Transportation

Virgin Hyperloop One Eyes India For Possible High-Speed Routes (theverge.com) 35

India is officially being added to the list of nations that have expressed interest in near-supersonic, tube-based travel. Virgin Hyperloop One "signed agreements with the governments of Maharashtra and Karnataka to begin studying the impact of a hyperloop in the region," reports The Verge. "The feasibility studies have implications for India's giant cities like Mumbai and Bangalore, as well as fast-growing urban centers like Pune and Nagpur." From the report: The agreements are signs that despite its lack of a commercial product or human-ready testing, Virgin Hyperloop One has shown a tenacity for securing agreements with willing government partners. The company recently announced 10 winning submissions in a long-running contest to find what it believes to be the best places to build the first hyperloop routes in the world. Ten teams across five countries (Mexico, India, the United States, the United Kingdom, and Canada) were picked from the original 2,600 submissions, and the routes range in size from about 200 to nearly 700 miles, depending on the location. Virgin Hyperloop One hasn't specified the length of the routes it would build in India -- to be sure, it remains possible that none of these proposed routes get built -- but it did tease some of the possibilities in terms of reduction in travel time. For example, it would take just 14 minutes to travel between Mumbai and the fast-growing city of Pune, a journey that currently takes up to three hours by car. Also, it could look at connecting Nagpur, which is in the easternmost part of Maharashtra, with Mumbai and Pune to vastly improve passenger and freight transportation.
EU

New EU Consumer Protection Law Contains a Vague Website Blocking Clause (bleepingcomputer.com) 44

An anonymous reader quotes a report from Bleeping Computer: The European Union (EU) has voted on Tuesday, November 14, to pass the new Consumer Protection Cooperation regulation, a new EU-wide applicable law that gives extra power to national consumer protection agencies, but which also contains a vaguely worded clause that also grants them the power to block and take down websites without judicial oversight. The new law "establishes overreaching Internet blocking measures that are neither proportionate nor suitable for the goal of protecting consumers and come without mandatory judicial oversight," Member of the European Parliament Julia Reda said in a speech in the European Parliament Plenary during a last ditch effort to amend the law. "According to the new rules, national consumer protection authorities can order any unspecified third party to block access to websites without requiring judicial authorization," Reda added later in the day on her blog. This new law is an EU regulation and not a directive, meaning its obligatory for all EU states, which do not have to individually adopt it.
Security

Internal Kaspersky Investigation Says NSA Worker's Computer Was Infested with Malware (vice.com) 126

A reader shares a report: The personal computer of an NSA worker who took government hacking tools and classified documents home with him was infected with a backdoor trojan, unrelated to these tools, that could have been used by criminal hackers to steal the US government files, according to a new report being released Thursday by Kaspersky Lab in response to recent allegations against the company. The Moscow-based antivirus firm, which has been accused of using its security software to improperly grab NSA hacking tools and classified documents from the NSA worker's home computer and provide them to the Russian government, says the worker had at least 120 other malicious files on his home computer in addition to the backdoor, and that the latter, which had purportedly been created by a Russian criminal hacker and sold in an underground forum, was trying to actively communicate with a malicious command-and-control server during the time Kaspersky is accused of siphoning the US government files from the worker's computer. Costin Raiu, director of the company's Global Research and Analysis Team, told Motherboard that his company's software detected and prevented that communication but there was a period of time when the worker had disabled his Kaspersky software and left his computer unprotected. Raiu says they found evidence that the NSA worker may have been infected with a second backdoor as well, though they saw no sign of it trying to communicate with an external server so they don't know if it was active on his computer.
The Internet

FCC Plans December Vote To Kill Net Neutrality Rules (bloomberg.com) 112

An anonymous reader quotes a report from Bloomberg: The U.S. Federal Communications Commission under its Republican chairman plans to vote in December to kill the net neutrality rules passed during the Obama era, said two people briefed on the plans. Chairman Ajit Pai in April proposed gutting the rules that he blamed for depressing investment in broadband, and said he intended to "finish the job" this year. The chairman has decided to put his proposal to a vote at the FCC next month, said the people. The agency's monthly meeting is to be held Dec. 14. The people asked not to be identified because the plan hasn't been made public. It's not clear what language Pai will offer to replace the rules that passed with only Democratic votes at the FCC in 2015. He has proposed that the FCC end the designation of broadband companies such as AT&T Inc. and Comcast Corp. as common carriers. That would remove the legal authority that underpins the net neutrality rules. One of the people said Pai may call for vacating the rules except for portions that mandate internet service providers inform customers about their practices. The current regulations forbid broadband providers from blocking or slowing web traffic, or from charging higher fees in return for quicker passage over their networks.
Transportation

