded Security came across the old flaw while investigating Flash-based techniques for bypassing the Same-Origin Policy (SOP) mechanism found in browsers. They found SWF files that were still vulnerable on Google, Yahoo, Salesforce, Adobe, Yandex, Qiwi and many other sites. After notifying the affected websites, they presented their findings last week at the Troopers 2015 security conference in Germany.
Mars

Mars One Delayed 2 Years, CEO Releases Video In Response To Criticism 89

Posted by samzenpus
from the just-a-little-longer dept.
CryoKeen writes It's interesting how different news sites spin #marsgate. From Yahoo News: "The private colonization project Mars One has pushed its planned launch of the first humans toward the Red Planet back by two years, to 2026. The delay was necessitated by a lack of investment funding, which has slowed work on a robotic precursor mission that Mars One had wanted to send toward the Red Planet in 2018, Mars One CEO Bas Lansdorp said in a new video posted today... 'We had a very successful investment round in 2013 that has financed all the things that we have done up to now. And we have actually come to an agreement with a consortium of investors late last year for a much bigger round of investments. Unfortunately, the paperwork of that deal is taking much longer than we expected,' Lansdorp said in the video." This Astrowatch article is a lot more scathing and to the point: "Mars One, the Dutch company planning to send people on a one-way trip to Mars, that recently selected a group of 100 hopefuls, struggles with criticism. In a Medium story this week, Mars One finalist Joseph Roche presented multiple reasons as to why he believed the entire operation is a complete scam. In response, the company published a video Thursday in which Bas Lansdorp, CEO and Co-founder of Mars One, replies to recent criticism concerning the feasibility of Mars One's human trip to Mars. He also revealed that the mission will be delayed for two years. Roche said that the 'only way' to get selected for the next round of the Mars One candidacy process was to donate money. 'My nightmare about it is that people continue to support it and give it money and attention, and it then gets to the point where it inevitably falls on its face,' Roche told Elmo Keep for Medium."
Japan

No Fuel In the Fukushima Reactor #1 234

Posted by timothy
from the oh-this-old-thing? dept.
An anonymous reader writes To nobody's surprise, the Japanese press reports that a new way to look at the inside of one of the Fukushima 1 damaged reactors has shown the fuel is not in place. Engineers have not been able to develop a machine to directly see the exact location of the molten fuel, hampered by extremely high levels of radiation in and around the reactors, but a new scan technique using muons (details on the method in the media are missing) have shown the fuel is not in its place. While Tepco's speculation is that the fuel may be at the bottom of the reactor, it is a safe bet that at least some of it has burned through and has gone on to create an Uruguay syndrom.
Yahoo!

Yahoo Debuts End-To-End Encryption Email Plugin, Password-Free Logins 211

Posted by Soulskill
from the from-one-end-of-the-internet-to-the-other dept.
An anonymous reader writes: Yahoo has released the source code for a plugin that will enable end-to-end encryption for their email service. They're soliciting feedback from the security community to make sure it's built properly. They plan to roll it out to users by the end of the year.

Yahoo also demonstrated a new authentication system that doesn't use permanent passwords. Instead, they allow you to associate your Yahoo account with your phone, and text you a code on demand any time you need to log in. It's basically just the second step of traditional two-step authentication by itself. But Yahoo says they think it's "the first step to eliminating passwords."
United States

Snowden Reportedly In Talks To Return To US To Face Trial 671

Posted by Soulskill
from the bold-strategy dept.
HughPickens.com writes: The Globe and Mail reports that Edward Snowden's Russian lawyer, Anatoly Kucherena, says the fugitive former U.S. spy agency contractor is working with American and German lawyers to return home. "I won't keep it secret that he wants to return back home. And we are doing everything possible now to solve this issue. There is a group of U.S. lawyers, there is also a group of German lawyers and I'm dealing with it on the Russian side." Kucherena added that Snowden is ready to return to the States, but on the condition that he is given a guarantee of a legal and impartial trial. The lawyer said Snowden had so far only received a guarantee from the U.S. Attorney General that he will not face the death penalty. Kucherena says Snowden is able to travel outside Russia since he has a three-year Russian residency permit, but "I suspect that as soon as he leaves Russia, he will be taken to the U.S. embassy."
Yahoo!

Marissa Mayer On Turning Around Yahoo 167

Posted by samzenpus
from the steering-the-ship dept.
An anonymous reader writes For the 20th anniversary of Yahoo, Marissa Mayer discusses how she's trying to reinvent the company. In a wide-ranging interview, Mayer shares her vision for fixing the company's past mistakes, including a major investment in mobile and a new ad platform. Yet she's been dogged by critics who see her as an imperious micromanager, who criticize her $1.1 billion purchase of Tumblr, and who fault her for moving too slowly. The company's executives explain that the business could only return to health after she first halted Yahoo's brain drain and went big on mobile. As one Yahoo employee summarized Mayer's thinking: "First people, then apps."
Businesses