Boeing 757 Testing Shows Airplanes Vulnerable To Hacking, DHS Says (aviationtoday.com) 140

schwit1 shares a report from Aviation Today: A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a DHS official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia. "We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration. [Which] means I didn't have anybody touching the airplane, I didn't have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft." Hickey said the details of the hack and the work his team are doing are classified, but said they accessed the aircraft's systems through radio frequency communications, adding that, based on the RF configuration of most aircraft, "you can come to grips pretty quickly where we went" on the aircraft. Patching avionics subsystem on every aircraft when a vulnerability is discovered is cost prohibitive, Hickey said. The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement. For Southwest Airlines, whose fleet is based on Boeing's 737, it would "bankrupt" them. Hickey said newer models of 737s and other aircraft, like Boeing's 787 and the Airbus Group A350, have been designed with security in mind, but that legacy aircraft, which make up more than 90% of the commercial planes in the sky, don't have these protections.
Medicine

FDA Approves Digital Pill That Tracks If Patients Have Ingested Their Medication (nytimes.com) 72

An anonymous reader quotes a report from The New York Times (Warning: source may be paywalled; alternative source): For the first time, the Food and Drug Administration has approved a digital pill -- a medication embedded with a sensor that can tell doctors whether, and when, patients take their medicine. The approval, announced late on Monday, marks a significant advance in the growing field of digital devices designed to monitor medicine-taking and to address the expensive, longstanding problem that millions of patients do not take drugs as prescribed. Experts estimate that so-called nonadherence or noncompliance to medication costs about $100 billion a year, much of it because patients get sicker and need additional treatment or hospitalization. Patients who agree to take the digital medication, a version of the antipsychotic Abilify, can sign consent forms allowing their doctors and up to four other people, including family members, to receive electronic data showing the date and time pills are ingested. A smartphone app will let them block recipients anytime they change their mind. Although voluntary, the technology is still likely to prompt questions about privacy and whether patients might feel pressure to take medication in a form their doctors can monitor.
Government

Pentagon To Make a Big Push Toward Open-Source Software Next Year (theverge.com) 97

"Open-source software" is computer software with its source code made available with a license in which the copyright holder provides the rights to study, change, and distribute the software to anyone and for any purpose. According to The Verge, the Pentagon is going to make a big push for open-source software in 2018. "Thanks to an amendment introduced by Sen. Mike Rounds (R-SD) and co-sponsored by Sen. Elizabeth Warren (D-MA), the [National Defense Authorization Act for Fiscal Year 2018] could institute a big change: should the bill pass in its present form, the Pentagon will be going open source." From the report: We don't typically think of the Pentagon as a software-intensive workplace, but we absolutely should. The Department of Defense is the world's largest single employer, and while some of that work is people marching around with rifles and boots, a lot of the work is reports, briefings, data management, and just managing the massive enterprise. Loading slides in PowerPoint is as much a part of daily military life as loading rounds into a magazine. Besides cost, there are two other compelling explanations for why the military might want to go open source. One is that technology outside the Pentagon simply advances faster than technology within it, and by availing itself to open-source tools, the Pentagon can adopt those advances almost as soon as the new code hits the web, without going through the extra steps of a procurement process. Open-source software is also more secure than closed-source software, by its very nature: the code is perpetually scrutinized by countless users across the planet, and any weaknesses are shared immediately.
Social Networks

Thirty Countries Use 'Armies of Opinion Shapers' To Manipulate Democracy (theguardian.com) 181

The governments of 30 countries around the globe are using armies of so called opinion shapers to meddle in elections, advance anti-democratic agendas and repress their citizens, a new report shows. From a report on The Guardian: Unlike widely reported Russian attempts to influence foreign elections, most of the offending countries use the internet to manipulate opinion domestically, says US NGO Freedom House. "Manipulation and disinformation tactics played an important role in elections in at least 17 other countries over the past year, damaging citizens' ability to choose their leaders based on factual news and authentic debate," the US government-funded charity said. "Although some governments sought to support their interests and expand their influence abroad, as with Russia's disinformation campaigns in the United States and Europe, in most cases they used these methods inside their own borders to maintain their hold on power."
Businesses