Teamsters Seek To Unionize More Tech Shuttle Bus Drivers In Silicon Valley 301

Posted by samzenpus
from the shuttle-together dept.
An anonymous reader writes with news about the effort to unionize shuttle drivers in Silicon Valley. "Shuttle bus drivers for five prominent tech companies will decide whether to unionize on Friday in a vote that has the potential to dramatically expand organized labor's territory in Silicon Valley and embolden others in the tech industry's burgeoning class of service workers to demand better working conditions. Drivers who ferry Yahoo, Apple, Genentech, eBay and Zynga workers -- all employed by contractor Compass Transportation -- will decide whether to join the Teamsters union in an election overseen by the National Labor Relations Board. Union leaders say they want to bring the drivers into the fold so they can negotiate better pay and benefits -- as well as relief from a split shift that has the drivers working morning and evening shifts with no pay in between. A contract the Teamsters struck over the weekend for Facebook's shuttle bus drivers, who work for Loop Transportation, offers a glimpse of what may be possible: paid sick and vacation time, full health care coverage and wages of up to $27.50 an hour."
Encryption

NSA Director Wants Legal Right To Snoop On Encrypted Data 406

Posted by Soulskill
from the you-can-trust-us dept.
jfruh writes: This may not come as a huge shock, but the director of the NSA doesn't believe that you have the right to encrypt your data in a way that the government can't access it. At a cybersecurity policy event, Michael Rogers said that the U.S. should be able to craft a policy that allows the NSA and law enforcement agencies to read encrypted data when they need to.
Security

'Babar' Malware Attributed To France 65

Posted by Soulskill
from the white-flag dept.
sarahnaomi writes: The NSA, GCHQ, and their allies in the Five Eyes are not the only government agencies using malware for surveillance. French intelligence is almost certainly hacking its targets too — and now security researchers believe they have proof. On Wednesday, the researchers will reveal new details about a powerful piece of malware known as "Babar," which is capable of eavesdropping on online conversations held via Skype, MSN and Yahoo messenger, as well as logging keystrokes and monitoring which websites an infected user has visited. The researchers are publishing two separate but complementary reports that analyze samples of the malware, and all but confirm that France's spying agency the General Directorate for External Security (DGSE) was responsible for its creation.
AI

Breakthrough In Face Recognition Software 142

Posted by Soulskill
from the anonymity-takes-another-hit dept.
An anonymous reader writes: Face recognition software underwent a revolution in 2001 with the creation of the Viola-Jones algorithm. Now, the field looks set to dramatically improve once again: computer scientists from Stanford and Yahoo Labs have published a new, simple approach that can find faces turned at an angle and those that are partially blocked by something else. The researchers "capitalize on the advances made in recent years on a type of machine learning known as a deep convolutional neural network. The idea is to train a many-layered neural network using a vast database of annotated examples, in this case pictures of faces from many angles. To that end, Farfade and co created a database of 200,000 images that included faces at various angles and orientations and a further 20 million images without faces. They then trained their neural net in batches of 128 images over 50,000 iterations. ... What's more, their algorithm is significantly better at spotting faces when upside down, something other approaches haven't perfected."
Facebook

Facebook Launches ThreatExchange To Let Companies Share Threat Info 30

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes Facebook today launched ThreatExchange, described as "an API-based clearinghouse for security threat information." It's really a social platform, which Facebook naturally excels at building, which allows companies to share with each other details about malware and phishing attacks. Pinterest, Tumblr, Twitter, and Yahoo participated in ThreatExchange and gave feedback as Facebook was developing it. New contributors Bitly and Dropbox have also recently joined, bringing the initial participant list to seven major tech companies.
NASA

SpaceX Falcon 9 Launches, Rocket Recovery Attempt Scrapped 69

Posted by samzenpus
from the if-at-first-you-don't-succeed dept.
An anonymous reader writes After scrubbing a launch Sunday because a radar glitch, and canceling one Tuesday due to high winds, SpaceX has successfully launched the Falcon 9 rocket holding the Deep Space Climate Observatory satellite. The DSCOVR will orbit between Earth and the sun, observing and providing advanced warning of particles and magnetic fields emitted by the sun. The planned attempt to recover the first stage of the Falcon 9 rocket via autonomous drone ship was scrapped due to huge waves in the Atlantic.
Bitcoin

Alleged Bitcoin Scam Leaves Millions Missing 148

Posted by samzenpus
from the I-think-I've-heard-this-story dept.
First time accepted submitter OutOnARock writes Yahoo Finance is reporting on the latest Bitcoin scam, this time from Hong Kong. "Investors in a Hong Kong-based Bitcoin trading company fear they have fallen victim to a scam after it closed down, a lawmaker said Monday, adding losses could total HK$3 billion ($387 million). Leung Yiu-chung said his office recently received reports from dozens of investors in Hong Kong who paid a total of HK$40 million ($5.16 million) into the scheme run online by MyCoin, but the total loss may be vastly more. 'The number of cases is increasing. These two days I received calls about more than 30 cases. We estimate more than 3,000 people and HK$3 billion are involved,' he told AFP."
Input Devices

The Algorithm That 'Sees' Beauty In Photographic Portraits 76

Posted by timothy
from the see-truth-and-extrapolate dept.
KentuckyFC (1144503) writes "Beauty is in the eye of the beholder. But what if the beholder is a machine? Scientists from Yahoo Labs in Barcelona have trained a machine learning algorithm to pick out beautiful photographic portraits from a collection of not-so-beautiful ones. They began with a set of 10,000 portraits that have been rated by humans and then allowed the algorithm to "learn" the difference by taking into account personal factors such as the age, sex and race of the subject as well as technical factors such as the sharpness of the image, the exposure and the contrast between the face and the background and so on. The trained algorithm was then able to reliably pick out the most beautiful portraits. Curiously, the algorithm does this by ignoring personal details such as age, sex, race, eye colour and so on and instead focuses only on technical details such as sharpness, exposure and contrast. The team say this suggests that any subject can be part of a stunning portrait regardless of their looks. It also suggests that "perfect portrait" algorithms could be built in to the next generation of cameras, rather like the smile-capturing algorithms of today."
Businesses

Alibaba Face Off With Chinese Regulator Over Fake Products 79

Posted by samzenpus
from the clean-up-your-act dept.
hackingbear writes China's State Administration of Industry and Commerce on Wednesday issued a scathing report against one of the country's biggest stars, accusing e-commerce giant Alibaba of failing to do enough to prevent fake goods from being sold on its websites. SAIC said Alibaba allowed "illegal advertising" that misled consumers with false claims about low prices and other details. It claims some Alibaba employees took bribes and the company failed to deal effectively with fraud. Alibaba fired back with charges of bias and misconduct by accusing the SAIC official in charge of Internet monitoring, Liu Hongliang, of unspecified "procedural misconduct" and warned it will file a formal complaint. Such public defiance is almost unheard of in China. Apparently, Alibaba has long attained the too big to fail status.
Medicine

Should Disney Require Its Employees To Be Vaccinated? 673

Posted by samzenpus
from the goofy-with-disease dept.
HughPickens.com writes According to Joanna Rothkopf Disneyland is already a huge petri dish of disease with tired children wiping their snot faces on Goofy and then riding log flumes through mechanized rivers filled with the backwash of thousands of other sweaty, unwashed, weeping toddlers. Now John Tozzi reports at Businessweek that five workers at Disneyland have been diagnosed with measles in an outbreak that California officials trace to visitors at the theme park in mid-December. The measles outbreak is a publicity nightmare for Disney and the company is urging its 27,000 workers at the park to verify that they're inoculated against the virus, and the company is offering tests and shots on site for workers who are unvaccinated. One thing Disney won't do, however, is require workers to get routine vaccinations as a condition of employment. Almost no companies outside the health-care industry do. "To make things mandatory just raises a lot of legal concerns and legal issues," says Rob Niccolini. Disney has been working with public health officials, and they've already put some employees on paid leave until medically cleared. "They recognized that they were just a meeting place for measles," says Gilberto Chávez. "And they are quite concerned about doing what they can to help control the outbreak."
Programming

Interviews: Alexander Stepanov and Daniel E. Rose Answer Your Questions 42

Posted by samzenpus
from the read-all-about-it dept.
samzenpus (5) writes "Alexander Stepanov is an award winning programmer who designed the C++ Standard Template Library. Daniel E. Rose is a programmer, research scientist, and is the Chief Scientist for Search at A9.com. In addition to working together, the duo have recently written a new book titled, From Mathematics to Generic Programming. Earlier this month you had a chance to ask the pair about their book, their work, or programming in general. Below you'll find the answers to those questions."
Stats

Lies, Damn Lies, and Tech Diversity Statistics 335

Posted by timothy
from the facts-are-stubborn-things dept.
theodp writes Some of the world's leading Data Scientists are on the payrolls of Microsoft, Google, Facebook, Yahoo, and Apple. So, it'd be interesting to get their take on the infographics the tech giants have passed off as diversity data disclosures. Microsoft, for example, reported its workforce is 29% female, which isn't great, but if one takes the trouble to run the numbers on a linked EEO-1 filing snippet (PDF), some things look even worse. For example, only 23.35% of its reported white U.S. employee workforce is female (Microsoft, like Google, footnotes that "Gender data are global, ethnicity data are US only"). And while Google and Facebook blame their companies' lack of diversity on the demographics of U.S. computer science grads, CS grad and nationality breakouts were not provided as part of their diversity disclosures. Also, the EEOC notes that EEO-1 numbers reflect "any individual on the payroll of an employer who is an employee for purposes of the employers withholding of Social Security taxes," further muddying the disclosures of companies relying on imported talent, like H-1B visa dependent Facebook. So, were the diversity disclosure mea culpas less about providing meaningful data for analysis, and more about deflecting criticism and convincing lawmakers there's a need for education and immigration legislation (aka Microsoft's National Talent Strategy) that's in tech's interest?