Germany Is Burning Too Much Coal (bloomberg.com) 431

Several readers share a report: Germany is widely seen as a world leader in the fight against climate change. Thanks to its investments in renewable power, wind and solar energy provide a third of its electricity, more than double the U.S. share. Germany's goal to lower carbon-dioxide emissions 40 percent by 2020 is significantly more ambitious than that of Europe as a whole or the U.S. After the U.S. withdrawal from the Paris climate accord, Chancellor Angela Merkel vowed even greater determination. "We can't wait for the last man on Earth to be convinced by the scientific evidence for climate change," she explained. But there's another, troubling side to the German story: The country still gets 40 percent of its energy from coal, a bigger share than most other European countries. And much of it is lignite, the dirtiest kind of coal. As a result, Germany is set to fall well short of its 2020 goal. This dependence on coal is partly a side effect of Germany's abandonment of emissions-free nuclear power and partly foot-dragging on the part of a government wary of alienating voters in German coal country. During the summer election campaign, Merkel largely avoided the subject.
The Almighty Buck

Study Finds SpaceX Investment Saved NASA Hundreds of Millions (popularmechanics.com) 156

schwit1 shares a report from Popular Mechanics: When a SpaceX Dragon spacecraft connected with the International Space Station on May 25, 2012, it made history as the first privately-built spacecraft to reach the ISS. The Dragon was the result of a decision 6 years prior -- in 2006, NASA made an "unprecedented" investment in SpaceX technology. A new financial analysis shows that the investment has paid off, and the government found one of the true bargains of the 21st century when it invested in SpaceX. A new research paper by Edgar Zapata, who works at Kennedy Space Center, looks closely at the finances of SpaceX and NASA. "There were indications that commercial space transportation would be a viable option from as far back as the 1980s," Zapata writes. "When the first components of the ISS were sent into orbit 1998, NASA was focused on "ambitious, large single stage-to-orbit launchers with large price tags to match." For future commercial crew missions sending astronauts into space, Zapata estimates that it will cost $405 million for a SpaceX Dragon crew deployment of 4 and $654 million for a Boeing Starliner, which is scheduled for its first flight in 2019. That sounds like a lot, and it is, but Zapata estimates that its only 37 to 39 percent of what it would have cost the government.
Medicine

Bill Gates Pledges $100 Million To Find an Alzheimer's Cure, His First Commitment To a Non-communicable Disease (reuters.com) 135

At present, there is no treatment to stop the Alzheimer's. Bill Gates wants to make a sizeable attempt to change that. From a report:He is to invest $50 million in the Dementia Discovery Fund, a venture capital fund that brings together industry and government to seek treatments for the brain-wasting disease. The investment -- a personal one and not part of Gates' philanthropic Bill & Melinda Gates Foundation -- will be followed by another $50 million in start-up ventures working in Alzheimer's research, Gates said. "It's a huge problem, a growing problem, and the scale of the tragedy -- even for the people who stay alive -- is very high," he said. Despite decades of scientific research, there is no treatment that can slow the progression of Alzheimer's. Current drugs can do no more than ease some of the symptoms.
The Military

North Korean Hackers Are Targeting US Defense Contractors (wpengine.com) 144

chicksdaddy quotes Security Ledger: North Korean hackers have stepped up their attacks on U.S. defense contractors in an apparent effort to gain intelligence on weapon systems and other assets that might be used against the country in an armed conflict with the United States and its allies, The Security Ledger is reporting. Security experts and defense industry personnel interviewed by The Security Ledger say that probes and attacks by hacking groups known to be associated with the government of the Democratic People's Republic of Korea (DPRK) have increased markedly as hostilities between that country and the United States have ratcheted up in the last year. The hacking attempts seem to be aimed at gaining access to intellectual property belonging to the companies, including weapons systems deployed on the Korean peninsula.

"As the situation between the DPRK and the US has become more tense, we've definitely seen an increase in number of probe attempts from cyber actors coming out of the DPRK," an official at an aerospace and defense firm told Security Ledger. The so-called "probes" were targeting the company's administrative network and included spear phishing attacks via email and other channels. The goal was to compromise computers on the corporate network... So far, the attacks have targeted "weakest links" within the firms, such as Human Resources personnel and general inquiry mailboxes, rather than targeting technical staff directly. However, experts who follow the DPRK's fast evolving cyber capabilities say that the country may have more up their sleeve.

CNBC also reports that America's congressional defense committees have authorized a last-minute request for $4 billion in extra spending for "urgent missile defeat and defense enhancements to counter the threat of North Korea."

Other countries newly interested in purchasing missile defense systems include Japan, Sweden, Poland, and Saudi Arabia.
Transportation

US Airports Still Fail New Security Tests (go.com) 182

schwit1 quotes ABC News: In recent undercover tests of multiple airport security checkpoints by the Department of Homeland Security, inspectors said screeners, their equipment or their procedures failed more than half the time, according to a source familiar with the classified report. When ABC News asked the source if the failure rate was 80 percent, the response was, "You are in the ballpark." In a public hearing after a private classified briefing to the House Committee on Homeland Security, members of Congress called the failures by the Transportation Security Administration disturbing. Rep. Mike Rogers went as far as to tell TSA Administrator David Pekoske, "This agency that you run is broken badly, and it needs your attention."
Encryption

iPhone Encryption Hampers Investigation of Texas Shooter, Says FBI (chron.com) 240

"FBI officials said Tuesday they have been stymied in their efforts to unlock the cellphone of the man who shot and killed at least 26 people at a church here on Sunday," reports the Houston Chronicle. Slashdot reader Anon E. Muss writes: The police obtained a search warrant for the phone, but so far they've been unable to unlock it. The phone has been sent to the FBI, in the hope that they can break in... If it is secure, and the FBI can't open it, expect all hell to break loose. The usual idiots (e.g. politicians) will soon be ranting hysterically about the evil tech industry, and how they're refusing to help law enforcement.
FBI special agent Christopher Combs complained to the Chronicle that "law enforcement increasingly cannot get in to these phones."

A law professor at the Georgia Institute of Technology argues there's other sources of information besides a phone, and police officers might recognize this with better training. As just one example, Apple says the FBI could've simply just used the dead shooter's fingerprint to open his iPhone. But after 48 hours, the iPhone's fingerprint ID stops working.
United States

H1-B Administrators Are Challenging An Unusually Large Number of Applications (bloomberg.com) 304

Long-time Slashdot reader decaffeinated quotes Bloomberg: Starting this summer, employers began noticing that U.S. Citizenship and Immigration Services was challenging an unusually large number of H-1B applications. Cases that would have sailed through the approval process in earlier years ground to a halt under requests for new paperwork. The number of challenges -- officially known as "requests for evidence" or RFEs -- are up 44 percent compared to last year, according to statistics from USCIS...

"We're entering a new era," said Emily Neumann, an immigration lawyer in Houston who has been practicing for 12 years. "There's a lot more questioning, it's very burdensome." She said in past years she's counted on 90 percent of her petitions being approved by Oct. 1 in years past. This year, only 20 percent of the applications have been processed. Neumann predicts she'll still have many unresolved cases by the time next year's lottery happens in April 2018.

Facebook

This Time, Facebook Is Sharing Its Employees' Data (fastcompany.com) 45

tedlistens writes from a report via Fast Company: "Facebook routinely shares the sensitive income and employment data of its U.S.-based employees with the Work Number database, owned by Equifax Workforce Solutions," reports Fast Company. "Every week, Facebook provides an electronic data feed of its employees' hourly work and wage information to Equifax Workforce Solutions, formerly known as TALX, a St. Louis-based unit of Equifax, Inc. The Work Number database is managed separately from the Equifax credit bureau database that suffered a breach exposing the data of more than 143 million Americans, but it contains another cache of extensive personal information about Facebook's employees, including their date of birth, social security number, job title, salary, pay raises or decreases, tenure, number of hours worked per week, wages by pay period, healthcare insurance coverage, dental care insurance coverage, and unemployment claim records."

Surprisingly, Facebook is among friends. Every payroll period, Amazon, Microsoft, and Oracle provide an electronic feed of their employees' hourly work and wage information to Equifax. So do Wal-Mart, Twitter, AT&T, Harvard Law School, and the Commonwealth of Pennsylvania. Even Edward Snowden's former employer, the sometimes secretive N.S.A. contractor Booz Allen Hamilton, sends salary and other personal data about its employees to the Equifax Work Number database. It now contains over 296 million employment records for employees at all wage levels, from CEOs to interns. The database helps streamline various processes for employers and even federal government agencies, says Equifax. But databases like the Work Number also come with considerable risks. As consumer journalist Bob Sullivan puts it, Equifax, "with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans' personal information ever created." On October 8, a month after Equifax announced its giant data breach, security expert Brian Krebs uncovered a gaping hole in the separate Work Number online consumer application portal, which allowed anyone to view a person's salary and employment history "using little more than someone's Social Security number and date of birth -- both data elements that were stolen in the recent breach at Equifax."

Encryption

DOJ: Strong Encryption That We Don't Have Access To Is 'Unreasonable' (arstechnica.com) 509

An anonymous reader quotes a report from Ars Technica: Just two days after the FBI said it could not get into the Sutherland Springs shooter's seized iPhone, Politico Pro published a lengthy interview with a top Department of Justice official who has become the "government's unexpected encryption warrior." According to the interview, which was summarized and published in transcript form on Thursday for subscribers of the website, Deputy Attorney General Rod Rosenstein indicated that the showdown between the DOJ and Silicon Valley is quietly intensifying. "We have an ongoing dialogue with a lot of tech companies in a variety of different areas," he told Politico Pro. "There's some areas where they are cooperative with us. But on this particular issue of encryption, the tech companies are moving in the opposite direction. They're moving in favor of more and more warrant-proof encryption." "I want our prosecutors to know that, if there's a case where they believe they have an appropriate need for information and there is a legal avenue to get it, they should not be reluctant to pursue it," Rosenstein said. "I wouldn't say we're searching for a case. I''d say we're receptive, if a case arises, that we would litigate."

In the interview, Rosenstein also said he "favors strong encryption." "I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained. "And I'm in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I'm in favor of strong encryption." "This is, obviously, a related issue, but it's distinct, which is, what about cases where people are using electronic media to commit crimes? Having access to those devices is going to be critical to have evidence that we can present in court to prove the crime. I understand why some people merge the issues. I understand that they're related. But I think logically, we have to look at these differently. People want to secure their houses, but they still need to get in and out. Same issue here." He later added that the claim that the "absolutist position" that strong encryption should be by definition, unbreakable, is "unreasonable." "And I think it's necessary to weigh law enforcement equities in appropriate cases against the interest in security," he said.

Businesses

Monopoly Critics Decry 'Amazon Amendment' (thehill.com) 52

schwit1 shares a report from The Hill: The amendment, Section 801 of the National Defense Authorization Act (NDAA), would help Amazon establish a tight grip on the lucrative, $53 billion government acquisitions market, experts say. The provision, dubbed the "Amazon amendment" by experts, according to an article in The Intercept, would allow for the creation of an online portal that government employees could use to purchase everyday items such as office supplies or furniture. This government-only version of Amazon, which could potentially include a few other websites, would give participating companies direct access to the $53 billion market for government acquisitions of commercial products. "It hands an enormous amount of power over to Amazon," said Stacy Mitchell of the Institute for Local Self-Reliance, a research group that advocates for local businesses. Mitchell said that the provision could allow Amazon to gain a monopoly or duopoly on the profitable world of commercial government purchases, leaving smaller businesses behind and further consolidating the behemoth tech firm's power.

schwit1 adds: "Well, this is a two-edged sword, isn't it? Government spends too much and takes too long to buy its simple office needs, but streamlining that process and cutting costs puts more money in the pocket of Jeff Bezos."

Security

WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools (vice.com) 102

An anonymous reader quotes a report from Motherboard: WikiLeaks published new alleged material from the CIA on Thursday, releasing source code from a tool called Hive, which allows its operators to control malware it installed on different devices. WikiLeaks previously released documentation pertaining to the tool, but this is the first time WikiLeaks has released extensive source code for any CIA spying tool. This release is the first in what WikiLeaks founder Julian Assange says is a new series, Vault 8, that will release the code from the CIA hacking tools revealed as part of Vault 7. "This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components," WikiLeaks said in its press release for Vault 8. "Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention." In its release, WikiLeaks said that materials published as part of Vault 8 will "not contain zero-days or similar security vulnerabilities which could be repurposed by others."
Bitcoin

Nearly a Third of Millennials Say They'd Rather Own Bitcoin Than Stocks (bloomberg.com) 312

An anonymous reader quotes a report from Bloomberg: A survey by venture capital firm Blockchain Capital found that about 30 percent of those in the 18-to-34 age range would rather own $1,000 worth of Bitcoin than $1,000 of government bonds or stocks. The study of more than 2,000 people found that 42 percent of millennials are at least somewhat familiar with bitcoin, compared with 15 percent among those ages 65 and up. Bitcoin rose more than 6 percent Wednesday to as much as $7,545, helping to push the value of the total cryptocurrency market above $200 billion for the first time, according to CoinMarketcap. The digital asset has soared more than 600 percent this year, compared with gains of 15 percent for the S&P 500 Index -- which might explain millennials' attraction.

Slashdot Top Deals